The FCC recently published a notice of proposed rulemaking that will have an impact on how we fight abuse on the internet. M3AAWG has submitted a comment on the proposal (pdf link). All submissions can be found on the FCC website.
When you’re developing code to handle data it’s almost essential to have a decent sized set of test data, so you can build a test harness to check on functionality and performance as you go.
A common way of doing that is to take a snapshot of your production database and pull out an appropriate subset from there. That works pretty well in most cases, but it’s a really bad idea if the data you’re working with is personally identifiable information, such as email addresses, phone numbers, credit cards and so on.
Test data gets spread everywhere. It’s checked in to source control systems, copied to developers laptops, included in publicly visible bug reports, shared with mailing lists when asking questions and sent to that dodgy overseas outsourcing company your CTO is evaluating. And if the code you’re developing sends email or SMS messages then sooner or later you’re going to misconfigure your test platform and send test messages to the contacts in your test data. (I’ve only done that once, and it was a memorable experience.)
But test data needs to be similar to real data, and look plausible, or it’s hard for manual testers to identify problems using it.
Enter randomuser.me – a simple API for generating random user data – name, email address, birthdate, phone numbers, postal address, social security number, even photos.
Need something more configurable, that lets you create a fake API to test your code against? Try RandomAPI for a web API returning JSON, SQL, CSV or YAML.
Just need some test JSON files you can generate and paste in to your test suite? Try JSON Generator.
Need bulk data, to load into your test database? Look at Mockaroo, DummyData or GenerateData.
Just don’t use your production PII, even if you plan on anonymizing it before use. Really.
If you’re not following or reading Brian Krebs, you should be. He does some of the best investigative reporting in the email, security and internet space. Today’s blog post is a disturbing look into the data selling and identity theft industries. Brian details evidence that shows Experian (yes, that Experian) has been selling consumer data to identity thieves.
Infoweek interviewed a number of people who acquired new Yahoo addresses during Yahoo’s address recycling and reuse process. It seems that at least for some small percentage of former Yahoo users, there is a major risk of information going to the wrong people.
Read More