Maintaining system security is a daunting task

It is an unfortunate reality that most enterprises will suffer a breach of security at some point. To bypass security, an attacker only has to find one vulnerability in any system. But to guarantee security, a network administrator must make sure 100 percent of time that 100 per cent of the systems are invulnerable. Who else would like to be an network administrator ?


花 灑 式 電 熱 水 器 勿 加 裝 水 掣

這是來自蘋果日報的導,非常益智 :

花 灑 式 電 熱 水 器 已 附 設 特 別 開 關 水 掣 , 若 花 灑 式 電 熱 水 器 的 出 水 喉 管 加 裝 其 他 一 般 使 用 的 開 關 水 掣 , 或 接 駁 至 洗 手 盆 或 浴 缸 , 當 水 掣 被 關 上 時 , 儲 水 缸 通 往 大 氣 的 通 道 便 會 被 阻 塞 , 在 此 情 況 下 , 若 行 溫 器 發 生 故 障 , 儲 水 缸 內 的 水 便 會 不 斷 加 熱 膨 脹 。

由 於 水 掣 被 關 上 , 壓 力 無 從 釋 放 , 儲 水 缸 無 法 承 受 不 斷 增 加 的 壓 力 , 可 能 發 生 爆 炸 。


Harvest Killer

Fight SpamBots!

Fight SpamBots!

Webmasters can help fighting spam by giving a URL link to a page that randomly generates 100 bogus email addresses each time it is visited. Email harvesters (also known as spambots) will crawl this page and store all of these hundred bogus email addresses in a database. If more webmsaters can offer assistance, spammers' database could be filled up wiuth a huge number of invalid email addresses. Would that be effective ? Might not be ! But at least, webmasters have joined together to give spammers some trouble !


Cousin domain names

Cousin domain names are registered by fraudsters in creating phishing web sites. Their domain names look essentially very similar to those of banks and other finance companies. "visa-security.com" is one such domain to fool email users to believe it is a web site of visa. "hkhsbc.com" is another trying to mak the domain looks like "hsbc.com.hk". Watch out cousin domain names in the address bar of your browser.


Bon Jovi

近 期有機會回味Bon Jovi 的 rock 歌曲,總覺得 Bon Jovi 是繼 Deep Purple、Led Zepplin 之後最有水準及技術的 rock band,經典之作首選是 blaze of glory,然後是 wanted dead or alive, it’s my life, run away, living on a prayer, one wild night 2001 及 you give love a bad name。


Firefox 100 million download

Congratulation to Mozilla Foundation to have Firefox browser download count reaching 100 million. Let's hope the 1.5 version to be released will give us more features and functions.


Sender Policy Framework

If you are famililar with SMTP protocol, no doubt you realize that spammers can give any valid domains in the "mail from" field as a way of forging the sender email address in spamming. Meng Weng Wong has come up with a solution called Sender Policy Framework (SPF) for sender domain authentication. To this end, the DNS record of every Internet server should be associated with some text strings to denote what IP addresses are allowed to use that domain name in email delivery. Existing DNS software such as Bind 9.X can cope with SPF. Not sure about Microsoft DNS. SMTP servers need to be upgraded to make them SPF-enabled by way of reversing MX lookup.

This new technology could somehow reduce the amount of email spam. Thanks to Meng Weng Wong again.


陳慧琳 Red 新曲+精選

偶然行過一間唱片店,被陳慧琳 "Red 新曲+精選" 吸引,這己是2003年出品的3CD套裝,共收錄38首經典大熱作品。價錢呢,一百元有找,非常超值


Webmail encryption

Yesterday, a pro-democracy group went to Yahoo ! Holdings (Hong Kong) Limited to protest against the release of important information about an email to the Chinese law enforcement agency, leading to the arrest of a journalist in China. This has aroused attention on encryption on webmail. Basically, Yahoo mail is web-based and it is not possible to use client digital certificate.

As far as I know, the only solution to encrypt webmail is to deploy PGP (Pretty Good Privacy), a licesned copy charged at US$30. Once the key pair for an email address is generated, it can be used for the whole life time. In my opinion, it is still cheaper than using client digital certificate which requires renewal on an annual basis.


.hk domain name free for 5 years

HKDNR today announced the "We care We Share" program to waive .hk domain names for charitable organizations for 5 years. It's not much indeed, just a saving of HK$1000 over the period. According to the info in HKDNR web site, applications will still be assessed, based on the nature of the organization, the need of the domain name to the organization and the benefits that will bring to the community in Hong Kong.

As this is to help charity community in Hong Kong, why not consider permanent waiver !


Bering Firewall

Last week, I saw an online video about Bering Firewall. It is based on Shorewall Firewall. Any old PCs with Pentium 100 MHz CPU and 32 MB RAM and 2 NICs could be used as Bering Firewall. The user configuration menu, depsite text-based is easy to follow and understand. The log status page is presented as a web page with lot of clickable links to retrieve more detailed information.

I am greatly impressed by the powers of Bering Firewall.


Promote Opera

I intend to add a button to promote the use of Opera in the Internet community. The display graphic says Opera is the fastest browser on Earth. That's true.