HSBC pays little attention to the prevention of email phishing.

I received an email from HSBC about annual service fee.  Usually, if I receive an email from a bank, I will open the email header to identify if it is really coming from a bank or it is just a phishing email.  For the HSBC's email, the sender domain is checked ok.  However, there is no DKIM messages in the email header.  To probe further on email protection, I tried to dig the SPF records of hsbc.com.hk.  Oh no, its SPF is based on "soft fail".  That is a poor setting.   Without the proper use of SPF and DKIM, I can conclude that HSBC pays little attention to the prevention of email phishing.



I hate Windows Blue Screen of Death (BSOD).   Just yesterday, one Windows 7 experienced BSOD three times a day.  After reboot, I decided to use BlueScreenView to look at the dump file.  It was shown that the driver athurx.sys caused the hang up.  The driver was used by TP-LINK wireless adaptor and the remedy was to re-install the latest driver from TP-LINK website.  Seems resolved now but have to wait for some more days to verify the stability.


Resources Public Key Infrastructure (RPKI)

My colleagues in HKSAR Government have successfully signed the routing prefixes with RPKI and the results could be checked over Hurricane Electric's BGP portal.

I guess the HKSAR Government is the first entity in Hong Kong to adopt RPKI signing to secure the global routing infrastructure.  RPKI signing is just one part.  For routers to be able to validate RPKI, the routers must be able to support RPKI and there is a need to establish an RPKI-validating cache server with trust anchors of the five RIRs configured.  Again,  I have no doubt that the Government will be the first entity in Hong Kong to adopt the full set of RPKI configurations.


Hotmail and Yahoo email service

A female boss (Miss Erica Yuen) is recruiting an assistant in Facebook.  One statement she made is that " If you are using Hotmail or Yahoo Mail, sorry that you will not be considered. If you can tolerate such poor email service, you are not the kind of person I am looking for."

I have to report this to senior people in Yahoo in US. 


multiple servers for a website

I find the following announcement in a popular website very crazy:

"Dear members,

We have added more servers to deal with traffic increase.  Please remember to access the domain names vip.abc.com, www2.abc.com, www3.abc.com and www4.abc.com. "

It is absolutely not necessary to ask members to memorize the additional domain names. Users will be confused about which one to use at a particular time.  Just a single domain name "www.abc.com" will be fine and with the use of DNS round robin pointing to several IP addresses, the loading of the servers can be evenly distributed.

Just take a look at www.cnn.com:

[localhost~]# dig www.cnn.com +short

Can't stop myself from laughing....


The first three IPv6 websites in HK

Here is the screen shot of the first three IPv6 websites in HK registered with sixy.ch dated back about 1000 days ago.

My managed website bya.org.hk came as the second.  Great work.


US Government IPv6 Deadline

The US Government previously imposed a deadline that by 30 Sept 2012, all Federal agencies must have their public-facing servers running on IPv6.  The deadline has passed already.  Less than 30 % of Federal websites are operating with IPv6.  The situation of mail and DNS servers are even worse. This is the statistics provided by NIST one week ago.

A question remains.  How to push these Federal agencies to quickly deploy IPv6?