In the last 48 hours, age became a hot topic on Facebook, thanks to Microsoft How-Old.net free age-guessing online tool. It proves age is still a contentious topic, regardless gender, race and obviously age. A marvelous marketing gimmick! As it always happens, once a story caught fire, a few risk aversive or investigating minds start …
As 2015 approaches, it is time for new year resolutions and wishes. For security industry, we are busy preparing for another eventful year!! Design A Hack Proof Password Storage When preparing for our budget and project portfolios, it maybe useful to look at predictions from leading security vendors. Â Cyber security is an intelligence game. Can …
No Single Prediction Is Perfect, So I Look At Four Read More »
“It’s comforting to imagine that, in the end, the power of innovative technologies and business models will win out over status-quo thinking and entrenched interests, all for the public good.” From a security and risk management point of view, a central or using the author’s words “the powers that have traditionally controlled those transactions” provides …
Soon will come the software defined transaction (SDT) age. Read More »
ISO 29100:2011 Privacy Framework is now a public available document and it offers a comprehensive framework. Hong Kong and Singapore Gov both enacted privacy regulations, I compare both regions’ privacy protection requirements with ISO29100. Below is a summary table. Will write more on each comparison later. ISO 29001:2011 Eleven Privacy Principles Singapore Nine Data Privacy …
Last May, in ISO SC27 meeting held at Sophia Antipolis. WG5 Identity Management and Privacy Technologies voted to make ISO 29100 Privacy framework a public document. After JTC 1 Plenary endorsement in November 2013 meeting, the standard is now available at http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html (search for 29100). Another document are listed is  ISO 27000 Information security management systems — Overview and vocabulary. For most …
Public available of ISO/IEC 29100:2011 Privacy framework Read More »
When capturing and storing technology are so cheap, it is tempting for Gov to store everything. In this case, car plate images. I guess car rental business has another marketing theme to explore! Soon we will see computer rental and mobile phone rental. When trust is gone, people are willing to try extreme measures. There …
I talked about browser based security last week. As we have more and more cloud or web delivered applications, the browser is playing an important role. Most (if not all) user interaction in browser are programmed via javascript. With Cloud Computing, client side script will be playing a ever more important role. The data security and data …
that increasing privacy settings may actually produce what they call an “illusion of control” for social-network users.
WSJ runs a great article on issues with FB current privacy position. It seems FB position themselves as a repairing mechanics not as a professional architect when they work on privacy controls.Â
The newspaper story started with an example of involuntary disclosure of sexuality when a teenage joined a chorus FB group. Her parents was informed about her sexuality via FB. The reporter Geoffrey A. FOWLER then explained some inevitable change to privacy: “For much of human history, personal information spread slowly, person-to-person if at all.”; “Personal worlds that previously could be partitioned—work, family, friendships, matters of sexuality—become harder to keep apart.” ;”Facebook is committed to the principle of one identity for its users.” ; “increasing privacy settings may actually produce what they call an “illusion of control” for social-network users.”Â
After reading this article, I noticed that although FB is responsive in fixing the technical issue, they did not discuss how they design and verify privacy BEFORE launch. Millions of FB users do the test for FB for free. The largest software testing I ever know. FB improves their system after their user already suffered the misbehave of their system.Â
Privacy settings affect every user and FB should design each new function or each disclosure with systematic impact analysis. There should be a clear document listing how each activities is displayed to friend and the public. FB should notify the user community what impact a new system feature will bring to such disclosure.Â
The idea that we letting FBÂ continuously fixing their system scares me. Privacy should start with impact analysis and robust testing before thing happen.Â
Â
Â
Â
Â
Â
Â
Â