Facebook follows you into the drugstore

September 24, 2012 § 1 Comment

By now I think most people understand that everything they do or say on Facebook will be recorded. And I’ve already written about how banks are poking around your Facebook profile and activity. But there’s a new development underway that takes intrusive analytics to the next level: Facebook is now “partnering” with data aggregators such as Datalogix to link your offline purchases with your online profile.

Datalogix has purchasing data from about 70m American households largely drawn from loyalty cards and programmes at more than 1,000 retailers, including grocers and drug stores. By matching email addresses or other identifying information associated with those cards against emails or information used to establish Facebook accounts, Datalogix can track whether people bought a product in a store after seeing an ad on Facebook.

This is yet another reason to use a variety of different email addresses for your online and offline activities, and to only provide the bare minimum of requested information when registering for a site or offline program. While it’s not foolproof, it does help reduce the ease of the cross-system joins that are at the heart of many of these privacy-eroding analytic schemes.


Free SoapUI Conditional GoTo tutorial

September 19, 2012 Comments Off on Free SoapUI Conditional GoTo tutorial

If you’re using SoapUI to test your services, have a look at this tutorial I did about the powerful Conditional GoTo TestStep. You’ll find it on the SmartBear blog.

Click here if you’d like to get trained and certified on SoapUI and Ready! API.

Three free password strength web sites

September 14, 2012 Comments Off on Three free password strength web sites

As our data increasingly moves online, creating, managing, and using passwords is more important than ever before. Getting a password stolen – or decrypted by an unauthorized third party – can be very painful. Things are much worse if your broken password unlocks lots of doors. For this reason, it’s extremely unwise to use the same password for different websites, since a breach at one site exposes you everywhere. With this in mind, it’s smarter to create distinct passwords for each web site, application, email service, and so on. However, given the proliferation of online resources, many people must manage dozens of different logins, and some have many more. For example, I maintain nearly 200 different passwords.

When it comes to setting up passwords, there’s a perception that a strong password is hard to create – and even more difficult to remember. This is why I use a third party password management tool. There are many on the market, but I like Callpod Keeper. It’s up to you to set a master password, but once you’ve done that Keeper will generate passwords for each site you visit. Another choice is to simply create your own passwords on a site-by-site basis and store them in Keeper.

Regardless of where and how you create your password, it’s natural to wonder how secure it is. Believe it or not, it will often take a brute force decryption attack longer to break an easy-to-remember phrase than a short, unmemorable, cryptic password. To help you gauge the relative strengths of your passwords, take a look at each of these helpful sites:

1. How Big is Your Haystack? This site is from Gibson Research, provider of many excellent networking and security utilities.

2. Dropbox’ zxcvbn password strength estimator. This utility was created as a companion piece to a really well written blog post. I like how this utility shows you play-by-play of how a brute force attack might be launched against your password.

3. How Secure is My Password? Color-coding (red is bad, green is good) adds a nice visual effect that tells you how long it will take to break your password.

As you experiment with these sites, I recommend trying a variety of passwords and phrases. Don’t forget to thrown in special characters, uppercase, numbers and so on.

Where Am I?

You are currently viewing the archives for September, 2012 at rdschneider.

%d bloggers like this: