Stolen or “Lost” data reports sure seem a bit overwhelming lately don’t they?
Archive for June, 2006
How do you make sure that the Web Service you are testing complies with the Web Services Interoperability Organization standards? I use ParaSoft SOATest. It’s really a no brainer because the tests are there by default when you create a project in SOATest (as seen in the image). The WS-I tests ensure that your Web Services are compliant with the WS-I Organization’s Basic Profile version 1.1. When you look at the list of test assertions that SOATest conducts you can feel at ease that your service is definitely compliant.
This security breach hits a little to close to home:
Porn-surfing hits taxpayer IDs
Security breach – More than 1,300 people face identity theft after a state employee let in data-stealing spyware
Last night the 10 o’clock news said that the Oregon Department of Revenue would be sending letters to the individuals at risk. I’m an Oregonian and I’m hoping I didn’t make the list. It was rather amusing when the news station asked random Portland citizens their thoughts on the matter and they were more aghast with the fact that a Department of Revenue employee was surfing porn at work! Amazing… what is it going to take to wake up the public so they see the root of this identity theft problem?
My coworker Scott Hanselman recently blogged about his use and experience with the tool Invirtus VM Optimizer. The tool worked well for Scott and his dynamic disk MS Virtual PC images so I looked at how it could improve my fixed disk images. The site didn’t reveal anything on improvment for fixed disks so I emailed support at Invirtus to ask about it:
I’m trying to understand how your product would work with a MS VPC that is utilizing the “Fixed Disk” feature. Since the VPC size is fixed will Optimizer shrink it to the smallest size and leave the image unusable (since it won’t don’t dynamically grow)? Or will Optimizer allow me to specify a buffer beyond the optimized size to ensure the VPC doesn’t run out of space?
The reply was:
Optimizer will work with a fixed disk in that it will increase the available free space to the maximum available. But, you cannot shrink the disk itself.
While writing test cases, on the side I converted a fixed disk image to a dynamic disk to see if Optimizer could decrease the 6.3 GB size. The attempt resulted in a slightly LARGER VPC size (6.4 GB). After scratching my head for a while I then emailed support to ask why:
I used your tool with a MS VPC that was a dynamic disk of 6.3 GB. After running the tool the disk ended up being a little over 6.4 GB. The VPC image was VERY clean prior to running of the tool (fresh Server 2003 OS install, SQL 2000, installed two Web Services and a few web sites). Am I missing something or is the tool primarily used for MS VPC bloat that is caused over time VPC? Why did the size go up?
The reply was:
In VM Optimizer we include a tool called Freespace.exe. Freespace.exe goes sector by sector and cleans the whitespace. This means that every sector on your disk is touched and when that happens on a virtual disk the size of the disk expands. However, in a dynamically expanding scenario the size will reduce quite substantially and in your fixed disk scenario the disk will remain approx. the same or grow just slightly.
So, no special magic here for me and my situation. It makes sense; you can’t squeeze blood out of a turnip. For performance reasons, I converted a 6.3 GB virtual disk image to a 10.1 GB fixed disk image but the caveat is that copying and network transfer a bit painful. I’m assuming that the 3.8 GB difference is free space. My test environment doesn’t need this much free space, 1 GB would be enough. At this point I think the only way to get my fixed disk smaller is to specify the free space when converting from dynamic to virtual. Does anybody know a trick for this? Am I looking at a feature request?
Update 6/19: I contacted Ben the Virtual PC Guy to see if he had any tricks up his sleeve for downsizing the free space in a fixed disk and he responded with: “We do not provide a way to change the maximum size of a virtual hard disk today. If you want to do this you will need to create a new virtual hard disk – at your desired size – and then use a tool like Symantec Ghost to transfer the data to the new virtual hard disk.”
Today Greg sent me a link and after clicking it the title of the article had me thinking that the identity theft pendulum had begun to swing the other way (in our favor). The article title was: Veterans Affairs chief calls for stronger data laws
The article is a reactive statement to the 26.5 million veterans information that was stolen a while ago and starts out hopeful with a great inspirational quote:
“It’s an emergency at the VA, and it should be an emergency in our society,”
but then starts to take a roll down hill with:
Rep. Tom Davis, the Virginia Republican who heads the committee, said the incident had prompted him to weigh changes to a law called the Federal Information Security Management Act of 2002, which outlines procedures federal agencies must undertake in order to protect their data and systems.
I wonder, is it the actual incident that prompted Tom OR WAS IT THE FACT THAT THE VETS ARE SUING? Hope spirals back into the vast wasteland of stolen identity when the article goes on to say:
That law requires agencies to notify law enforcement and internal inspectors general when a breach occurs, but it does not require notification of potential victims or the public. It must be updated to include penalties, incentives and “proactive notification requirements,” Davis said, adding that he is “troubled as the number and scope of losses continues to expand.”
So if I understand right, once you let my data get stolen you’ll find it in the goodness of your heart to tell me (instead of me finding out after my bank account is drained). That’s proactive? I think not. Proactive is encrypting my data and being certified to manage my data. Ugh..This is pathetic.
I just did an Internet search for “Software Quality Assurance for Dummies” and found nothing. I can hardly believe it! The luck is equal to finding a dot com domain name that isn’t taken.
If you’re looking to get into Software Quality Assurance, or are green in SQA look forward to the up and coming publication: Software Quality Assurance for Dummies by Brent Strange:
John Wiley & Sons, Inc. please contact me to get this underway. 🙂
Is it the fact that I work in a security group and this stuff naturally flows through my inbox or has the last week been a stolen data fiesta?
Hotels.com customers data is stolen and Greg is MAD (WARNING! Don’t make Greg mad, it’s not pretty. Well, sometimes it’s humorous to watch… If you have the opportunity to rib him a little bit someday in person just bring up how slow Microsoft Virtual Server is and you’ll see traces of the mad Greg. Mad level 3 out of 10). Anywhooo, Greg not only rants about how pathetic security is in the industry but offers some practical advice on knowing how secure a company is by their certifications. Good stuff.
Data lost on all 2.2 million (nearly all) active duty, reserve and guard members.
Veterans fight back and sue for data lost/stolen (this is what we need to wake the industry up).
Alex Scoble sent an article stating that cleaning up data breach costs 15x more than encryption. No joke? Go figure. But why do that? That’s pro-active and not re-active. Fire-fight mode is sooo much more fun though.
Are you a blogger or blog reader? Are you a fan of syndication? Let me present the latest in geek t-shirts for RSS. I had this one on the back burner since I started this blog in December of 2005 and finally sat down to create it tonight. This master-piece is titled “Feed Me” (I won’t be offended if you consider it a master-POS). The image below requires ShockWave-Flash. If you can’t see it, just go to Zazzle.com where this little beauty resides. Do you hate black t-shirts or would rather a sweat-shirt or tank top? Zazzle has a huge product line-up that you can place this advertising gem on. Gem you say? Yes, this is THE official RSS icon to be recognized by a cajillion internet users by 2007. TRUST ME. Don’t be a “wanna-be” by displaying your syndication spirit in 2008. Get this frickin’ thing on your chest now!
Ho-hum, more user data stolen, yawn… This time only 1.3 million borrowers Social Security numbers from the Texas Guaranteed Student Loan Corp. Interestingly enough, this time it was encrypted for transport but then decrypted by the data management company Hummingbird Ltd. After decryption the hardware that it was on was “lost”. Lost? <Insert snide comment here>.
Read more here.