Sophos: Training course e-mails are a scam
Computer users should be wary of unsolicited e-mails offering training and well-paid jobs in the financial sector, Lynnfield, Mass.-based antivirus firm Sophos warned. Researchers in the company's lab have discovered a campaign by a group of Russian spammers that poses as a training course that will lead to a job with the financial institution Credit Suisse. The goal: defraud innocent people out of their savings. The e-mails, which claim to come from Credit Suisse, offer a free two-week training course over the Web. Once the course is complete, the e-mail claims, trainees will have "graduated." But the e-mails and associated Web site are fake; and users who sign-up for the course may be asked to transfer money from their bank accounts as one of the "lessons." "Scammers are getting more and more sophisticated in the way in which they attempt to steal money from innocent Internet users," Graham Cluley, senior technology consultant for Sophos, said in a company statement. "This campaign involves luring people who may wish to generate an income from home into signing up for a fake training course that may teach them a very expensive lesson."
Gentoo fixes Cherokee flaws
Gentoo recommends users of the Cherokee Web server upgrade to the latest version to close a security hole an attacker could use to cause a denial of service or launch malicious code. The Linux vendor said the problem is a high-impact, remotely exploitable format string vulnerability in the cherokee_logger_ncsa_write_string() function. "Using a specially crafted URL when authenticating via auth_pam, a malicious user may be able to crash the server or execute arbitrary code on the target machine with permissions of the user running Cherokee," Gentoo said in its advisory. "There is no known workaround at this time. All Cherokee users should upgrade to the latest version."
Mandrakesoft fixes gaim, mpg123 flaws
Mandrakesoft has updated gaim to fix a vulnerability attackers could use to trigger an internal buffer overflow, crash machines and launch malicious code. "A vulnerability in the MSN protocol handler in the gaim instant messenger application was discovered," Mandrakesoft said in an advisory. "When receiving unexpected sequences of MSNSLP messages, it is possible that an attacker could trigger an internal buffer overflow, which could lead to a crash or even code execution as the user running gaim. The updated packages are patched to fix this problem. This problem does not affect Mandrakelinux 10.0 installations."
Mandrakesoft also has fixed two buffer overflow vulnerabilities in mpg123; the first in the getauthfromURL() function and the second in the http_open() function. "These vulnerabilities could be exploited to possibly execute arbitrary code with the privileges of the user running mpg123," the Linux vendor said in an advisory. "Packages are patched to fix these issues [and] additional boundary checks that were lacking have been included. The issue affects Mandrake Corporate Server 2.x, Mandrakelinux 10.0 and Mandrakelinux 10.1.
Tomahawk IPS tester goes open source
Texas-based intrusion prevention systems provider Tipping Point Technologies Inc. this week released its Tomahawk testing tool to the open source community. The company maintains the tool simulates a real network under attack to evaluate its IPS system and network, using a mixture of protocols, for throughput, latency and security accuracy. In a prepared statement, Tipping Point said it's releasing its 2-year-old tool to the public, in part, to help promote the IPS market in the freeware world. "Be enabling users to evaluate security, performance and usability in real-world environments, we believe it will accelerate the adoption of intrusion prevention and confirm its necessity in today's threat environment," said CEO Marc Willebeek-LeMair.