Passed CISSP Exam

I received notice from ISC2 that I passed the CISSP Exam. The next step is for me to submit resume stating at least 4 years of experience related to security and find a professional to endorse my submission. The process might take another month. I am busy right now. My submission will be prepared in the coming 2 weeks.


Virus Notice

I received a strange email attaching with a virus. The sender tried to lure me to click and open the attachment. Of course, this is a trap.

------------------------- Quote ------------------------
Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service



hacker.com and hacker.net for sale

This is not a joke. It is real. The two most controversial domain names are now open for hackers to bid :



I took ISC CISSP Exam today. The exam paper consisted of 250 questions to be completed in 6 hours. I finished al my work during the first 3 hours and I used one hour to go through the whole set of questions again. As a result, I left the exam center two hours earlier.

The questions were not really difficult but tricky. If I tried to read the questions 2 or 3 times, I could be able to pick the key words and the distractors. On the whole, I am confident that I could score more than 700 marks out of 1000 to get a pass. The results will be known to me in 4 - 6 weeks.

One thing I am not happy about the CISSP Exam is that the exam fees of US$499 and US$599 are far too expensive compared with exams conducted by other international IT bodies. If I fail, I would not take another attempt due to huge finance burden.


Most Popular Trainer Survey

California Fitness Center is now conducting a member suvery on most popular instructors. I have casted my votes for my favourite trainers as follows :

Hi Lo : Bibi
Reason : She is nice and friendly.

Step : Bibi
Reason: Her techniques make people surprise.

Cycling : Stephaine
Reason : clear instructions and easy to follow

Body Pump : Stephaine
Reason: nice and friendly smile

Body Combat : Yvonne
Reason: Best trainer in California.

Mind and Body : Yvonne
Reason: Best trainer in California

Dance : Utah
Reason: She is really a professional dance trainer.

The results will be announced in early November. I guess Bibi, Stephaine, Utah and perhaps Micehelle Dean might stand out to win some prizes. I have to pray for Yvonne.


Google + Youtube

I tried to look at tarffic graphs of Yahoo, Google and Youtube and came up with some thoughts.

There is no doubt to me that after combining with Youtube, Google has beaten down Yahoo and is now the world first ranking site.

Wooo, Youtube has an astonishing traffic growth of 20 billion hits per month.


Found DoS attack on web server

My web server logged the following attack couple of days ago :

TCP: Treason uncloaked! Peer shrinks window 3626183180:3626183181. Repaired.
TCP: Treason uncloaked! Peer shrinks window 3637349364:3637349365. Repaired.
TCP: Treason uncloaked! Peer shrinks window 3636828911:3636828912. Repaired.
TCP: Treason uncloaked! Peer shrinks window 3633561645:3633561646. Repaired.

The attacker was using a spoofed IP address which is unallocated. In this attack, the remote host was trying to shrink the TCP window size for some malicious purpose.

To avoid any attacks involving internal IP addresses or spoofing IP address by unallocated ones, or Class D addresses, I decided to input these lists for iptables to screen them out.


Authenticaion System

Authentication is based on three factor types: Type 1 is something you know, Type 2 is something you have and Type 3 is something you are.

A typical example of Type 1 is password whereas biometrics are based on the Type 3 authentication mechanism. I can't recall any Type 2 example. Can smart card systems be one of them ?


Tiger Team

I came across Tiger Team when reading some books on computer security. Tiger Team is a team of experts employed by a company to test the security of computer systems. They are hackers with a legitimate purpose. However, the term Tiger Team is seldom used nowadays. Instead, these people are called penetration testers and security testers.


Suggestions to Les Mills

I have suggested the following songs for BC to Les Mills in their official web sites :

Track 9 - I hate myself for loving you (Joan Jett)

I can imagine lot of funs doing push up and crunch with this song following the strong beat.

Track 10 - Soldier of Fortune (Deep Purple)

This is a perfect song for the cool down part. Very gentle, soft and touching.

I think tracks for BC30 and BC31 have been selected. My suggestions, if selected, will only appear in release 32 or later.


Track Combination

She made it. Tina passed her Body Combat exam yesterday.

The track numbers for test are 1,2,7,8,9. I can imagine this kind of track combination is decided by Micehlle Dean. I really admire her talent in the selection. The reasons are :

Track 1 - An instructor must be able to tell the group how to get themselves warm up in the upper body and the lower limbs.

Track 2 - The transition from warming up to beginning to combat requires special step by step guidance. Track 2 is not really a power track but it is a step forward to releasing the highest energey later on.

Track 7 - Knowing how to lead the group to play Muay Thai in a stylist way is definitely a good attribute of an instructor as we all know Muay Thai is a great part of BC.

Track 8 - This is the last power track. It is good to see if the instructor is exhausted up to this stage.

Track 9 - Conditioning. Conditioning is important in training our various muscles and instructors must be able to show us how to perform the bicep and tricep push up plus ab crunch. Actually, I like to attend 1 hr class instead of 50-min class where the latter could not provide conditioning




Google 已經將答案揭開了,是120 億港元。你認為這個價錢是值得嗎 !


New freeBSD Logo

I do not like the new freeBSD logo.

Take a look at the past logo which is a smiling friendly red devil, a more appealing one.

Some said that the little red daemon did not make a professional impression. I disagreed. The logo is fine to indicate that freeBSD is in fact handling server (daemon) tasks.


Soft launch of .hk Chinese Domain Name

I received notification from HKDNR about the immediate soft launch of the .hk Chinese Domain Name. This has been delayed for 9 months if I can remember correctly. The original schedule promised by HKDNR was early 2006. Why was there such a long delay ??

The registration fee of ‘.公司.hk’, ‘.組織.hk’, ‘.網絡.hk’, ‘.政府.hk’, ‘.教育.hk’ is $200 per year; and for ‘.個人.hk’ and ‘.hk’ registration fee will be $150 and $250 respectively. I am not happy about charging $250 for a second level .hk domain registration. It should be charged at $200 only.


Symmetric key management

A general question I always have in my mind about symmetric key management is how many keys are required for a network with n network nodes. People familiar with cryptography can say right the wayit is ( n * (n-1)/2). I am too old to recall the mathematics behind it . What I can do is to draw a picture to prove that in a 4-node network, there are 6 keys required in order to help me to memorize n * (n-1) /2.

This generally raises the question of the immense difficulty in symmetric key management if the number of network node is large, lets say over 20. Yes, that's why asymmetric key in the form of a private key paired with a public key (PKI) is commonly preferred for secure communications over the Internet.


Top ranking web site

Alexa.com (http://www.alexa.com) can allow people to enter a web site name and searh the site ranking based on traffic. A couple of days ago, I thought google.com would be the top site in the world and upon submitting, Google.com was ranking 3 only. Hmmm, without hesitation, I realized that it might be yahoo.com that attracts the highest traffic in the world. Yes, the search result showed that yahoo.com had the highest ranking. The average hit rate per day is over 300 billions.

Which web site will rank second after yahoo.com ? If it is not Gooogle.com, which one will it be ?