Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - WinZip distributes infected 18.5 update

VMB74 writes: Paying WinZip customers received an e-mail notification of the Free Upgrade to WinZip 18.5 availability yesterday. The e-mail included a link to the following site:
http://www.winzip.com/en/landi...

Clicking the Get Update button downloads a 802K winzip180xp.exe executable which installs nothing more than a Rocket PUP. Please do not try to run the downloaded winzip180xp.exe on a useful Windows machine you care about. Cleanup is very time consuming.

Here are the VirusTotal scan results:
https://www.virustotal.com/en/...

And the most amazing part is the response of the WinZip technical support which I provided with all technical details. Here it comes in full, in the original formatting, and with the original spelling:

"Hi, I am writing in response to your message:

Thank you for your inquiry.

This is the false positive warning message from Windows or Antivirus application when you are downloading any executable(.exe) files. The WinZip application setup file and other downloads from WinZip download page are safe and does not contains any Virus, malware etc.

Please temporarily disable the your Antivirus application and complete the download of WinZip application Setup file. After completing the download, Please enable your Antivirus application.

Thanks,
Mukesh, WinZip Customer Support"

Submission + - Should Billionaire-Backed Code.org Pay Its Interns?

theodp writes: Code.org's Corporate and Founding Donors page reads like a Who's Who of the world's wealthiest corporations and individuals. But a job posting entitled Marketing / Communications Intern (Seattle only, part-time, unpaid, Sept-Dec) (screenshot) makes it clear that no portion of the tax-deductible donations will trickle down to the successful candidate, who will be required to put in an unpaid 10-20 hours/week "under pressure" in a "fast-paced environment" for four months "assisting marketing efforts for December’s global Hour of Code campaign, coordinating prize packages, managing partner commitments and events in databases and researching media prospects." So, does this count as one of the "high-paying jobs" provided by the computing revolution that Code.org supporters told California Governor Jerry Brown about last May in a letter touting the Hour of Code? Perhaps Code.org is just trying to be frugal — after all, it's requiring K-12 teachers from school districts in Chicago, New York City, Boston, and Seattle to report to the presumably rent-free offices of Corporate Donors Google, Microsoft, and Amazon to be re-educated on how Computer Science should be taught.

Submission + - YouTube's new music service is shortchanging independent acts

mrspoonsi writes: A European group by the name of Impala that represents the continent's independent artists and labels, says that indies are being presented with non-negotiable contracts to join the service. What's more, if the artists don't sign to "probably the lowest rates in the business," the videos that they've posted to their YouTube channels will reportedly be blocked from the site entirely. A musician (understandably) not playing ball with Google's video wing hurts everyone involved, all the way down to the end user. If Impala isn't familiar, you've almost assuredly heard of its artists: Jack White, Adele, M.I.A., Royksopp, Arctic Monkeys, and The National, to name a few.

Submission + - TrueCrypt is dead? What now? 7

Archeron writes: A colleague visited Truecrypt.org today and brought this to my attention. All the links are gone and the front page contains the message:
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP." It goes on to list migration instructions. Is this the end for our beloved open source, multi-platform crypto solution? The question is what now? Planned forks? Any recommendations for freely available, open and multi-platform solutions that will allow for moving storage devices from Linux -> Windows -> Mac?

Submission + - Google Starts Blocking Extensions Not In The Chrome Web Store

An anonymous reader writes: Google has begun blocking local Chrome extensions to protect Windows users. This means that as of today, extensions can be installed in Chrome for Windows only if they’re hosted on the Chrome Web Store. Furthermore, Google says extensions that were previously installed “may be automatically disabled and cannot be re-enabled or re-installed until they’re hosted in the Chrome Web Store.” The company didn’t specify what exactly qualifies the “may” clause, though we expect it may make exceptions for certain popular extensions for a limited time. Google is asking developers to reach out to it if they run into problems or if they “think an extension was disabled incorrectly.”

Submission + - Parenting Rewires the Male Brain (sciencemag.org) 1

sciencehabit writes: Cultures around the world have long assumed that women are hardwired to be mothers. But a new study suggests that caring for children awakens a parenting network in the brain—even turning on some of the same circuits in men as it does in women. The research implies that the neural underpinnings of the so-called maternal instinct aren't unique to women, or activated solely by hormones, but can be developed by anyone who chooses to be a parent.

Submission + - Uk to end net neutrality (dailydot.com)

An anonymous reader writes: The uk government is planning on vetoing the EU legislation that enforces net neutrality under the guise of "won't anyone think of the child pornography blocking?" again.

Submission + - LibreSSL Update (openbsd.org)

the_B0fh writes: Bob Beck reports on the progress the OpenBSD team has made on LibreSSL. Some highlights:

Code was horrible. Nobody wanted to touch it. OpenSSL Foundation appears to be a million dollar a year for-profit company doing FIPS consulting. Bugs rot for years in bug tracker. ROP coding function — allows you to jump to any arbitrary address — ROP coder's wet dream! Current third party ports are all insecure. Need funding. Linux Foundation has not committed to support LibreSSL.

Comment Re:Fuzz Testing. Next! (Score 1) 116

They are all tools that can be applied to improve the quality of the code. No one thing is "The Solution".

* Test Driven Development (TDD) is a good approach to ensure that the code you write is testable. This will not work for things like UI code, but other code will benefit.

* Unit Tests can either be developed via a TDD-like approach (easier to do), or after the code is written (harder to do).

* Automated Regression Tests (a superset of Unit Tests) provide good coverage for ensuring code works as expected without involving a large manual testing team. These will only detect the things covered by the automated tests.

* Static Code Analysis tools can pick up a lot of problem areas, but will not detect every problem. These results can be used to identify what tests need to be created to prevent future regression.

* Fuzz testing is good at providing strange data to e.g. a protocol or file format parser. These are intended to be soak tests -- e.g. "does my regular expression parser handle all these strange and possibly invalid constructs". Fuzz testing would have most likely found the heartbleed bug (because it would have permutated the length of data to request). Any failures here should be converted to Unit/Regression tests to ensure that the problem is (a) fixed by any code changes made and (b) does not occur in the future. Fuzz testing will typically find hard to identify bugs (e.g. data races) that are not easy to identify from manually constructed tests or static analysis.

* Manual/ad hoc testing is important as it can uncover bugs that the developers are not aware of.

* Code and Security Reviews help identify potential issues (e.g. if you have someone knowledgeable about SQL injection, they can assess whether some code is vulnerable to that attack).

None of these is a silver bullet, but the more you have the better the code will be.

Submission + - British government willing to block EU net neutrality deal (buzzfeed.com)

An anonymous reader writes: The British government has said it will block the EU's recently signed net neutrality deal if it stops it censoring the internet. The European Parliament passed net neutrality legislation last month, but member state governments have to sign off the plan before it can become law.

Submission + - Australian government devastates game industry (digitallydownloaded.net)

angry tapir writes: Australia's new conservative government has just handed down its first budget, which includes stripping all funding from the Interactive Games Fund which helps fund the development of video games in the country. The games industry in Australia has had a rough time, with some big names, such as Team Bondi shutting down over the last half decade (that last link is from 2011 and notes that even then the industry was in dire straits).

Submission + - Columbus ship "Santa Maria" has been found near Haiti after 500 Years

rtoz writes: The British Newspaper The Independent has reported that a team led by underwater archaeological explorer Barry Clifford found the wreck of the Christopher Columbus' flagship, the Santa Maria which sank in 1492.

"All the geographical, underwater topography and archaeological evidence strongly suggests that this wreck is Columbus’ famous flagship, the Santa Maria," said Barry Clifford.

Santa María was the largest of the three ships used by Christopher Columbus in his first voyage.

The Santa Maria was built at some stage in the second half of the 15 century in northern Spain’s Basque Country. In 1492, Columbus hired the ship and sailed in it from southern Spain’s Atlantic. After 37 days, Columbus reached the Bahamas. But after few weeks Santa Maria drifted at night onto a reef off the northern coast of Haiti and had to be abandoned.

Submission + - UK ISPs to send non-threatening letters to pirates (bbc.co.uk)

echo-e writes: A deal has been made between groups representing content creators and ISPs in the UK concerning how the ISPs should respond to suspected illegal file sharers. In short, the ISPs will send letters or emails with an "educational" rather than threatening tone, alerting users to legal alternatives. The rights holders will be notified of the number of such alerts that have been sent out, but only the ISPs will know the identity of the offenders. Only four of the UKs ISPs have agreed to the "Voluntary Copyright Alert Programme" so far, but the remaining ISPs are expected to join the programme at a later stage. The debate between rights holders and ISPs has raged on for years. This agreement falls short of the of the proposals put forward by the rights holders groups, but the ISPs have argued that it is not their responsibility to police users and that a legal process already exists for going after individuals.

Submission + - McAfee accused of McSlurping Open Source Vulnerability Database (theregister.co.uk)

mask.of.sanity writes: Intel security subsidiary McAfee may be in hot water after it allegedly scraped thousands of records from the Open Source Vulnerability Database instead of paying for them. The slurp was said to be conducted using fast scripts that rapidly changed the user agent, and was launched after McAfee formally inquired about purchasing a license to the data. Law experts say site's copyright could be breached by individuals merely downloading the information in contravention to the site's policies, and did not require the data to be subsequently disseminated.

Slashdot Top Deals

Counting in binary is just like counting in decimal -- if you are all thumbs. -- Glaser and Way

Working...