Excellent article on laptop encryption

April 28, 2015 Comments Off on Excellent article on laptop encryption

Did you know that you have very few privacy rights when you cross a border (into the US or anywhere else in the world, for that matter)? I blogged about the dangers of bringing a laptop through customs a while back. Naturally, it’s a good idea to remove any sensitive information from your laptop, especially when you’re traveling. For those situations that require you to keep important data on a computer that’s at risk of being inspected (or stolen), full-disk encryption can be a lifesaver.

Operating system vendors have been doing a great job at strengthening their products, so there’s really no excuse not to take advantage of encryption. Here’s a link to an excellent article from Micah Lee on The Intercept that explains how to do this on Windows, Mac, and Linux computers.

intercept

With step-by-step instructions, it’s one of the best written tutorials I’ve seen about this topic. It’s well worth your time to make the effort, but remember: don’t lose your password!

ServiceV – a superb service virtualization technology for the API and Agile era

March 1, 2015 Comments Off on ServiceV – a superb service virtualization technology for the API and Agile era

I’ve been working with SoapUI since its earliest days, and I’m very excited about the direction that SmartBear is taking the Ready! API platform, which includes products such as SoapUI NG Pro, LoadUI NG Pro, Security, and ServiceV Pro.

At WiseClouds we deliver classes and supporting consulting services on all these exciting solutions, and we’re honored that SmartBear directly sells these courses to their clients. Many of our students go on to earn their SoapUI certification after attending these classes.

Mock services have long been one of the most useful features in SoapUI. Customers use mock services to quickly stand up virtual versions of the real services (SOAP and REST) that are in development. They can then construct their tests using these virtual services and then quickly switch over to the live services once they’re ready. Some of these enterprises have come up with really creative uses for mock services, including simulating middleware, third party APIs, telecom switches, and all sorts of other scenarios.

ServiceV represents a bold step forward for SmartBear, offering tremendous new functionality (such as assertions, datasources, and simulation for network latency and message buses – to name just a few) for creating virtual services, which are now known as Virts.

ServiceV is an idea whose time has come, for two primary reasons:

1. The rise of the API economy

It’s no secret that APIs are more essential than even before: it’s nearly impossible to go through your day without interacting with an API, whether or not you know it. They are the foundation of modern software, infrastructure, and the entire Internet. And APIs commonly invoke other APIs, which is an enormous increase in complexity.

This means that properly testing these assets is not an optional responsibility: it’s mandatory, and will continue to gain in importance. Failing to adequately test APIs can be disastrous – just read the news most days for the latest examples of outages, breakins, and other API failures.

ServiceV makes it easy to develop comprehensive tests that truly reflect the realities of the modern, API-based information-processing environment.

2. The advent of Agile delivery methodologies for software

Thanks to Agile techniques, software of all types – including APIs – is delivered much more frequently now. In many organizations, the quality assurance team is finding it nearly impossible to keep pace with the frenetic schedules driven by these practices.

ServiceV is a way for architects, developers, and operations staff to provide something for their quality assurance colleagues to use while the actual services are still being shaped and refined.

At WiseClouds, we’re so enthusiastic about what ServiceV represents that in addition to our current training and consulting solutions, we’ll be launching an exciting new Software as a Service offering that’s built upon ServiceV. If you’d like to learn more about that, be sure to subscribe to the blog and I’ll keep you posted.

SoapUI Pro On-Demand Training and Certification now available

June 10, 2014 § 1 Comment

I’m happy to announce the availability of on-demand training for SoapUI Pro, along with a comprehensive certification exam. This extensive, self-paced training course gives you all the tools you need to get the most from SoapUI Pro. After you’ve learned about SoapUI Pro’s far-reaching architecture, you’ll discover how to put SoapUI Pro’s features to work to build powerful unit, functional, and security tests.

The class is composed of 3 ½ hours of lectures along with dozens of straightforward, easy-to-understand examples and demonstrations. More than 150 questions will measure your comprehension of the materials, and thus prepare you for the optional SoapUI Pro certification exam.

Here’s a link to the class syllabus; below is a small class sample. 

If you’d like to learn more and register, click here.

Big Data security and privacy risk podcast

October 1, 2013 Comments Off on Big Data security and privacy risk podcast

I recently participated in a podcast sponsored by Edward Haletky at The Virtualization Practice.

My co-panelists (Edward, Iben Rodriguez @iben, Mike Foley @mikefoley) and I discussed many aspects of the inherent security and privacy risks that enterprises and the general public alike are encountering with Big Data. You can find a recording of the podcast here.

Introducing a half-day Big Data security training class

August 4, 2013 Comments Off on Introducing a half-day Big Data security training class

Beginning on September 20, I’ll be teaching a half-day Big Data security Webinar. These classes will take place once a month, and will cover the following topics:

Big Data information categories

  • Relational
  • Columnar/analytics
  • Key/value
  • Document store
  • Graph
  • XML
  • NoSQL

Big Data security requirements

  • Legal and regulatory
  • Internal guidelines
  • Industry standards
  • Privacy
  • User access

Big Data security risks

  • Meta data
  • Outsourcing
  • Distributed processing (e.g. MapReduce, Hadoop, and Cassandra)
  • Overt attacks
  • Covert attacks

Best practices for securing Big Data

  • Setting realistic security goals
  • Reducing surface area for attacks
  • Protecting physical assets
  • Safeguarding the network
  • Encrypting data
  • Data obfuscation via tokenization and masking
  • Retiring data

To allow for maximum student interaction, classes will be limited to 10 people. You can register here

10 simple things you can do to strengthen your online privacy

June 13, 2013 Comments Off on 10 simple things you can do to strengthen your online privacy

It’s been a very disheartening couple of weeks for people concerned with protecting personal information. From the US Supreme Court’s ruling about routine DNA collection to the ongoing revelations about the NSA Prism program, it’s easy to feel helpless in the face of such massive data collection. And while the amount of surveillance – from governments, corporations, and even nosy individuals – is likely to increase, there are a few basic things you can do to help safeguard your data from others.

  1. Reduce your activity on social networks. Did you know that banks routinely check out your FaceBook profile? And now the IRS has joined the party.
  2. Encrypt important files. TrueCrypt is an excellent choice for this essential task.
  3. Use a secure search engine. Google is very clear about how it stores your search history. If this bothers you, take a look at DuckDuckGo and ixquick.
  4. Use a more secure browser. Chrome is a good choice, but there are additional offerings out there. You can expect this market to heat up in the wake of all these snooping disclosures.
  5. Clear your browser cookies regularly. Many web sites inspect these cookies to get a much better idea of your browsing history.
  6. Use TOR or a VPN. These options both offer greatly improved communication security. TOR is easy to set up and use, too.
  7. Create multiple email addresses. There’s no reason to route everything through a single address. Instead, consider setting up different accounts at various providers.
  8. Put your phone in airplane mode when you’re not using it. Your phone constantly transmits details about your location back to your service provider. If you’re not actively using it, why broadcast that information?
  9. Pay cash. Do you really need to charge that burger?
  10. Be stingy with what you share. It may sound anachronistic in this age of updating FaceBook with every trivial aspect of life, but consider simply entering less data about yourself online. For example, there’s no reason for you to provide an e-commerce site with your home, work, and mobile phone numbers.

I’ll be adding more tips to the list, so if this topic interests you be sure to check back here from time to time or follow me on Twitter at @RD_Schneider.

Data never really disappears, particularly when it’s supposed to

May 9, 2013 Comments Off on Data never really disappears, particularly when it’s supposed to

If you have a teenage son or daughter, you may be familiar with an app called ‘Snapchat’. Its claim to fame – that is, until earlier today – is that it deletes all messages (text, photo, or otherwise) within a few seconds, thus keeping sensitive information safe from the prying eyes of parents, police, marketers, and all sorts of other nefarious characters.

But lo and behold, as it turns out, Snapchat actually doesn’t delete the data after all. Instead, it’s simply moved to a hidden directory, where with proper time and tooling, it can be recovered. You can read all about it here.

Whether or not you’re prone to sharing too much information, the takeaway from this little debacle is that data never really goes away, especially once a smartphone gets involved – not to mention the cloud. Keep that in mind the next time you’re tempted to use technology to record, say, or write something that you don’t want anyone else to see or hear. 

Where Am I?

You are currently browsing the security category at rdschneider.

%d bloggers like this: