Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Re:That's sorta up to you; (Score 2) 314

Basically agree with this. However, you were able to learn, among other things, Java, Spring, Hibernate... in a year, with no prior real programming experience. That's great. Nevertheless, experience plays an important role in programming, because there are some many different fields that are always linked in some way (eg, you learned Java and do not have to care about C pointers, memory allocation - however knowing how all of that works under the hood (ie like knowing C well) gives a huge advantage when it comes to create structures, guessing the complexity of algorithms etc... As a beginner you will reinvent the wheel a lot... and this is what usually do the young beginners - and that's good because at that age, one is eager to learn, to spend a lot of time on algorithm details etc... Will you?

Don't know about your background, but if by chance you have a degree in mathematics, or if you like (and succeed at) puzzles, riddles ... you get immediately an advantage over the majority of programmers (experienced or not). Most of programmers can produce a very bad code as soon as an algorithm that is a bit more complex than what's done during the daily routine is required - that represents maybe 1% of the programs, in size, but may weight 99% in terms of complexity, efficiency, maintainability etc...

Submission + - Microsoft IE8 hit by Zero Day flaw (esecurityplanet.com)

SternisheFan writes: Microsoft IE 8 Hit by Zero Day Flaw New zero day flaw in IE8 is identified as being the root cause of attack against the U.S. government. By Sean Michael Kerner | May 06, 2013

Microsoft's security teams are scrambling in the light of a new zero day attack against its Internet Explorer Web browser that has already hit the U.S. Department of Labor. Microsoft issued an advisory late Friday, warning of a critical flaw in IE 8 that could lead to a remote code execution attack. The flaw only impacts IE 8, according to Microsoft and does not affect IE 6, 7, 9 or 10. "In the latest watering hole attack against Department of Labor (DoL), our research indicates a new IE zero-day is used in this watering hole attack, although some other vendors claim they are using known vulnerabilities," Fireeye researcher Yichong Lin wrote in a blog post last week. As it turns out, Lin and Fireeye were right. Microsoft credited the security firm with helping to alert them to the flaw. "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft warns in its advisory. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer." Watering Hole Attack

The attack involves a so-called watering hole scenario in which a user visits a site and is then unknowingly redirected to download malware.

According to Symante's advisory on the issue, the new IE 8 zero day is similar in nature to a vulnerability that Microsoft patched with the MS13-008 update in January of this year. That update was also a zero-day flaw that was identified by Fireeye as a watering hole attack risk. The MS13-008 patch was an out-of-band update and was not issued as part of the normal Patch Tuesday update cycle.

Microsoft's regularly scheduled Patch Tuesday update is next week, though it's not clear at this point if the new zero day will be part of that update.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," Microsoft stated in its advisory.

In addition to the new zero day, Microsoft has yet to patcha pair of flaws first reported during the Pwn2own hacking challenge in March of this year.

Mitigations against the new zero day include upgrading to newer versions of IE, including IE 9 or 10. Multiple IPS vendors have also released new rules to help detect the attack.

Tim Erlin, director of IT security and risk strategy for Tripwire, warned that in regard to the Department of Labor attack, however, it's very difficult to defend against an unknown vulnerability exploited through a third party.

"The attackers clearly knew that this vulnerability existed in IE8, and that IE8 is the most widely used browser in general," Erlin said. "Did they also know that it’s the most widely used at the Department of Labor or was that just a ‘lucky’ accident?"

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter

Slashdot Top Deals

Basic is a high level languish. APL is a high level anguish.

Working...