Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

Bug

Windows 8.1 Update Crippling PCs With BSOD, Microsoft Suggests You Roll Back 296

Posted by samzenpus
from the back-to-the-old dept.
MojoKid writes Right on schedule, Microsoft rolled-out an onslaught of patches for its "Patch Tuesday" last week, and despite the fact that it wasn't the true "Update 2" for Windows 8.1 many of us were hoping for, updates are generally worth snatching up. Since the patch rollout, it's been discovered that four individual updates are causing random BSoD issues for its users, with KB2982791, a kernel-mode related driver, being the biggest culprit. Because of the bug's severity, Microsoft is recommending that anyone who updated go and uninstall a couple of the specific updates, or rollback using Windows Restore. You can uninstall these updates in much the same way you uninstall any app; the difference is that once you're in the "Programs and Features" section, you'll need to click on "View installed updates" on the left. While it's mostly recommended that you uninstall 2982791, you may wish to uninstall the others as well, just in case.
Bug

Microsoft Black Tuesday Patches Bring Blue Screens of Death 179

Posted by timothy
from the but-wait-for-the-patch dept.
snydeq (1272828) writes "Two of Microsoft's kernel-mode driver updates — which often cause problems — are triggering a BSOD error message on some Windows systems, InfoWorld reports. 'Details at this point are sparse, but it looks like three different patches from this week's Black Tuesday crop are causing Blue Screens with a Stop 0x50 error on some systems. If you're hitting a BSOD, you can help diagnose the problem (and perhaps prod Microsoft to find a solution) by adding your voice to the Microsoft Answers Forum thread on the subject.'"
Intel

Errata Prompts Intel To Disable TSX In Haswell, Early Broadwell CPUs 131

Posted by Soulskill
from the somebody-is-getting-fired dept.
Dr. Damage writes: The TSX instructions built into Intel's Haswell CPU cores haven't become widely used by everyday software just yet, but they promise to make certain types of multithreaded applications run much faster than they can today. Some of the savviest software developers are likely building TSX-enabled software right about now. Unfortunately, that work may have to come to a halt, thanks to a bug—or "errata," as Intel prefers to call them—in Haswell's TSX implementation that can cause critical software failures. To work around the problem, Intel will disable TSX via microcode in its current CPUs — and in early Broadwell processors, as well.
Bug

Wiring Programmers To Prevent Buggy Code 116

Posted by timothy
from the stop-thinking-about-my-clairvoyance dept.
mikejuk (1801200) writes "Microsoft Researcher Andrew Begel, together with academic and industry colleagues have been trying to detect when developers are struggling as they work, in order to prevent bugs before they are introduced into code. A paper presented at the 36th International Conference on Software Engineering, reports on a study conducted with 15 professional programmers to see how well an eye-tracker, an electrodermal activity (EDA) sensor, and an electroencephalography (EEG) sensor could be used to predict whether developers would find a task difficult. Difficult tasks are potential bug generators and finding a task difficult is the programming equivalent of going to sleep at the wheel. Going beyond this initial investigation researchers now need to decide how to support developers who are finding their work difficult. What isn't known yet is how developers will react if their actions are approaching bug-potential levels and an intervention is deemed necessary. Presumably the nature of the intervention also has to be worked out. So next time you sit down at your coding station consider that in the future they may be wanting to wire you up just to make sure you aren't a source of bugs. And what could possibly be the intervention?"
Bug

PayPal's Two-Factor Authentication Can Be Bypassed Using eBay Bug 33

Posted by Unknown Lamer
from the get-your-60day-exploits dept.
About six weeks ago, a hole in Paypal's two factor authentication and their mobile client was discovered. hypnosec (2231454) wrote in with news of another trivial way to bypass Paypal's two-factor authentication. A bug in a feature for eBay integration allows passing a GET parameter to completely bypass two-factor authentication, and you don't even need to be coming from eBay to use it. You still need the password, but additional protection is lost. From the article: eBay, in conjunction with Paypal, provide a service as to where you can link your eBay account to your Paypal account, and when you sell something on eBay, the fees automatically come out of your Paypal account. ... When you are redirected to the login page, the URL contains "=_integrated-registration." ... Once you're actually logged in, a cookie is set with your details, and you're redirected to a page to confirm the details of the process. And this is where the exploit lays. Now just load http://www.paypal.com/ , and you are logged in, and don't need to re-enter your login. So, the actual bug itself is that the "=_integrated-registration" function does not check for a 2FA code, despite logging you into Paypal. You could repeat the process using the same "=_integrated-registration" page unlimited times.
Bug

Passport Database Outage Leaves Thousands Stranded 162

Posted by Unknown Lamer
from the maintenance-considered-harmful dept.
linuxwrangler (582055) writes Job interviews missed, work and wedding plans disrupted, children unable to fly home with their adoptive parents. All this disruption is due to a outage involving the passport and visa processing database at the U.S. State Department. The problems have been ongoing since July 19 and the best estimate for repair is "soon." The system "crashed shortly after maintenance."
Bug

"ExamSoft" Bar Exam Software Fails Law Grads 100

Posted by timothy
from the until-it-happens-to-you dept.
New submitter BobandMax writes ExamSoft, the management platform software that handles digital bar exam submissions for multiple states, experienced a severe technical meltdown on Tuesday, leaving many graduates temporarily unable to complete the exams needed to practice law. The snafu also left bar associations from nearly 20 states with no choice but to extend their submission deadlines. It's not the first time, either: a classmate of mine had to re-do a state bar exam after an ExamSoft glitch on the first go-'round. Besides handling the uploading of completed exam questions, ExamSoft locks down the computer on which it runs, so Wikipedia is not an option.
Communications

Black Hat Researchers Actively Trying To Deanonymize Tor Users 82

Posted by Soulskill
from the good-research-vs-bad-research dept.
An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.
Android

Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code 150

Posted by timothy
from the little-of-this-little-of-that dept.
New submitter Brett W (3715683) writes The security researchers that first published the 'Heartbleed' vulnerabilities in OpenSSL have spent the last few months auditing the Top 50 downloaded Android apps for vulnerabilities and have found issues with at least half of them. Many send user data to ad networks without consent, potentially without the publisher or even the app developer being aware of it. Quite a few also send private data across the network in plain text. The full study is due out later this week.
Bug

Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken" 739

Posted by timothy
from the you'll-never-believe-what-he-actually-said dept.
hypnosec (2231454) writes to point out a pointed critique from Linus Torvalds of GCC 4.9.0. after a random panic was discovered in a load balance function in Linux 3.16-rc6. in an email to the Linux kernel mailing list outlining two separate but possibly related bugs, Linus describes the compiler as "terminally broken," and worse ("pure and utter sh*t," only with no asterisk). A slice: "Lookie here, your compiler does some absolutely insane things with the spilling, including spilling a *constant*. For chrissake, that compiler shouldn't have been allowed to graduate from kindergarten. We're talking "sloth that was dropped on the head as a baby" level retardation levels here .... Anyway, this is not a kernel bug. This is your compiler creating completely broken code. We may need to add a warning to make sure nobody compiles with gcc-4.9.0, and the Debian people should probably downgrate their shiny new compiler."
Bug

Bad "Buss Duct" Causes Week-long Closure of 5,000 Employee Federal Complex 124

Posted by timothy
from the something-to-be-indignant-about dept.
McGruber (1417641) writes In Atlanta, an electrical problem in a "Buss Duct" has caused the Sam Nunn Atlanta Federal Center to be closed for at least a week. 5,000 federal employees work at the center. While many might view this as another example of The Infrastructure Crisis in the USA, it might actually be another example of mismanagement at the complex's landlord, the General Service Administration (GSA). Probably no one wants to go to work in an Atlanta July without a working A/C.
Classic Games (Games)

ScummVM 1.7.0 Released 26

Posted by Unknown Lamer
from the manic-mansion dept.
jones_supa (887896) writes It's been a while since a new ScummVM release, but version 1.7.0 is now here with many exciting features. New games supported are The Neverhood, Mortville Manor, Voyeur, Return to Ringworld and Chivalry is Not Dead. The Roland MT-32 emulator has been updated, there is an OpenGL backend, the GUI has seen improvements, AGOS engine is enhanced, tons of SCI bug fixes have been applied, and various other improvements can be found. This version also introduces support for the OUYA gaming console and brings improvements to some other more exotic platforms. Please read the release notes for an accurate description of the new version. SCUMM being the language/interpreter used by many classic adventure games.
Encryption

CNN iPhone App Sends iReporters' Passwords In the Clear 40

Posted by Unknown Lamer
from the safe-reporting dept.
chicksdaddy (814965) writes The Security Ledger reports on newly published research from the firm zScaler that reveals CNN's iPhone application transmits user login session information in clear text. The security flaw could leave users of the application vulnerable to having their login credential snooped by malicious actors on the same network or connected to the same insecure wifi hotspot. That's particularly bad news if you're one of CNN's iReporters — citizen journalists — who use the app to upload photos, video and other text as they report on breaking news events. According to a zScaler analysis, CNN's app for iPhone exposes user credentials in the clear both during initial setup of the account and in subsequent mobile sessions. The iPad version of the CNN app is not affected, nor is the CNN mobile application for Android. A spokesman for CNN said the company had a fix ready and was working with Apple to have it approved and released to the iTunes AppStore.
Privacy

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix 52

Posted by Soulskill
from the you-can't-say-that-on-television dept.
alphadogg writes A presentation on a low-budget method to unmask users of a popular online privacy tool Tor will no longer go ahead at the Black Hat security conference early next month. The talk was nixed by the legal counsel with Carnegie Mellon's Software Engineering Institute after a finding that materials from researcher Alexander Volynkin were not approved for public release, according to a notice on the conference's website. Tor project leader Roger Dingledine said, "I think I have a handle on what they did, and how to fix it. ... Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn't the end of the world." Tor's developers were "informally" shown materials about the bug, but never saw any details about what would be presented in the talk.
Bug

Researchers Test Developer Biometrics To Predict Buggy Code 89

Posted by Soulskill
from the subject-was-asleep-when-this-code-was-checked-in dept.
rjmarvin writes: Microsoft Research is testing a new method for predicting errors and bugs while developers write code: biometrics. By measuring a developer's eye movements, physical and mental characteristics as they code, the researchers tracked alertness and stress levels to predict the difficulty of a given task with respect to the coder's abilities. In a paper entitled "Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development," the researchers summarized how they strapped an eye tracker, an electrodermal sensor and an EEG sensor to 15 developers as they programmed for various tasks. Biometrics predicted task difficulty for a new developer 64.99% of the time. For a subsequent tasks with the same developer, the researchers found biometrics to be 84.38% accurate. They suggest using the information to mark places in code that developers find particularly difficult, and then reviewing or refactoring those sections later.
Mars

ExoLance: Shooting Darts At Mars To Find Life 50

Posted by Unknown Lamer
from the lance-it-from-orbit-just-to-be-sure dept.
astroengine (1577233) writes To find life on Mars, some scientists believe you might want to look underground for microbes that may be hiding from the harsh radiation that bathes the red planet's surface. Various NASA rovers have scraped away a few inches at a time, but the real paydirt may lie a meter or two below the surface. That's too deep for existing instruments, so a team of space enthusiasts has launched a more ambitious idea: dropping arrow-like probes from the Martian atmosphere to pierce the soil like bunker-busting bug catchers. The "ExoLance" project aims to drop ground-penetrating devices, each of which would carry a small chemical sampling test to find signs of life. "One of the benefits of doing this mission is that there is less engineering," said Chris Carberry, executive director of Explore Mars, a non-profit space advocacy group pushing the idea. "With penetrators we can engineer them to get what we want, and send it back to an orbiter. We can theoretically check out more than one site at a time. We could drop five or six, which increases the chances of finding something." They will be performing a test run in the Mojave desert to see if their design stands any chance of working.
Security

Critical Vulnerabilities In Web-Based Password Managers Found 114

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes A group of researchers from University of California, Berkeley, have analyzed five popular web-based password managers and have discovered vulnerabilities that could allow attackers to learn a user's credentials for arbitrary websites. The five password managers they analyzed are LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword. "Of the five vendors whose products were tested, only the last one (NeedMyPassword) didn't respond when they contacted them and responsibly shared their findings. The other four have fixed the vulnerabilities within days after disclosure. 'Since our analysis was manual, it is possible that other vulnerabilities lie undiscovered,' they pointed out. They also announced that they will be working on a tool that automatizes the process of identifying vulnerabilities, as well as on developing a 'principled, secure-by-construction password manager.'"
Bug

Today In Year-based Computer Errors: Draft Notices Sent To Men Born In the 1800s 205

Posted by timothy
from the pa-dmv-never-did-me-any-favors-either dept.
sandbagger (654585) writes with word of a Y2K-style bug showing up in Y2K14: "The glitch originated with the Pennsylvania Department of Motor Vehicles during an automated data transfer of nearly 400,000 records. The records of males born between 1993 and 1997 were mixed with those of men born a century earlier. The federal agency didn't know it because the state uses a two-digit code to indicate birth year." I wonder where else two-digit years are causing problems; I still see lots of paper forms that haven't made the leap yet to four digits.
Bug

Bug In Fire TV Screensaver Tears Through 250 GB Data Cap 349

Posted by Unknown Lamer
from the should-have-stuck-to-xscreensaver dept.
jfruh (300774) writes Tech writer Tyler Hayes had never come close to hitting the 250 GB monthly bandwidth cap imposed by Cox Cable — until suddenly he was blowing right through it, eating up almost 80 GB a day. Using the Mac network utility little snitch, he eventually tracked down the culprit: a screensaver on his new Kindle Fire TV. A bug in the mosaic screensaver caused downloaded images to remain uncached.

It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome Klapka Jerome

Working...