Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Symantec Antivirus Products Vulnerable To Horrid Overflow Bug (zdnet.com) 79

An anonymous reader writes: Tavis Ormandy of Google's Project Zero team has discovered a vulnerability in Symantec Antivirus Engine. The said engine is vulnerable to a buffer overflow when parsing malformed portable-executable (PE) header files, reports ZDNet. "Such malformed PE files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site," Symantec said. "No user interaction is required to trigger the parsing of the malformed file." For Linux, OS X, and other Unix-like systems, the exploit results in a remote heap overflow as root in the Symantec or Norton process, Ormandy said in the Project Zero issue tracker. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get," he said.The vulnerability, if exploited, results in kernel memory corruption without user action and instant blue-screening on Windows.
Software

Bad Software Runs the World 349

whitroth tips a story at The Atlantic by James Kwak, who bemoans the poor quality of software underpinning so many important industries. He points out that while user-facing software is often well-polished, the code running supply chains, production lines, and financial markets is rarely so refined. From the article: "The underlying problem here is that most software is not very good. Writing good software is hard. There are thousands of opportunities to make mistakes. More importantly, it's difficult if not impossible to anticipate all the situations that a software program will be faced with, especially when — as was the case for both UBS and Knight — it is interacting with other software programs that are not under your control. It's difficult to test software properly if you don't know all the use cases that it's going to have to support. There are solutions to these problems, but they are neither easy nor cheap. You need to start with very good, very motivated developers. You need to have development processes that are oriented toward quality, not some arbitrary measure of output."
Programming

Learning Programming In a Post-BASIC World 510

ErichTheRed writes "This Computerworld piece actually got me thinking — it basically says that there are few good 'starter languages' to get students interested in programming. I remember hacking away at BASIC incessantly when I was a kid, and it taught me a lot about logic and computers in general. Has the level of abstraction in computer systems reached a point where beginners can't just code something quick without a huge amount of back-story? I find this to be the case now; scripting languages are good, but limited in what you can do... and GUI creation requires students to be familiar with a lot of concepts (event handling, etc.) that aren't intuitive for beginners. What would you show a beginner first — JavaScript? Python? How do you get the instant gratification we oldies got when sitting down in front of the early-80s home computers?"

Slashdot Top Deals

It is masked but always present. I don't know who built to it. It came before the first kernel.

Working...