Key learnings from JP and TW botnet experiences
Cyber Security Intelligence from botnet observations
Design A Hack Proof Password Storage
Recent security breaches further confirm that a password alone is not an effective security measure. An increasing number of cyber attackers are going after the password storage, be it a file or a database. Password storage once exposed, results in an impact that has been shown to be catastrophic. Password storage facilities today need to …
Who is winning the personal cloud storage price wars? (chart)
Storing data on the cloud is essential for most people. Do you have strategy on data classification, searching, indexing, or data backup?
Is this a Cold War in knowledge age?
Two news report this week call up the term Cold War. First, Reuters reported that U.S. may act to keep Chinese hackers out of Def Con hacker event. Then China strike back State-owned enterprises banned from working with companies such as McKinsey because of fears they are passing on commercial secrets to Washington. Obviously, we see …
Soon will come the software defined transaction (SDT) age.
“It’s comforting to imagine that, in the end, the power of innovative technologies and business models will win out over status-quo thinking and entrenched interests, all for the public good.” From a security and risk management point of view, a central or using the author’s words “the powers that have traditionally controlled those transactions” provides …
Soon will come the software defined transaction (SDT) age. Read More »
Privacy has bee…
Privacy has been described as an “adjustment process” in which humans continuously adjust the views of themselves that they present to others. Steering Committee on the Usability, Security, and Privacy of Computer Systems; National Research Council. Toward Better Usability, Security, and Privacy of Information Technology : Report of a Workshop.
Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations
ISO 29100:2011 Privacy Framework is now a public available document and it offers a comprehensive framework. Hong Kong and Singapore Gov both enacted privacy regulations, I compare both regions’ privacy protection requirements with ISO29100. Below is a summary table. Will write more on each comparison later. ISO 29001:2011 Eleven Privacy Principles Singapore Nine Data Privacy …
TLS design weakness affecting client side authentications
A team of security research discover a weakness in TLS design, quote form their website “A is malicious, it can choose a non-prime group such that the resulting PMS is fully under its control. if a malicious server Amounts a UKS attack to obtain two sessions (one with C and the other with S) that share the same MS, ciphersuite, …
TLS design weakness affecting client side authentications Read More »
Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS)
Digital certificate is widely used and the Internet cannot work without it. However, PKI (the framework digital certificates based on) has lots of issues. Last year in ISO SC27 meeting at ENISA there was a special meeting on PKI. Many issues are only raised without a conclusion, same as most issues brought international meetings. How …
Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS) Read More »