Your SlideShare is downloading. ×
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Why we didn't catch that   application bugs
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Why we didn't catch that application bugs

684

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
684
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Catch Me If You Can Customer Fund Bug Analysis Liang Gao
  • 2. Analysis Customer Found Bug is Good • Why we didn’t find it through our internal testing • What test case can be designed to catch that • What kind of test strategy can cover that • How can we make sure we can catch this kind if bug from now on
  • 3. Bug # 1, WebEx Bug: • In Windows, if you share Adobe Acrobat (PDF) files in landscape mode, they may display in portrait mode • In Mac, You can only connect to WebEx sessions from behind a Microsoft ISA proxy server, in basic mode, that has user authentication enabled. • In Linux: you cannot clear just your own annotations. When you clear annotations, all annotations are removed.
  • 4. Bug # 2 WebEx Bug: • If Active X is disabled in Internet Explorer, contacts cannot be imported from Microsoft Outlook. • In Mac, You can only connect to WebEx sessions from behind a Microsoft ISA proxy server, in basic mode, that has user authentication enabled. • In Linux: you cannot clear just your own annotations. When you clear annotations, all annotations are removed.
  • 5. Bug # 3 WebEx Bug: • If a single occurrence of a recurring WebEx meeting is either deleted or rescheduled, the meeting information is not updated on the WebEx service site. In the host and attendee's Outlook calendars, however, the deleted or rescheduled meeting still appears correctly. • If a template used during Outlook integration has "Mute on Entry" option enabled, you will still hear a sound as attendees join the session. • Attendee registration can not be enabled for recurring WebEx meetings scheduled using Lotus Notes Integration.
  • 6. Bug # 4 Taobao Bug:
  • 7. Bug # 5 Taobao Bug: http://wuliu.taobao.com/user/order_list_new.htm?order_status_show=monyer”> <img%20src=http://www.baidu.com/img/baidu_logo.gif%20onload=
  • 8. Bug # 6 Alisoft Bug: http://wuliu.taobao.com/user/order_list_new.htm?order_status_show=monyer”> <img%20src=http://www.baidu.com/img/baidu_logo.gif%20onload= http://webwwtb2.im.alisoft.com/wangwang/ww1.htm?t=1222861728484&uid=monye m%3Cimg%20src=javascript:alert("monyertest"+document.cookie)%3E
  • 9. Bug # Bug 7 Taobao Bug: http://wuliu.taobao.com/user/order_list_new.htm?order_status_show=monyer”> <img%20src=http://www.baidu.com/img/baidu_logo.gif%20onload= http://webwwtb2.im.alisoft.com/wangwang/ww1.htm?t=1222861728484&uid=monye m%3Cimg%20src=javascript:alert("monyertest"+document.cookie)%3E http://upload.taobao.com/auction/publish/publish.htm?auction_type=monyer"%3E% Cimg%20src=http://www.baidu.com/img/baidu_logo.gif%3E
  • 10. Bug 9: Google Doc Sharing Bug We have two documents with one owner and two contributors each: Document 1, contributors: A, B Document 2, contributors: C, D If I were to select both documents and make E a contributor, this is what I would expect to happen: Document 1, contributors: A, B, E Document 2, contributors: C, D, E This is what actually happened: Document 1, contributors: A, B, C, D, E Document 2, contributors: C, D, E
  • 11. Bug 10: Google Doc Authentication Bug For Google Doc, an image embedded into a protected document is given a URL which is not protected
  • 12. Bug 11: Office Online Bug Office Online Bug
  • 13. Bug 12: Boundary Testing Bugs 14  214-748-3647 Most popular phone number in US  Largest 32 bit signed number  Store phone number in a signed 32 bits and didn’t check buffer overflow
  • 14. Bug 13: Visa Credit Card Bug Recently several Visa card holders were overcharged for certain purchases, to the tune of $23,148,855,308,184,500.00 on a single charge. The company says it was due to a programming error, and that the problem has been corrected. What is interesting is that the amount charged actually reveals the type of programming error that caused the problem. 23,148,855,308,184,500.00 * 100 (I'm guessing this is how the number is actually stored) is 2314885530818450000. Convert 2314885530818450000 to hexadecimal, and you end up with 20 20 20 20 20 20 12 50. Most C/C++ programmers see the error now ... hex 20 is a space. So spaces were stuffed into a field where binary zero should have been."
  • 15. Bug 16: Cisco Bug • Title: 在向某防火墙发送 version 字段为 0 的 IPv6 报文时,打开防火墙的 snoop ,会造 成防火墙重启 . • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?
  • 16. Bug 17: Cisco Bug • 处理 IPv6 分片 ICMP 大包 . 防火墙上结果是 未通过 • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?
  • 17. Bug 18: Cisco Bug • 某网络安全代理产品:当访问已有代理的 Web 服务器时候访问不了 • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?Content secure gateway Proxy Web Server
  • 18. Bug 19: Cisco Bug • 配置了 65535 个 RP 和 1785 个 vlan 的 IP 地址后, wr ,死机,重新断电启动, 等待 10 分钟后仍然无法启动 • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?
  • 19. Bug 20: Cisco Bug • 当使用 BGP PEER GROUP 时,当邻居 实际 AS 与配置的 AS 不同时,仍能建 立连接
  • 20. Bug 21: 银行 • 网上银行使用银联来做认证 • 银联升级, 凌晨 • 15 分钟之内所有银联的认证全部默认 通过 • 所有网上银行交易(网购等) 15 分钟 内无需密码(任意密码)就可以成功
  • 21. Bug 22: 银行 • 外汇交易,汇率信息来自路透社 • 路透社和北京时间有时差,有一段时 间不会有信息更新 • 系统实现时,如果没有信息更新,使 用缺省的汇率 • 被客户发现并利用,损失了上百万
  • 22. Bug 24: 网络• 瑞典因例行维护时造成 DNS 不能识别域名中的“ .se” 而使全瑞典互联网断网 近一个小时。 • •       瑞典当地时间 2009 年 10 月 12 日晚上 9 时 45 分,全瑞典所有网站无法连接, 所有带瑞典域的电子邮件都无法正常接收和发送,有大约 90 万域名受到影响。 • •       瑞典网络监控公司 Pingdom 指出 , 在对“ .se” 域升级时的“脚本配置错误”是引起 这次网络故障的原因。 • •       很显然,程序末尾仅少了个句号使得域名系统( DNS )无法识 别“ .se ” 了,“ .se” 是瑞典的“顶级”(国家)域。(译注:“ se” 取自  Sweden ,就 像“ cn” 取自中国 china 一样) •       在对脚本测试期间,这个遗漏的句号没有被发现。而该软件一旦投入运行, 监视系统便发现该遗漏的句号,并生成一个新文件。 • •       然而,由于旧脚本信息缓存在各互联网服务提供商( ISP )中,要等到各 ISP 重新还原系统,由新脚本引起的中断才告结束。修正后的新脚本在当地时间晚上 10 时 43 分投入运行。
  • 23. Bug 25: 携程 • 点数换机票,需要上网认证,并通过 手机认证,客户收到认证码后,再上 网确认。 • 里程部看到的是里程数已经可以用了 • 而客服部看到的是还不能够购买 • 客户在这两个部门间被踢来踢去,一 个很好的客户满意计划变成了客户抱 怨计划。
  • 24. Bug 26: 意大利邮电局系统更新 Bug• 2009 年 11 月 25 日邮局系统更新,包 括所有的 ATM • 整数后面的小数点被去掉,取 115.00 欧元被认为是取了 11500 欧元 • 上万人的账户显示透支,不能再使用 。 • 客服电话被打爆
  • 25. Bug 27: 微软 Office 2003 权限 Bug• Cannot Open Office 2003 Documents Protected with RMS • Starting on December 11, 2009, customers using Office 2003 will not be able to open Office 2003 documents protected with the Rights Management Service (RMS) or save Office 2003 documents protected with RMS. The following error message may be displayed when attempting to Open RMS Documents using Office 2003:
  • 26. Bug 28: 微软手机 Bug • Messages received after 1/1/2010 may be dated as 2016 • Today's date 010110 • BCD 10 is 0001 0000 in binary, which is 16 in decimal. • Bank of Queensland’s Eftpos terminals. OQ’s Eftpos machines skipped ahead six years when the clock ticked over to January 1 and started date stamping January 2016.
  • 27. Bug 29: SpamAssassin Bug • Messages received after 1/1/2010 are all treated as Spam • Promptly at the start of the new year, all mails started getting an extra 3.4 points based on FH_DATE_PAST_20XX: header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006] describe FH_DATE_PAST_20XX The date is grossly in the future.
  • 28. Bug 30: Mars Pathfinder Bug • 2+2 = 5 check • 一个产生偶数的算法 • 实验室中只发生了一次,无法重现 • 中断发生了一次,在执行算法之前(百 万分之一秒)
  • 29. Bug 的修复费用从顶层到底层逐 渐增多

×