Tech Risk & Security

Recently, a member of PISA (also called Anthony) noticed that when using HK Post office website, FireFox displayed security warning saying the digital certificate used bu HK Post is invalid. A detailed study by other PISA members showed that the reason HK Post (once is the root CA for HK) used their own root certificate. Root certificates are usually shipped with the browser installation and HK Post digital certificate was not included in their default software package. Hong Kong Post setup a page to teach users on how to add the root certificate to most used browsers . However, how many users know this link, willing to follow or could follow the instructions !! It is quite clear that currently most browsers develop and distributed by US company or US-based community. The interest of adding other root certificates is likely lower than adding new functions. Having said that, FireFox developers have a process to add Root Certificates to their software package, for example this li

http://www.cw.com.hk/content/hk-guangdong-sign-framework-suggestions-e-signature

I read an article about how a group of US newspapers plan to respond to failing revenue. 1st : considered a “presentation on technology/service to track content on the Web and to extract payments from third-parties and ad networks that have appropriated newspaper content.” If other online formats are stealing your copyrighted content, make them pay for it. 2nd Collecting enhanced online newspaper user data across newspaper properties and mining that data to aggressively sell target content to specific audience segments across the network.” The core tech are tracking content (1st model) or user behavior (2nd model). But it is not technology that matters. It is the law that gives the newspaper to charge or sell these data that affect its success. The copyright law enforcement is tooooo expensive compare to maybe HKD 10 for a single reference. Privacy law is too restrictive for newpapers to sell their DB. My personal opinion is that the current legal infrastructure prohibit QUALITY newpap

SDA Announces Agreement to Make J.P. Morgan's CDS Analytical Engine Available as Open Source; Increases Transparency in CDS Pricing At the centre of our current financial crisis is the CDS (credit default swap). ISDA is the trade association which draft standard contract for CDS. The market was unable to give a reasonable and authority price for CDS in recent months. The open source decision is to make the price of CDS more stable and being open source, each one could validate the price components (market risk, liquidity risk, credit risk, FX risk and others) Open source when taking a transparent perspective could help to stable a market in crisis. http://www.isda.org/press/press012909.html Antony

Recently, I re-organised my research article on legislation on circumvention of TPM and published in PISA Journal . In this issue, there was an article on iSCSI Resilience and Security which is a very precise introduction for security professionals. Thanks for SC Leung's editions.

A study was conducted to study the correlation between website usages and economy!! We now have all sorts of monitoring devices and data points that enable us to track human behavior. It is conveninet to believe some activities (like visiting a particular type of website) will affected by economy. But would this correlation substanitable ? giving the fact that the web content changes constantly and new websites are created daily? http://news.bbc.co.uk/2/hi/technology/7459055.stm

I read two news articles today. One on SCMP which reported that Intel hired anthropologist to study user behavior and shape their strategy. One on BBC Technology, which said ICANN plan to open up top-level domain names. The result would be that everyone could register their website name with ending ranging from .bank to .worm. They seemed unrelated but I wonder how people respond to an explosive growth top-level domain names. Top level domain names, like .com or .hk are limited and users accumulated a sense of trust after years usages. Will user trust citibank.bank more over citibank.bank ? or will user buy items from toyshop.com or toyshop.shop ? What is missing in the current Internet infrastructure, after 10 years of development, is trust? How ICANN's proposal to open up top-level domain is helping to built trust in cyberspace ? The current status of DNS is far from satisfactory and phishing attacks are launched daily exploiting this weakness. Opening up top-level domain name fo