My Internet Notebook

Recently the Spectrem Group, a wealth research group out of Chicago, released its newest study on wealth accumulation in the U.S.

The number of U.S. households with a net worth of $1 million or higher (exclusive of primary residence but inclusive of second homes and other real estate) passed 7.5 MILLION households, i.e. about 10% of total US households. This is a record number, surpassing even the 1999 time frame where 150 millionaires a day were being created in the Internet stock bubble.

The number of households with more than $5 million in net worth climbed to 740,000 — up 38% from the past year.

On My Yahoo front page, the alphabet ‘e’ has been hijacked by BMW’s ‘3’, ostensibly referring to its 3-series. See for yourself below. Was it ‘smart’ advertising? Or was it a bug?

Francesca Matteu at Stickyminds.com reports:

In response to an increase in demand for quality software products, new testing centers are sprouting up in India, which also means an increase in demand for testers. The new hiring boom for testers is evident in cities like Bangalore where there is a need for about 10,000 testing engineers that needs to be filled in the next six months. Some Indian companies have even doubled yearly salaries to attract experts from neighboring cities. Yet the increased salaries remain only a fraction of what testers make in the United States.

Interestingly these are being called Independent Software Testing (IST). Big software companies like Microsoft or Sybase are unlikely to farm out core product testing to ISTs. But I can see that smaller ISVs may get considerable benefits from not having to own/operate an internal testing group, no?

Lionbridge Technologies, the parent company of VeriTest, has set up a testing center in India, and Accenture plans to outsource their testing efforts to an Indian IST firm. Vidur Kohli, head of testing at MphasiS BFL in India, says, “They used to say this is where failed programmers went. Not anymore.”

Web applications these days are so prevalent that its security testing should be always considered a high priority and planned accordingly instead of just a after-thought.

Michael Mullins has a good article over at Techrepublic.com on “Ask these key questions to test application security”. Besides stating the obvious – “Companies should conduct application testing from both an authorized user’s and an unauthorized user’s perspective. This testing should include all systems that make up the application. The complexity of your testing should depend on whether the organization created the application or contracted a reputable vendor to do the work.” the author provided a good list of key questions to ask of designer and testers alike:

Scripting: Can you perform administrative functions remotely from the Internet? Could someone script an attack that overwhelms the application?
Enumeration: Is it possible to enumerate account information of other users?
Sessions: Have you based tokens on some easily re-created variable, such as sequential or time and date?
Error handling: Does your application reveal any useful information about the products used to create the application?
Field variables: Have you fixed SQL injection and buffer overflows that take advantage of system calls to unauthorized programs?
Code commenting: Have you cleansed HTML source code of all comments and metadata that doesn’t serve an end-user function?
Session time-out: Do sessions expire after a reasonable period of time?
Session cache: Does information expire to prevent someone from replaying a session?
Network parameters: Have you thoroughly documented ports and protocols and filtered them for content and source origination?

The Braidy Tester at Microsoft also offers an extensive list of things to look out for, including security: http://blogs.msdn.com/micahel/articles/175571.aspx. His list also included some major security exploits like SQL Injection.

But none of the two authors mentioned Cross Site Scripting, which is arguably gaining a lot of attentions lately. I will talk more about SQL Injection and Cross Site Scripting later.