Month: March 2014

Privacy has bee…

Privacy has been described as an “adjustment process” in which humans continuously adjust the views of themselves that they present to others. Steering Committee on the Usability, Security, and Privacy of Computer Systems; National Research Council. Toward Better Usability, Security, and Privacy of Information Technology : Report of a Workshop.  

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations

ISO 29100:2011 Privacy Framework is now a public available document and it offers a comprehensive framework. Hong Kong and Singapore Gov both enacted privacy regulations, I compare both regions’ privacy protection requirements with ISO29100. Below is a summary table. Will write more on each comparison later. ISO 29001:2011 Eleven Privacy Principles  Singapore Nine Data Privacy …

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations Read More »

TLS design weakness affecting client side authentications

A team of security research discover a weakness in TLS design, quote form their website “A is malicious, it can choose a non-prime group such that the resulting PMS is fully under its control. if a malicious server Amounts a UKS attack to obtain two sessions (one with C and the other with S) that share the same MS, ciphersuite, …

TLS design weakness affecting client side authentications Read More »

Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS)

Digital certificate is widely used and the Internet cannot work without it. However, PKI (the framework digital certificates based on) has lots of issues. Last year in ISO SC27 meeting at ENISA there was a special meeting on PKI. Many issues are only raised without a conclusion, same as most issues brought international meetings. How …

Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS) Read More »