Security

(More) Secure local passwords in MySQL 5.6 and up

I log into a lot of different servers running MySQL and one of the first things I do is create a file in my home directory called ‘.my.cnf’ with my credentials to that local mysql instance:

Shell

[client]
user=root
password=secret

123

[client]user=rootpassword=secret

This means I don’t have to type my password in every time, nor am I tempted to include it […]

Read more

How to close POODLE SSLv3 security flaw (CVE-2014-3566)

Padding Oracle On Downgraded Legacy Encryption
First off, the naming “convention” as of late for security issues has been terrible. The newest vulnerability (CVE­-2014-3566) is nicknamed POODLE, which at least is an acronym and as per the header above has some meaning.
The summary of this issue is that it is much the same as the earlier […]

Read more

Database auditing alternatives for MySQL

Database auditing is the monitoring of selected actions of database users. It doesn’t protect the database in case privileges are set incorrectly, but it can help the administrator detect mistakes.
Audits are needed for security. You can track data access and be alerted to suspicious activity. Audits are required for data integrity. They are the […]

Read more

Heartbleed: Separating FAQ From FUD

If you’ve been following this blog (my colleague, David Busby, posted about it yesterday) or any tech news outlet in the past few days, you’ve probably seen some mention of the “Heartbleed” vulnerability in certain versions of the OpenSSL library.
So what is ‘Heartbleed’, really?
In short, Heartbleed is an information-leak issue. An attacker can exploit […]

Read more

Database security: Why should you review yours?

Ah database security… the black sheep of topics and something you would really rather not have to deal with right?
I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage … that must be it … it just has to […]

Read more