Security Bytes: MySQL upgrade urged to fix flaw

Internet turns 35; federal computers used as spam relays; XP SP2 a bigger pain for smaller companies.

MySQL users urged to upgrade to fix flaw
Users of MySQL, a popular open-source multithreaded, multiuser SQL database server, are being urged to upgrade to the latest version (4.0.20-r1) to correct a flaw that could allow an attacker to overwrite important data or corrupt and destroy system files, possibly leading to a denial of service. According to a Gentoo Linux advisory, "the MySQL database hot copy utility (mysqlhotcopy.sh), when using the scp method, uses temporary files with predictable names. A malicious local user with write-access to the /tmp directory could create a symbolic link pointing to a file, which may then be overwritten. In cases where mysqlhotcopy is run as root, a malicious user could create a symlink to a critical file such as /etc/passwd and cause it to be overwritten." There is no known workaround; all MySQL users should upgrade to the latest version.

Light a candle for the Internet
The birth of present-day Internet began exactly 35 years ago today. What began as a university experiment and military project called ARPANET has transformed the way companies do business today. But despite all the advances made by the Internet, now run by the commercial sector, it still has some growing up to do, its founders admit. While resources are being used to improve the speed and quality of data exchanges, more emphasis is needed to reduce spam and security problems that now plague the Net, according to the Associated Press.

Federal computers commandeered by crackers
The latest find in a recent federal cybercrime crackdown: Hundreds of Pentagon and U.S. Senate computers are being used to relay spam and in phishing schemes, according to USA Today. While millions of home and school PCs have been hijacked by hackers to launch attacks and spread spam, the U.S. defense and congressional spin is a new wrinkle in Operation Web Snare. Authorities are trying to crack down on the mechanisms by which spam, and phishing in particular, is spawned.

XP SP2 bigger headache for smaller companies
While new research suggests 1 in 10 computers will have compatibility issues with the XP SP2 update, the problem will be worse for companies with less than 100 installations. Canada-based AssetMetrix, which provides IT infrastructure management, said smaller businesses have a 12% incompatibility rate, while only 6% of larger companies face the same deployment dilemma. An AssetMetrix executive told NewsFactor smaller companies have a wider variety of applications and lesser-known programs that aren't compatible with new features in the service pack. Microsoft's identified 60 applications that must be modified to work with SP2.

Read more on IT for small and medium-sized enterprises (SME)