Old Bug Up To New Tricks

SCMagazine reported this week that researchers in Malta have discovered a decade-old vulnerability, present in all versions of Windows since 2000.  This bug can cause PCs to crash instantaneously and without warning, as well as reeling the compromised machine into a distributed denial-of-service (DDoS) attack.  This exploit is only dangerous if the user is duped into running an app with the malicious code (according to Paul Gafa, CTO of 2X Software).


The bug was discovered while Gafa was writing a software testing app:

“You can be the least privileged user on the system and still crash it,” Gafa said. “I believe it is very easy for Microsoft to sort it out. They just need to validate arguments passed to Windows APIs.” (source: SC Magazine)

Microsoft is currently aware of the defect and responded with this insight:

“Our initial assessment of the report is that malicious code would have to already be running or a user would have to be able to run a specially crafted application to cause the system to crash. In either case, the system has already been compromised or the user has rights to logon to the system.”

I’m curious to hear if anyone has other stories of old bugs causing new problems or vulnerabilities?

What Has 47,000+ Thumbs And Now Offers Load & Performance Testing Services?

In the 18 months since our August 2008 launch, the name uTest has become synonymous with functional testing.  We help companies hunt down and kill the bugs in every corner of their web, desktop or mobile apps.  But a funny thing happened along the way:  as our customers have grown (in number, in size, in technical sophistication), we’ve found ourselves getting pulled into QA-related conversations outside of just functional testing.

Among the most popular topics has been load & performance testing.  Companies of all shapes and sizes have been asking for our advice; asking our opinions about various synthetic load tools; asking us what other companies are using; and ultimately, asking us to help them ensure their web apps are ready to perform under peak loads.

So after extensive research and a great deal of planning, uTest is ready to announce a new and better way to perform load testing on your web app.  We’re offering three different flavors of load testing services:

  • Live Load: A team of live testers from around the globe can test an application simultaneously, enabling customers to see how their web app performs under truly real-world usage conditions
  • Simulated Load: Requiring no live testers, uTest’s simulated load testing provides customers with a complete analysis of a web app’s performance under peak synthetic load
  • Hybrid Load: Combining live testers with best-of-breed simulated load tools, uTest’s hybrid load testing enables customers to perform functional testing while their web application is under heavy synthetic load

We think our approach to load testing is altogether unique and will be extremely valuable to companies of all types, but we’re also exceedingly biased.  But our early load testing customers and the software testing pundits seem to agree:

We’ll update this post with more links as the news rolls in.  Questions about how load testing works via a community of professional testers?  Check out our load testing section for details.  Or drop us a note and ask us anything.

Join Us @ QUEST — Quality & Software Testing Conference (April 19-23)

QUEST, one of the top software testing conferences, will be held in Dallas this year (April 19-23).  And uTest is getting geared up and is thrilled to be a part of this conference.

In addition to inviting Doron to be a keynote presenter, QUEST features a week-long agenda packed with more than 100 opportunities for attendees to build new skills and prepare for the testing professions of the future.

From exploratory testing to test automation to security audits to crowdsourced testing,  QUEST will cover a wide range of testing topics that give attendees insight into the latest best practices and innovative approaches to testing today. To learn more, here’s a sneak peek at the QUEST Magazine.

Special Note: Members of the uTest community interested in registering for QUEST are eligible for

Continue Reading

Users Use; And Testers Test

VentureBeat has an interesting article about eBay’s announcement that they’re going to tap into their user base to test new features — a kind of opt-in, ongoing beta program for new features.  The title for this article:

eBay to Use Crowdsourcing to Test New Features, Starting with Streamlined Search

Those who know me well know that defending the purity of the term”crowdsourcing”  against misuse is a pet cause of mine (e.g. – Meet-ups are not crowdsourcing; online polls are not crowdsourcing; asking your Twitter followers a question is not crowdsourcing). But don’t worry… this won’t be another rant about the importance of definitions and how critical labels are.  Well, at least not about the word “crowdsourcing”.

Continue Reading

International Date Line Bug Caused Fighter Aircraft Systems Crash

With our testing community currently hammering away in the “Bug Battle of the TV Networks” this week, it’s time to take a moment to reflect on our February bug-iversary.

On February 11, 2007, during its very first overseas deployment to Okinawa, Japan, six F-22 Raptors flying from Hawaii experienced multiple computer crashes, including navigation, communication and fuel system crashes, when crossing the International Date Line.

Continue Reading

Update: Battle Of The TV Networks Tops 500 Bugs In First Three Days

Update: We’re roughly 72 hours into our latest Bug Battle, which is comparing and evaluating the top TV networks: ABC, CBS, NBC and FOX.

With just under four days remaining in the week-long competition, we’ve already had more than 400 testers participate and well over 500 bugs reported. This is shaping up to be the most exciting Bug Battle ever, both in terms of the quantity of bugs submitted and the quality of the reports themselves.

Remember, the Bug Battle ends Friday, February 12th at noon ET, and there is nearly $4,000 in prize money at stake. It’s not too late to win the top prize so get started today (remember, it’s the highest quality bugs that matter, not the quantity)!

To join or catch up on Bug Battle discussions, be sure to check out our testers-only forums.

(Bug) Battle of the Network Stars – Starts this Friday

The major networks have been engaged in a decades-long struggle to win the hearts and minds (and eyes) of viewers. Whether it’s news, sports or sitcoms, these battles are now being fought on multiple fronts – including the distribution of their content through their web and mobile applications.

Which brings me to our latest bug-hunting competition. This quarter’s uTest Bug Battle will challenge testers to find bugs on the web AND mobile apps of the four major TV networks: CBS, NBC, ABC and FOX.

The competition gets started this Friday, February 5 at Noon (ET). At that time, testers from our community will be given one week to search these sites for the most compelling bugs, and to report them through our online platform. We’ll be dishing out nearly $4,000 in prize money for categories like Top Tester, Best Bug and Best Survey Feedback. As an added twist, we’re also including prizes for the Best Mobile Bugs.

More details on this Bug Battle – as well the rules, prizes and deadlines – after this commercial break. Just kidding, you can find them in the “Bug Battle” thread in the uTest Forums and we’ll be sharing more details here in the next few days.

So testers, you’ve got a few days to prepare for our most challenging competition to date. Until then, stay tuned.

Building A Testing Team — Do’s & Don’ts

You’ve got the next big idea for a killer web, desktop or mobile app.  It’s gonna change the world.

So what’s on your to-do list?  Well, you need a slick GUI designer to make it look hot, and top-shelf product team to get the features & UX right.  Oh, and you need some ace developers to make your app come to life.  Good, now you’re done, right?  I mean, yeah, you need to test it, but you can do that yourself… or have your developers do it… or maybe the intern… or your beta users.

Think again, says Rex Black over at eWeek.  Despite what you might think, there IS a right way (and a wrong way) to build the testing team you’ll need to launch a high-quality app:

Continue Reading

Apple’s Tablet On The Launching Pad — T Minus 4, 3, 2…

I think I read somewhere that Apple may be announcing something on Wednesday. </sarcasm>

If you’ve been near any media source in the past few weeks, you’ve probably seen the build-up of Apple’s upcoming announcement, which is widely expected to be the launch of their new tablet device.  To watch the drama unfold, check out Wired.com’s complete coverage.

Does anyone have predictions about size, feature set, price point, et al?  Share your thoughts.  Being a software testing shop, we’re particularly interested in what types of apps that will be built for this new category-defining device.  Will there be an entirely new class of apps (and thus, more Apple-related testing)?  Will it work with iPhone apps?  Is it purely a web device?

UPDATE:  Ok, so now that we know more about the iPad (check out Mashable’s iPad coverage… or TechCrunch’s… or AlleyInsider’s), I’m curious to hear what you think — Worth the wait?  Overhyped?  Revolutionary?  Meh?  Weigh in and tell us your take.

A Dissenting Opinion On Testing’s “To Cert Or Not To Cert” Debate

Earlier this week, we published our three-part interview with Michael Bolton.  This was the latest installment in our monthly Testing The Limits series, in which we sit down with luminaries from the worlds of testing, development, crowdsourcing or startup life.  As part of this discussion, we asked Michael for his take on the issue of testing certifications (as we’ve done with Matt Heusser and James Bach in previous months).

In response to what she felt was “cert-bashing,” Charity Stoner of ProtoTest has written a post defending test certifications.  Since we always encourage civil discourse and open-minded debate — and since the purpose of  the Testing The Limits series is to offer up different perspectives from around the world of software — I wanted to shine a light on this post.

What do you think about test certifications?  Do they provide testers with a toolkit that complements their experience and adds real value?  Are they a marketing mechanism that limits what it means to be a professional software tester?  Or is it somewhere in the middle?  I’d love to hear your thoughts.