Malicious hackers have launched a zero-day bot attack against default Windows installations of the MySQL database engine, infecting vulnerable systems at the rate of 100 per minute, security experts warned on Thursday.
One-hundred systems per minute.
The good news is if you use strong root passwords, you should be safe.
The SANS ISC recommends that MySQL users select a strong password for the "root" account on Windows installations. Administrators should also set up restricted access to root accounts and apply firewall rules to make sure MySQL servers are not exposed to attackers.
This is really a no-brainer, but it seems that some still think these rules don't apply to them. The responsible users, on the other hand, have long since realized that if you are not part of the solution, you are part of the problem - perfectly illustrated with this incident.
I often wonder why some people continue to run windows. This is actually not a direct crack at MS, so bear with me. I have encountered individuals who run MySQL, cygwin for bash scripts, PHP, and Apache all on their windows box. What? I know, its crazy.
Interestingly, these are often the same people who continue to ignore security concerns, and who will eventually ruin the internet for the rest of us.
01/27/05: MySQL 'Bot' Attacks Windows Systems
One-hundred systems per minute. The good news is if you use strong root passwords, you should be safe.
This is really a no-brainer, but it seems that some still think these rules don't apply to them. The responsible users, on the other hand, have long since realized that if you are not part of the solution, you are part of the problem - perfectly illustrated with this incident.
I often wonder why some people continue to run windows. This is actually not a direct crack at MS, so bear with me. I have encountered individuals who run MySQL, cygwin for bash scripts, PHP, and Apache all on their windows box. What? I know, its crazy. Interestingly, these are often the same people who continue to ignore security concerns, and who will eventually ruin the internet for the rest of us.