Tech Risk & Security

Hong Kong after months of public consultations is proposing an Unsolicited Electronic Messages Bill. This proposed bill has the following major features: 1. Enforce Opt-out (One needs to check before sending) 2. Technology Neutral (cover SMS, FAX and Email) 3. Prohibit address harvesting Generally, HK Government's effort is appreciated and the bill is comprehensive. There is not loophole the drafted bill does not quite get it. Under this bill, government propose to empower the Telecommunications Authority (TA) to set up "do-not-call registers", "which would be to facilitate recipients to opt out from receiving further commercial electronic messages from all electronic marketers and for senders of commercial electronic messages to ascertain the electronic addresses to which they should not send further commercial electronic messages unless they have specific consents. "This kind of register is very likely to be abused by malicious person to validate email address

A member from PISA posted an article on how the China Firewall works and how to circumvent it. Basically, there is one weakness of China national firewall that the web hosting company could exploit. This is another example of "Technology wants to be free". ================================================ Abstract. The so-called "Great Firewall of China" operates, in part,by inspecting TCP packets for keywords that are to be blocked. If thekeyword is present, TCP reset packets (viz: with the RST ag set) aresent to both endpoints of the connection, which then close. However,because the original packets are passed through the rewall unscathed,if the endpoints completely ignore the rewall's resets, then theconnection will proceed unhindered. http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf