October 16, 2015 Comments Off on Helpful, easy-to-follow instructions to assess and correct your browser’s SSL vulnerability
SSL has long been the primary method for encrypting the communications between your browser and the websites you visit. However, for years there have been reports about potential ways for unauthorized parties to exploit SSL weaknesses and thus gain access to your ostensibly secure interactions.
The latest news is that the Diffie-Hellman key exchange algorithm (using 1024-bit primes) has been compromised. This has serious implications for the privacy of your sensitive communications, including banking, shopping, and email, to name just a few.
Fortunately, there’s a very helpful online tool that will evaluate your risk. You can find it at https://www.howsmyssl.com/
You should run this tool for each browser that you use, and take action based on what it tells you. More about that later in this post.
Here’s what I learned when I ran it on my system:
Opera (I haven’t updated this for a while, so it’s no surprise that it’s vulnerable):
Safari (Based on these results, Safari is now a no-go until I get it corrected)
Firefox (I applied the fix from the article that I’ll describe below. The results are good)
Finally, here’s Chrome. Once again, I configured this browser using the information from the article below.
So what should you do if you get a ‘Bad’ message from the How’s My SSL tool? The Electronic Frontier Foundation (EFF) has published an excellent, easy-to-understand article with step-by-step instructions about how to tighten your browser security.
You’ll find it here.
October 15, 2015 Comments Off on Presenting a Data-driven API Testing Webinar with SmartBear on October 28
As long as computers are incapable of interacting telepathically, APIs will continue to serve as the predominant approach for cross-system communication over the Internet.
Alas, comprehensive API testing continues to occupy a distressingly low position on the software development To Do list. This is a shame, because there are some fantastic technologies and associated best practices that make it possible to quickly, easily, and thoroughly evaluate APIs for reliability, accuracy, and performance.
Since data-driven probes are some of the most effective techniques to determine if an API is ready for production, Paul Bruce from SmartBear and I will be presenting a technically-focused Webinar on how to employ winning data-oriented strategies in your testing.
To register for the Webinar, click here.
October 11, 2015 Comments Off on Excellent infographic showcasing major crowd funding platforms
I recently had the pleasure of hosting an angel investing training event for existing, new, and prospective members of Astia Angels as part of our portfolio gathering. We had a fantastic collection of panelists and speakers, including Trish Costello from Portfolia. Trish has very impressive experience in all aspects of angel investing and venture capital, and is now leading Portfolia.
Portfolia is a collaborative investing platform designed for affluent women. It features thematic micro-investing funds enabling women to invest on their terms in companies they believe in. Portfolia’s Rising Tide Fund is a ‘learn-by-investing’ fund that lets women invest $10,000 into between six and nine companies over one year while learning the process of entrepreneurial investing.
Portfolia aims to prepare and focus one million affluent US women investors in five years. When women green light the companies, teams and products they want to see succeed, we’ll see positive disruption in the marketplace.
As part of her talk to our group, Trish presented a tremendously useful graphic that helped clarify the major players in the highly complex and dynamic world of crowd funding. These platforms are disrupting banking, venture capital, and angel investing, so it’s important to understand the entire landscape. Trish has graciously permitted me to display it here. Click on the thumbnail to view the full image.