Tech Risk & Security

China Internet Network Information Centre released a survey result on the current usage of WAP in China. As of March 2007, there were 39M WAP (Wireless Acccess Protocol) users, about 28% of fixed Internet population in China. Not too surprising, Guangdong Province has the large WAP population. The report summary could be find here .

The legal battle on BitTorrent cases reached an end on 18 May 2007 and the full judgement released on Hong Kong Legal Information Institute On 12 Jan 2005, officers from HKSAR Custom Department raided thedefendant's (Mr. Chan) home after tracking his address from an online forum. Mr. Chan he had uploaded 3 .torrent files on 10 Jan 2005 and 11 Jan 2005 to the forum and these enabled BT users to download copies ofmovies. In first instance, Mr. Chan was charged by virtue of section118(1)(f) of the Copyright Ordinance, Cap 528 and of obtaining access to a computer with dishonest intent, contrary to section 161(1) (c) ofthe Crimes Ordinance, Cap 200. But in the final judgement in the Court of Final Appeal, the 5 judges unanimously dismissed Mr Chan appeal andhe was convicted of 118(1)(f) of the Copyright Ordinance only. This was a high profiled case and the HKSAR government launched propaganda on their determination on combating the copyright battle. Since charges was brought to the cou...

This morning I heard astounding news about Symantec. It released a faulty virus definition that deleted (or quarantined) two essential files on Windows XP (Simplified Chinese Version). The result was that around 3 millions computers were unable to start and must restore the deleted files from the original Microsoft installation CD. SANS and Sina confirmed this news. They claimed that only people who downloaded the updates from the Symantec China webpage between 01:00 a.m. and 02:30 p.m. on May 18th AND have MS06-070 installed on their computer were affected. This incident has many implications. The one that worries me the most is that people will try to download these files on the web in order to repair their computers. The integrity of these files is in question (if they do not come from an authenticated source). A malicious hacker may plant a virus or backdoor in these system files and offer them in discussion groups. As an auditor, I always think of process control. There are ac...

McKinsey recently released an article on the prospect of a SMS-basedpayment system in China rural area. The arguments were that China has a low level of non-cash payments when compared to other countries and the Chinese government is keen to develop non-cash payments in order to simulaterural spending. There are both economical and political reasons to have an efficient rural payment system. I agree with the article's contention that ATM and POS are not the right products for Chinese farmers. The main reason is cost. While the annual income of the averagefarmer in China is below USD 2000, it is relatively costly to acquire and maintain an ATM or POS, which usually costs more than USD 20000. Apart from cost, there is also a trend in other countries of declining rates of ATM adoption. According to the BIS statistics , the number of automated banking machines per million inhabitants decreased by 1123 in the year 2000to 1069 in 2005. However, the picture portrayed by McKinsey seems to ...

There was a news about 16 China Banks released a press release about a coordination framewrok between banks against online fraud (網上銀行反欺詐聯動機制) The banks will share their fraud information with China Financial Certification Authority CFCA, which was found by the banks in year 2000. CFCA is a certificate authority (i.e. a PKI service provider) and from ChinaTechNew.com 25 banks uses their certificates in 2005. If this alliance is successful and continues its development, I think CFCA has the potential to be the center of China payment network. A secure PKI is important, especially for using client-side authentications. When the banks establish a cross-banks PKI process and agreements, the payment network may function a bit like VISA in plastic card business. For China, the development and innovations are unlimited.

When we talk about Cyberspace, we usually think of US. Partly due to there technology innovations and partly due to their obsession about Internet. Then it is not surprise to know US has many legislations on regulating the Internet and citizens' cyber-activities. Below is an snapshot of the status of Internet regulations in US and quite interesting. http://www.imanet.org/technotes/stnewsb.asp