Software Testing Blog

Up until last week, Internet domain names were a pretty mature business.  Then the folks at ICANN decided to shake things up by enabling non-Latin character ccTLDs (country code Top Level Domains – like .co.il and .co.uk ).  What does that mean for you?  Well, here’s a quick test.  Try visiting this URL: http://موقع.وزارة-الأتصالات.مصر/.

What you’re looking at is an Internationalized Domain Name, or IDN for short.  It doesn’t contain western or “Latin” letters, and chances are everything you know about URLs is about to get turned backwards (in this case, literally).  What’s worse is that different browsers handle this kind of domain name differently, and there’s no one right answer.

Are you a software tester?  Then your ship has come in because IDNs open up a whole new category of software bugs.  Let’s take a look at a few big trouble areas, but hang on tight because this gets goofy fast.

Read more…

For most software companies, user feedback generally comes in the form of emails, surveys, bug reports and the like. For Facebook, it recently came in the form of an entire South Park episode (warning: spoiler alert!).

Earlier this week, South Park lampooned the social media giant (along with Jim Cramer, chat roulette, Tron and Yahtzee) in an episode with major usability undertones. You can watch the entire episode here, but in case you’re at work, here’s brief synopsis from Wikipedia:

When Kyle, Cartman and Kenny make Stan a Facebook profile without his knowledge, he becomes frustrated with everyone asking him for friend requests. After he gets fed up with Facebook, Stan tries to delete his profile but is sucked into a virtual Facebook world. Meanwhile, Kyle starts trying to find ways to get more friends on Facebook after he drastically starts losing them due to his befriending of a third-grade friendless Facebook user, who everyone thinks is a loser.

Compared to other South Park “guests”, Facebook made it through the episode relatively unscathed, and for that they should be thankful. That said, it’s still South Park, a place where weaknesses must be exploited. So, here are a few feedback items I was able to relate to typical user feedback:

Read more…

Before I get into the story of this fascinating bug, I wanted to take a moment to introduce you to T.W.I.T. We liked the “bug-iversary” concept so much here at uTest that we decided to make it a recurring column, called T.W.I.T. or This Week In Testing (also noting the happy coincidence that the word “twit” is synonymous with “fool” and “dope,” words that characterize many of these bug follies ).

But I digress! So, this week in testing brings us an interesting heart device bug discovered March 12, 2008.

A team of computer security researchers were able to gain wireless access to a combination heart defibrillator and pacemaker. According to the New York Times,

[The researchers] were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal. The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio embedded in the implant as a way to let doctors monitor and adjust it without surgery.

Full report and more after the bump!

Read more…

Sometimes new technologies can inflame old problems.  For example, consider location based social networks.  Many sites like Twitter and Foursquare make it easy to post both what you’re doing and your current location.  This is a great concept, and as technologies go there are huge possibilities for combining location information with social networking.  But there’s just one catch: if you’re out and Tweeting about it, then you’re probably not at home.  And that makes your home a perfect target for robbery.

To help people become more aware about the ramifications of announcing that their plasma TV is unguarded, a new site has appeared called Please Rob Me.  Using the magic of social search, they track various networks and then list the posts from people who are clearly not at home.  Of course, this has caused quite a stir online as many have wondered whether or not something like this is legal, ethical, or even right?

Read more…

Around 1:00 PM EST today, Microsoft will release an emergency patch for all versions of Internet Explorer.  They’re issuing the patch today instead of on their usual timeline because of the recent security issues involving Google.  It seems that hackers were able to target a previously unknown bug in IE as part of their attack against several accounts with Google.  ZDNet quotes a spokesman from Microsoft saying:

“(W)e will be releasing MS10-002  (on) January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

If you run Internet Explorer (and statistics say that 62% of you do) run Microsoft Update a little after 10:00 AM PST and make sure you grab this update.  And if you run an IT department, you should consider deploying the patch to your users as soon as you can.

When your app gets hacked because of a bug in your code, that’s pretty bad.  But when your app gets hacked because of a bug in an underlying protocol that’s a building block of the Internet, then you’re looking at a really serious problem.

Such is the case with Twitter, which last week was shown to be vulnerable to a bug in the SSL standard.  SSL is the protocol that encrypts data going back and forth on the web, keeping our credit card numbers, usernames, passwords, and everything else safe and secure.  The trouble is, it’s broken and has been since the mid-1990s.

Right now, the IETF (the standards setting body for the Internet and the closest thing to an Internet Illuminati) has started drafting an update for SSL, but such things take time.  In the mean time, sites like Twitter are suffering the consequences.

Read more…

Mobile is the next great frontier for games, music, media and more.  In fact, Gartner says that  more than 139 million smartphones were sold last year.  And the phone makers aren’t slowing down:  Apple is planning to launch the iPhone into the Chinese market and a more affordable Android handset expected to hit the market by the end of ’09.  But haven’t we all learned that big markets make big targets — for VC dollars, for advertisers, for media coverage… and for hackers.

Doug Gross wrote a very interesting article over at CNN Tech about the one trend that could threaten to derail the otherwise unstoppable mobile movement.

Security analysts say they’ve already seen all of the major online threats — Trojan horses, viruses, worms — spreading on smartphones, often through e-mail attachments sent to the phones.

And as mobile apps have evolved from games and tip to calculators to company email, financial transactions and other mission-critical activities, the risk of security exploits grows considerably for mobile users and their employers.

The good news, experts say, is that phones present problems for hackers and other bad guys that traditional computers don’t.

Most viruses and other malware are designed for Windows, because that’s the most popular operating system. Since smartphones use a variety of different platforms, someone writing malicious software needs to pick and choose.

Wow, getting code to work across mobile platforms is so hard that even the hackers are having trouble!

Read more…

Last week I wrote about some of the issues with plugins (especially those in WordPress) – they’re often times poorly maintained, buggy, and insecure.  We got some great feedback, both on and offline, and today I want to give a few ideas for making the most of plugin-based platforms.

1.) Popular Plugins Hint at Missing Features

Read more…

Last week, the WordPress team fixed a pretty nasty bug and released version 2.8.4 of their blogging engine.  Prior to that, version 2.8.3 fixed a security bug in version 2.8.2 which was a security update for version 2.8.1 which itself fixed a number of security issues in version 2.8.  The WordPress team has certainly been busy!

With such a strong record of fixing flaws, WordPress’s security does not worry me.  What worries me are all the WordPress plugins…

Read more…