EmergencyEMERGENCY? Get 24/7 Help Now!

MySQL password expiration features to help you comply with PCI-DSS

 | February 4, 2016 |  Posted In: MySQL 5.7, Security

database security

PCI Compliance (section 8.2.4) requires users to change password every 90 days. Until MySQL 5.6.6 there wasn’t a built-in way to comply with this requirement. Since MySQL version 5.6.6 there’s a password_expired feature which allows to set a user’s password as expired. This has been added to the mysql.user table and its default value it’s […]

Read More

OpenSSH CVE-2016-0777: Details and Mitigation

 | January 14, 2016 |  Posted In: MySQL, Security

OpenSSH

Earlier today advisories were sent out regarding OpenSSH versions 5.4 through 7.1., informing users about a security bug in the software. In essence, the advisory instructed people to add the   UseRoaming no option to their ssh_config file, with a promise for further information to be made available shortly.   Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" […]

Read More

Tips for avoiding malware from a lesson learned

 | June 26, 2015 |  Posted In: Security

In a recent article on the Percona blog, I recommended readers to a tool called CamStudio for making technical screen recordings. The blog post was very popular and got 300+ Facebook likes in a short time. Providentially though, a reader commented that the installer (as downloaded from the project website) installed “pretty annoying adware on […]

Read More

Percona security update: oCERT and SSL improvements

 | May 18, 2015 |  Posted In: MySQL, Security

We have recently become a member of oCERT to aid in allowing responsible disclosure for Percona products and services as can be seen on their members page. We are presently working on the verbiage for the responsible disclosure program, and we are also investigating establishing a bug bounty program. In the mean time you can […]

Read More

Percona Security Advisory CVE-2015-1027

 | May 6, 2015 |  Posted In: MySQL, Security

Contents Summary Analysis Mitigating factors P.O.C Acknowledgments Summary During a code audit performed internally at Percona, we discovered a viable information disclosure attack when coupled with a MITM attack in which percona-toolkit and xtrabackup perl components could be coerced into returning additional MySQL configuration information. The vulnerability has since been closed. Timeline 2014-12-16 Initial research, […]

Read More

How to test if CVE-2015-0204 FREAK SSL security flaw affects you

 | March 5, 2015 |  Posted In: MySQL, Security

The CVE-2015-0204 FREAK SSL vulnerability abuses intentionally weak “EXPORT” ciphers which could be used to perform a transparent Man In The Middle attack. (We seem to be continually bombarded with not only SSL vulnerabilities but the need to name vulnerabilities with increasing odd names.) Is your server vulnerable? This can be tested using the following GIST […]

Read More

GHOST vulnerability (CVE-2015-0235) Percona response

 | January 29, 2015 |  Posted In: MySQL, Security

Cloud security company Qualys announced Tuesday the issues prevalent in glibc since version 2.2 introduced in 2000-11-10 (the complete Qualys announcement may be viewed here). The vulnerability, CVE-2015-0235, has been dubbed “GHOST.” As the announcement from Qualys indicates, it is believed that MySQL and by extension Percona Server are not affected by this issue. Percona […]

Read More

File carving methods for the MySQL DBA

 | December 23, 2014 |  Posted In: Insight for DBAs, MySQL, Security

This is a long overdue blog post from London’s 44con Cyber Security conference back in September. A lot of old memories were brought to the front as it were; the one I’m going to cover in this blog post is: file carving. So what is file carving? despite the terminology it’s not going to be a […]

Read More

(More) Secure local passwords in MySQL 5.6 and up

 | November 25, 2014 |  Posted In: MySQL, Security

I log into a lot of different servers running MySQL and one of the first things I do is create a file in my home directory called ‘.my.cnf’ with my credentials to that local mysql instance:

This means I don’t have to type my password in every time, nor am I tempted to include […]

Read More

Percona’s widely read Percona Data Performance blog highlights our expertise in enterprise-class software, support, consulting and managed services solutions for both MySQL® and MongoDB® across traditional and cloud-based platforms. The decades of experience represented by our consultants is found daily in numerous and relevant blog posts.

Besides specific database help, the blog also provides notices on upcoming events and webinars.
Want to get weekly updates listing the latest blog posts? Subscribe to our blog now! Submit your email address below and we’ll send you an update every Friday at 1pm ET.

No, thank you. Please do not ask me again.