Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Researcher Finds Tor Exit Node Adding Malware to Downloads

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services.

Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. Downloading any kind of file from the Internet is a dodgy proposition these days, and many users know that if they’re downloading files from some random torrent site in Syria or The Marshall Islands, they are rolling the dice. Malware runs rampant on these kinds of sites.

But the scenario that worries security experts much more involves an attacker being able to control the download mechanism for security updates, say for Windows or OS X. If an attacker can insert malware into this channel, he could cause serious damage to a broad population of users, as those update channels are trusted implicitly by the users’ and their machines. Legitimate software vendors typically will sign their binaries and modified ones will cause verification errors. What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code.

In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators.

“SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted,” he said via email."

+ - Tetris - how fast can you get 100% code coverage?->

Submitted by Anonymous Coward
An anonymous reader writes "We were somewhat surprised and shocked to discover that Tetris turned 30 this year. As our own celebration of this classic game, we've added our own twist to it: you can now measure the structural code coverage as you play. There is a download link to this at the bottom of this blog post.

We've built a subset of RapiCover into a Tetris executable. This displays four different types of code coverage metrics, which are updated as you play:

Function coverage. Has each function in the program been called?
Statement coverage. Has each statement in the program been executed?
Decision coverage. Has each branch of each decision been executed?
Modified condition/decision coverage (MC/DC). Each condition should affect the decision outcome independently (An introduction to modified condition/decision coverage). This type of coverage is typically required for the most critical safety software (see for example DO-178B, DO-178C or ISO 26262 standards/guidelines for aerospace and automotive)."

Link to Original Source

+ - Google Search Finally Adds Information About Video Games

Submitted by Anonymous Coward
An anonymous reader writes "Google has expanded its search engine with the capability to recognize video games. If your query references a game, a new Knowledge Graph panel on the right-hand side of Google’s search results page will offer more information, including the series it belongs to, initial release date, supported platforms, developers, publishers, designers, and even review scores. Google spokesperson: “With today’s update, you can ask questions about video games, and (while there will be ones we don’t cover) you’ll get answers for console and PC games as well as the most popular mobile apps.”"

Any program which runs right is obsolete.

Working...