Fake HKCERT email
By now, it has been widely reported in the media that there was a fake HKCERT email advising recipients to patch the recent Adobe Flash vulnerability and a fake patch was attached. I tried to look at what HKCERT has been taking in order to protect its email domain. Unfortunately, HKCERT does not use Sender Policy Framework to specify what IP addresses and domains can use "hkcert.org" as the sender domain in the email header. HKCERT has learnt a lesson in hard way.