by David Busby | Jan 14, 2016 | MySQL, Security
Earlier today advisories were sent out regarding OpenSSH versions 5.4 through 7.1., informing users about a security bug in the software. In essence, the advisory instructed people to add the UseRoaming no option to their ssh_config file, with a promise... by David Busby | Oct 29, 2015 | MySQL
Symantec published a blog post yesterday regarding MySQL and the Trojan.Chikdos.A as can be seen hereThe Symantec post gives detail into the behavior of the Trojan and it’s effects on the Windows system registry, yet gives little detail as to how the required... by David Busby | May 18, 2015 | MySQL, Security
We have recently become a member of oCERT to aid in allowing responsible disclosure for Percona products and services as can be seen on their members page.We are presently working on the verbiage for the responsible disclosure program, and we are also investigating... by David Busby | May 6, 2015 | MySQL, Security
Contents Summary Analysis Mitigating factors P.O.C AcknowledgmentsSummary During a code audit performed internally at Percona, we discovered a viable information disclosure attack when coupled with a MITM attack in which percona-toolkit and xtrabackup perl components... by David Busby | Mar 5, 2015 | MySQL, Security
The CVE-2015-0204 FREAK SSL vulnerability abuses intentionally weak “EXPORT” ciphers which could be used to perform a transparent Man In The Middle attack. (We seem to be continually bombarded with not only SSL vulnerabilities but the need to name... by David Busby | Jan 29, 2015 | MySQL, Security
Cloud security company Qualys announced Tuesday the issues prevalent in glibc since version 2.2 introduced in 2000-11-10 (the complete Qualys announcement may be viewed here). The vulnerability, CVE-2015-0235, has been dubbed “GHOST.”As the announcement... by David Busby | Dec 23, 2014 | Insight for DBAs, MySQL, Security
This is a long overdue blog post from London’s 44con Cyber Security conference back in September. A lot of old memories were brought to the front as it were; the one I’m going to cover in this blog post is: file carving.So what is file carving?... by David Busby | Oct 15, 2014 | MySQL, Security
Padding Oracle On Downgraded Legacy Encryption First off, the naming “convention” as of late for security issues has been terrible. The newest vulnerability (CVE-2014-3566) is nicknamed POODLE, which at least is an acronym and as per the header... by David Busby | Sep 26, 2014 | MySQL
The media train is in full steam today over the the CVE-2014-6271 programming flaw, better known as the “Bash Bug” or “Shellshock” – the original problem was disclosed on Wednesday via this post. Firstly this issue exploits bash... by David Busby | Jul 18, 2014 | Insight for DBAs, MySQL, Percona Services
The Percona Managed Services team recently faced a somewhat peculiar client issue. We’d receive pages about their MySQL service being unreachable. However, studying the logs showed nothing out of the ordinary…. for the most part it appeared to be a... by David Busby | May 16, 2014 | Benchmarks, Insight for DBAs, MySQL
Github user Adrianlzt provided a python-twisted alternative version of pyclustercheck per discussion on issue 7.Due to sporadic performance issues noted with the original implementation in SimpleHTTPserver, the benchmarks which I’ve included as part of the... by David Busby | Apr 8, 2014 | Insight for DBAs, MySQL
The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in 1.0.1 1.0.1a 1.0.1b 1.0.1c 1.0.1d 1.0.1e 1.0.1fThe bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL some sources report 1.0.2-beta is also affected... by David Busby | Mar 25, 2014 | MySQL, Percona Live, Security
Ah database security… the black sheep of topics and something you would really rather not have to deal with right?I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage …... by David Busby | Sep 18, 2013 | Benchmarks, Hardware and Storage, Insight for DBAs, Insight for Developers, MySQL, Percona Events, Percona Live
With the close of call for papers earlier this month, the Percona Live London conference committee was in full swing this past week reviewing all of the many submissions for November’s Percona Live London MySQL Conference.The submissions are far ranging and... by David Busby | Feb 11, 2013 | MySQL
One of our Remote DBA service clients recently had an issue with size on disk for a particular table; in short this table was some 25 million rows of application audit data with an on disk size of 345GB recorded solely for the purposes of debugging which may...