It's been a year now since the Dyre malware family was first profiled, and there is no sign of infection rates slowing down. In fact, [reports](http://www.scmagazine.com/trend-micro-documents-new-malware-infections/article/418266/) would seem to suggest just the opposite with infections up from 4,000 at the end of last year to 9,000 at the start of this. The lion's share being split pretty evenly between European and North American users. So I was interested to spot this Tweet from Ronnie T [@iHeartMalware](https://twitter.com/iheartmalware) who is actually Ronnie Tokazowski, a senior researcher at PhishMe, which declares: "I'm tired of dumping #Dyre configurations by hand. So I wrote a …

Member Avatar
Member Avatar
+1 forum 4

While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye [discovered](https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html) that [a well established China-based hacking campaign called Deputy Dog](https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html) had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant. This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected …

Member Avatar
+1 forum 0

Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent …

Member Avatar
+2 forum 0

Microsoft this week acquired [url=http://www.teamprise.com/]Teamprise[/url], a division of [url=http://www.sourcegear.com/]SourceGear[/url] that built tools to give developers access to Visual Studio 2008 Team Foundation Server from systems running Linux, Mac OS X and Unix.SourceGear's flagship [url=http://www.sourcegear.com/sos/]SourceOffSite[/url] provides remote access to Visual SouceSafe, Microsoft's version control system. Teamprise comes in [url=http://www.teamprise.com/products/download/]three forms[/url]. The Plug-in for Eclipse allows developers source control, bug tracking, build and reporting operations from within their current Eclipse environment or Eclipse-based IDE. Teamprise Explorer does the same but can can stand alone. There's also the Command-Line Client automated builds and other scripting situations. Updated to version 3.2 in March, Teamprise …

Member Avatar
Member Avatar
+1 forum 3

If you are a programmer than you probably know or at least know of C++ well now a company called Digital Mars is developing the D programming lanugage. [I] "D is a systems programming language. Its focus is on combining the power and high performance of C and C++ with the programmer productivity of modern languages like Ruby and Python. Special attention is given to the needs of quality assurance, documentation, management, portability and reliability." [/I]Basically this programming language is looking to combine the best of all there is out there using features from C, C++, C#, and Java as …

Member Avatar
Member Avatar
+1 forum 20

Think that macro viruses written in VBA (Visual Basic for Applications) are just something that people using the Internet a couple of decades ago had to worry about? Think again. Word macro attacks never went away, they just went into decline. New evidence suggests they could be making something of a comeback though. Coupled with research showing how non-English speaking recipients are being targeted by phishers using this technique, it makes for worrying reading some 15 years after [Melissa](http://en.wikipedia.org/wiki/Melissa_%28computer_virus%29) struck fear into the email using world. Whenever I hear non-English and phishing uttered in the same breath, I tend to …

Member Avatar
Member Avatar
+1 forum 2

Bugs are, and always have been, a fact of life for the software developer. However, if Microsoft researcher Andrew Begel has his way, they could be a thing of the past. Last month a paper entitled '[Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development](http://research.microsoft.com/apps/pubs/default.aspx?id=209878)' was published which Begel co-authored. This week, Begel spoke at the annual Microsoft Research Faculty Summit on the subject. Basically what Begel and his research colleagues are saying is that the existing work looking at dealing with programming errors tends to focus on the "post hoc identification of correlations between bug fixes and code" …

Member Avatar
Member Avatar
+1 forum 1

The average DaniWeb member if not already au fait with Pastebin.com is almost certainly aware of something like it. A pastebin has become, for many programmers, a default tool in the coding box and for very good reason: it makes sharing large quantities of code very easy indeed. Of course, any pastebin is essentially just a temporary text store and that means any type of text, not just code; and it's here that the problems for [pastebin.com](http://pastebin.com) would appear to start. The service has been branded "a major trading place for exploits and passwords" according to recently released research. ![601d5c136ccdd3c2b09d9d6ec4851946](/attachments/small/0/601d5c136ccdd3c2b09d9d6ec4851946.jpg …

Member Avatar
Member Avatar
+0 forum 2

Companies using IBM's Rational and Tivoli product will breathe easier today, thanks to new, integrated versions of nine tools that the company says will facilitate communication and closer collaboration between software development and support teams in the enterprise. What's more, prices will remain where they are, and the updates are free for current subscribers. According to the company, the integrations are intended to address individual frustration points that it sees being experienced by teams, particularly those of the geographically dispersed variety, and improve efficiency for organizations using both through automation. One of the four couplings involves Rational ClearQuest, which development …

Member Avatar
Member Avatar
+0 forum 4

In what has been called by some commentators the ‘most significant update in five years’ the latest version of Python finally come of age. Python 2.5 not only apparently fixes some 450 bugs discovered since the 2.4 release was, err, released, but also throws in some 350 patches for good measure. Hey Microsoft, there’s a new patch king in town and it’s the [URL="http://www.python.org/psf/"]Python Software Foundation[/URL]. Although officially ‘suitable’ for production use, the changes that help improve the way Python supports 64 bit systems might break certain C extension modules, so you might want to take that particular definition of …

Member Avatar
Member Avatar
+0 forum 9

Java vulnerabilities have hardly been out of the news during the last year. Here at DaniWeb we've covered a number of the stories as they surfaced: [Java in the cross-hairs: the security debate rolls on](http://www.daniweb.com/software-development/java/news/445532/java-in-the-cross-hairs-the-security-debate-rolls-on), [Is Java 7 still insecure? Oracle Patch doesn't fix underlying vulnerability](http://www.daniweb.com/software-development/java/threads/432479/is-java-7-still-insecure-oracle-patch-doesnt-fix-underlying-vulnerability), [Update my insecure Java plug-in? Meh, say 72% of users](http://www.daniweb.com/software-development/java/threads/446989/update-my-insecure-java-plug-in-meh-say-72-of-users) and [WARNING: New zero-day for Java 6u41 and Java 7u15](http://www.daniweb.com/software-development/java/threads/449198/warning-new-zero-day-for-java-6u41-and-java-7u15). It's the latter two that are pertinent as to why I'm covering the whole Java exploits story again. It would appear that the CVE-2013-2463 vulnerability in the Java 2D subcomponent is still problematical, even …

Member Avatar
Member Avatar
+3 forum 1

According to a new survey of more than 2,000 British workers, 38% of them insisted they were 'content' with their career progression. When it comes to the tech sector, 39% were happy with their career ladder climbing which, according to Randstad Technologies which carried out the research, makes them happier than most. The truth is that while tech professionals are happier than average with their career progression, they are not as happy as you might expect given that 'IT and Telecommunications' (bolstered by demand from a 4G licensing boom) is the sector that has expanded the most during the last …

Member Avatar
Member Avatar
+1 forum 2

[![Perforce Software](/attachments/small/0/b6af75be8ad198722ef5cae5061023d5.jpg "align-right")](http://www.perforce.com) Perforce Software has today shared five essential tips for software development teams to consider by way of spring cleaning the development environment. These management guidelines are designed to help maintain well-organized codebases as well as improving the overall development process. Randy DeFauw, senior product manager at Perforce Software, told DaniWeb that he has seen the value of breaking down silos over and over again. "Ten years ago I saw a project hit a testing wall because the developers had never seen the test plan before final acceptance began" DeFauw says "Five years ago I saw repeated deployment …

Member Avatar
Member Avatar
+2 forum 1

There are precious few archaeologists in Japan, and only a handful who produce their own software programs to analyze geographic information. One who does is Professor [Izumi Niiro](http://www.okayama-u.ac.jp/user/arch/about/niiro.html) of the Okayama University. A convert from Perl, Professor Niiro now uses Python to perform data analysis via the Geographic Resources Analysis Support System (GRASS) in order to accurately survey the Japanese burial grounds known as Kofun that were built between the third and seventh centuries. The largest Kofun site in the Okayama Prefecture in Japan is also the fourth largest in the whole of Japan. The 'Tsukuriyama Kofun' is the burial …

Member Avatar
+1 forum 0

DaniWeb, the 10 year old IT discussion community with more than a million members, is always looking forward and never stops introducing new features and functions for users. When spammers managed to get the better of the (highly customised) vBulletin forum platform which had been driving DaniWeb since the get go, founder and CEO Dani Horowitz got the better of the spammers by re-coding the entire forum platform from the ground up. As a result, DaniWeb users not only got the benefit of a much slicker interface designed specifically for their needs, but the team of volunteer moderators got to …

Member Avatar
+2 forum 0

According to new research from Randstad Technologies, a specialist recruitment company, less than half of those working in the IT and technology industry in the United Kingdom are happy with their levels of pay. By contrast, however, 60% appear to be quite happy with their jobs despite of this. Interestingly, that 60% figure is lower than the national average of 61% across the entire UK workforce whereas the number happy with their pay (47%) is higher than the national average (43%). If you want to be really happy, if you believe the statistics, then perhaps you should quit tech and …

Member Avatar
Member Avatar
+1 forum 2

Last week saw the discovery of YAJE: Yet Another Java Exploit. Sadly, Java vulnerabilities are neither new nor uncommon and the bad guys are quick to exploit them in the wild. Some claim that Oracle is in too much of a rush to extricate itself from this unholy mess and while being quick to patch whatever vulnerability is currently making the media headlines is still leaving far too many insecurities in the software unfixed. But does that mean it's time to give up on Java? ![dweb-java01](/attachments/small/0/dweb-java01.jpg "align-right") AlienVault's Head of Labs, Jaime Blasco, reproduced the latest exploit in a previously …

Member Avatar
Member Avatar
+3 forum 6

New research based upon the findings of the [Guardian UK300](http://targetjobs.co.uk/uk300/home) has revealed that IT students in the UK most want to work for Google, Apple, Microsoft, IBM or Intel in that order. Failing that, then they would like to end up working with MI6 (the Secret Intelligence Service), MI5 (the Security Service) or at GCHQ (the Government Communications Headquarters). ![dweb-guardian300](/attachments/small/0/dweb-guardian300.jpg "align-right") The Guardian UK 300 itself is compiled from one of the biggest ever student surveys of UK employers, and in that survey the students were asked both which career sectors interest them the most and who they wanted to …

Member Avatar
Member Avatar
+0 forum 9

**Appcelerator releases Titanium 2.0 with suite of mobile cloud services.** On April 17th, 2012, Appcelerator took the wraps off of the latest release of their flagship product Titanium 2.0. This major point release of the seminal cross-platform mobile development environment brings with it a new suite of ready-to-use 'Instant Mobile Cloud Capabilities' via an available SDK. For those unfamiliar with Titanium, it is an award winning mobile development platform with over 40,000 apps downloaded to millions of devices. It supports native app development by providing seamless JavaScript APIs for thousands of device-native functions in iOS & Android in addition to …

Member Avatar
+0 forum 0

A cyber weapon grade piece of malware, some twenty times the size of Stuxnet, has apparently been fired at a number of countries in the Middle East. This highly complex piece of code which takes screenshots of any open 'programs of interest' such as email or IM, records audio and sends large volumes of compressed sensitive data back to base, was uncovered thanks to research from Kaspersky Lab and the International Telecommunication Union (ITU). Described as being far more functional and far more complex than previous nation-state sponsored attacks such as Stuxnet, Flame has been found to be actively deployed …

Member Avatar
Member Avatar
+0 forum 4

Although you may not realise it, dear coder, you apparently have the best job in America. At least that's what the newly published [2012 Jobs Rated Report](http://www.careercast.com/jobs-rated) reckons. The CareerCast research shows that for the second year running the best job in the US is a software engineer. Not surprisingly the demand for programmers is expected to rise by as much as 30% over the next eight years according to the report authors, a rate of increase much steeper than the average for any other occupation. ![bestjobs](/attachments/small/0/bestjobs.jpg "align-right") The report took into account various factors such as income, stress, physical …

Member Avatar
Member Avatar
+1 forum 2

[ATTACH=RIGHT]16645[/ATTACH]Oracle announced Thursday evening (August 12) that they would be filing a lawsuit against Google, claiming that their Android phone software infringes upon patents and copyrights of their Java software, which they acquired when they purchased Sun Microsystems in January for $7.4 billion. "In developing Android, Google knowingly, directly and repeatedly infringed Oracle's Java-related intellectual property. This lawsuit seeks appropriate remedies for their infringement," Oracle spokeswoman Karen Tillman said in an official statement. The lawsuit, filed in the U.S. District Court in San Francisco, alleges that Google “willfully and deliberately” infringed upon seven Java patents and has even gone so …

Member Avatar
Member Avatar
+5 forum 4

Software from boffins who used to work at the [URL="http://spacetech.dundee.ac.uk/"]Space Technology Centre[/URL] at the University of Dundee promises to reveal secrets of legacy code. Founded in September 2009, [URL="http://www.rapidqualitysystems.com"]Rapid Quality Systems[/URL] is a software development outfit that was 'spun out' of the Dundee University Space Technology Centre, and is still based in the University business incubator. Now it is about to release it's first product, Code Rocket, which promises to make the development and analysis of complex computing code a whole lot easier. Working with Visual Studio .NET (2005, 2008 and 2010 versions) Code Rocket reveals the inner workings of …

Member Avatar
Member Avatar
+0 forum 1

Craigslist hosts classified ads of all kinds, including lengthy lists of [url=http://newyork.craigslist.org/sof/]developer's jobs in New York[/url] and the [url=http://sfbay.craigslist.org/sof/]San Francisco Bay area[/url]. But another type of job listing was in the spotlight today, and it's nice to know there's at least [i]one[/i] person out there who's thinking clearly. A judge in Illinois yesterday threw out a case brought against Craigslist for facilitating prostitution, simply because people listed what were alleged to be such services on the company's no-frills Websites. That would be like [url=http://www.ncpa.org/pub/st223]blaming gun makers[/url] every time someone is shot to death, or [url=http://www.startribune.com/sports/65649347.html?elr=KArksi8cyaiUo8cyaiUiD3aPc:_Yyc:aUU]suing makers of aluminum bats[/url] for …

Member Avatar
Member Avatar
+0 forum 2

Want to know how to fix an election without resorting to bribery and corruption? Ever thought about throwing some Return Oriented Programming into the voting equation? Ordinarily, the hacking into of an electronic voting machine might spark a little bit of interest if there were an election looming perhaps. That said, the potential insecurity of such machines can happily be filed under old news. However, my attention was grabbed by the paper ([URL="http://www.usenix.org/event/evtwote09/tech/full_papers/checkoway.pdf"]Can DREs Provide Long-Lasting Security?[/URL]) from a bunch of security researchers based at the Universities of California, Michigan and also Princeton. Not least because while it did, I …

Member Avatar
Member Avatar
+0 forum 2

When you are programming web pages it is very important to optimize your code for better and faster performance. In this part I will show you how to optimize code for filling multiple dropdownlists with data from Microsoft Access. The same thing is with SQL Server. I'm using asp.net 2.0 and Microsoft Visual Studio 2005. Add new Module to your project and name it DataOperations (Right Click Project - Add New Item - Class. Change class to module, like this: [CODE] Public Module DataOperations End Module [/CODE] Now write code for filling dropdownlist: [CODE] Imports System.Data.OleDb Imports System.Configuration.ConfigurationManager Public Module …

Member Avatar
Member Avatar
+2 forum 2

[ATTACH=left]17191[/ATTACH]Today at Intel's IDF 2010 was the official launch of the 2011 version of Intel Parallel Studio. Parallel Studio is a set of tools that enhance Visual Studio to support full parallel programming. This is more than just a simple plug-in for Visual Studio. It's an entire set of tools covering the entire development workflow. In terms of parallel development, these steps are design, build and debug, verify, and tune. For designing, you have the Intel Parallel Advisor, which sismplifies the process of adding parallelism to your application. For the build and debug phase, you have the Parallel Composer. Together …

Member Avatar
Member Avatar
+5 forum 4

There's a map for that. And now nonprofits can get it for free. ESRI, the company that produces the ARCView series of geographic information systems applications, [URL="http://www.esri.com/nonprofit/index.html"]announced [/URL]today its Nonprofit Organization Program, intended to provide copies of the seminal mapping software for free to nonprofits. "The Esri Nonprofit Organization Program is designed to provide conservation and humanitarian nonprofit organizations around the world an affordable means of acquiring ArcGIS software and services," the company said. Other types of nonprofit organizations may also be eligible for membership in the program. Mapping software is an extremely useful way of displaying data with a …

Member Avatar
+0 forum 0

Rapid Application Development has come a long way since the early days of Delphi and Visual Basic in the mid 1990s. I remember those days well, as I immersed myself in Pascal development with the original Delphi back in 1995 and even wrote a couple of books about it. Delphi was created by Borland, and then, after Borland changed its name twice (first to Inprise, then back to Borland), Delphi was later moved to a new company spun off by Borland in 2006 called CodeGear. CodeGear was then bought by Embarcadero Technologies in 2008. Today Delphi and its descendants are …

Member Avatar
+3 forum 0

Hewlett-Packard today [url=http://www.hp.com/hpinfo/newsroom/press/2010/100426xa.html]announced[/url] updates to [url=https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-127-24^1185_4000_100&jumpid=reg_R1002_USEN]Service Test Management 10.5[/url] and [url=https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-127-24^1352_4000_100__]Functional Testing 10.0[/url]--its quality assurance tools for software testers--that the company says are now better equipped to help development teams find defects earlier and cover code for Adobe Flex/Flash, Ajax, Microsoft Silverlight and other rich client technologies. New in Functional Testing 10, which is part of Mercury's ever-popular Quick-Test Pro, is the ability to easily test dynamic Web 2.0 applications and features. The update is implemented in the so-called Web 2.0 Extensibility Accelerator, which the company says "provides a Visual Studio-like IDE that accelerates and facilitates the design, development and …

Member Avatar
Member Avatar
+0 forum 2

The End.