[cumbria_lug] The next Meeting

[Luke Antins]

I'll see what I can do.

Regarding the MySQL bug below...
If your application is showing the encrypted passwords for whatever reason
your silly, if you do need to show the encrypted passwords id like to know
why!

--
Kind Regards
Luke Antins

On Wed, 28 May 2003, Ian Linwood wrote:

> Hello ,
>
> >The next meeting is currently scheduled for the 12th June
> 2003 at >19:00, to be held at 21 Duke Street (Bar 21?)  in Whitehaven.
>
> Sounds good to me. Went well the last time. The Cooper loved the run!
> Managed to avoid the speed traps...
>
> > It's an informal meeting, and there's no 'net connectivity (that we
> >know of).
>
> Lets face it, at the end of a day in front of the damn things, a beer
> and a chat is a MUCH nicer proposition!
>
> Proposition 2: anybody turns up with geeky kit gets my Guinness poured
> over them. Lets be human beings for an evening.
>
> Proposition 3: Can the next one be arranged on a Fri? I'd then book a
> B&B and make a night of it :-). I'm willing to travel, and go
> to the expense of B&B, you lot can get a taxi home. Party!
>
> Luke,
> Will you be there on the 12th? Look forward to meeting you, if
> you are. Maybe we could discuss this;
> Software: MySQL 3.x MySQL 4.x
> Description:
> A weakness has been identified in the way that MySQL
> encrypts passwords when storing them. The problem is that passwords,
> which are stored in a table using PASSWORD(), are encrypted in a way
> that can be brute forced at a great speed. This allows malicious
> people, who has retrieved passwords from the database, to brute force
> an eight character password in a matter of hours. A tool is available
> to exploit this.
>
> Solution:
> Passwords used for MySQL accounts should
> not be used on other systems.
>
> ROFL - hard coded insecurity!
>
> --
> Best regards,  Ian
>
>
> _______________________________________________
> Cumbria mailing list
> Cumbria@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/cumbria
>