Root access to MySQL.com sold for $3k - now serving malware

From the article: "The ultimate irony of this attack is that the owner of mysql.com is Oracle Corp., which also owns Java, a software suite that I have often advised readers to avoid due to its numerous security and update problems."<p>Seriously, I'm not a fan of Java, but still, a software suite?<p>Anyway, it's quite hard taking that article seriously after that.

It seems like they could have done a lot more damage than just serving browser malware. How many mysql installs could they have rooted?

The Armorize screencast embedded in the article is really wonderful. It's concise, full of information, and clear enough to duplicate the steps on your own. A nice 5-minute detective story.

This whole mysql saga was an excellent reminder to turn Java off again. I'd enabled it a few weeks ago for a site that I simply had to use and then promptly forgot to disable it afterwards.

Without actually registering on the site to verify, it looks like that's the Exploit.IN forum.

I've never seen a $$ number associated with these things, but really? Only $3K?<p>Apparently, I would have overbid if I were in the market for such things.

Why is it that Flash is so exploitable? The web is rampant with Flash exploits and Adobe seems to do nothing about it.

I went to mysql.com this morning and Symantec popped up with a "malware detected" message. Do we know which browsers are vulnerable, and how to tell whether I'm infected?

<a href="http://exploit.in/forum/" rel="nofollow">http://exploit.in/forum/</a>

Great..! Now nobody will visit MySQL page and the downloads number will do down significantly. Yet another way to kill a community product!!