今日,各大媒体争相报道英国数据光盘丢失事件,该事件是历史上罕见的数据泄漏事件。目前为止,税务和海关总署署长保罗.格雷已辞职,首相布朗的信任度也受到极大的伤害…参看新华网的报道。
又据Gartner的估计,在银行方面的直接经济损失(关闭帐号、另开帐号、更换信用卡等) 就可能高达5亿美元(500M$)。Gartner的专家Avivah Litan估计每个帐号20美元应该属于保守的估计…
以下是新浪的报道.http://www.sina.com.cn 2007年11月23日09:58 央视《今日关注》 Read more…
Today I addressed on TelecomSec 2007 summit at Beijing. My topic is “Security As A Service of telecom operators”. Here is the slides I used.
Actually I began to thinking security value-added services by telecom operators when I worked for China Telecom before 2000. At that time, it’s only an idea, because the focus of management of China Telecom was totally to grow up number of subscribers and the revenue, without much interests to value-added services.
At Telecomsec 2006, just a year ago, I addressed on “Value of Telecom Security “. I do believe it’s time for China telecom operators to roll out security value-added services. Because the growth of subscribers and ARPU have been shrinking. How to grow benefit and improve user loyalty are the pain of telco executives. At the same time, along with the projects of ITSM inside telecom operators, operation maturity and internal governance have been improved a lot, compared against a couple of years ago. Read more…
After months of maintenance of two blogs of Chinese and english, I decided to merge them into one bilingual blog, where I use category “Chinese” and “English” to indicate the language of that post. Because WordPress 2.3 has built-in support of TAG, so I will use “TAG” to quickly identify the post content.
I like the default theme along with the installation of WordPress. However, I like to have my blog a different appearance and feeling. Say, how about this theme – “Sleep Blue” by eyoung? Do you like the new one? Thanks to eyoung.
It’s a surprise news, but it’s predictable. In recent years, CA‘s business in China, Taiwan, Hongkong keeps shrinking one year after one year. Cliff left the company at 2004 due to bad performance. Unfortunately, his successor, Eric, from Sun, the former VP, AP services, failed to stop the slipping of business, further worsen the business in this region.
Today, CA closes its offices at Taiwan, Philipine, Indianisia, and etc., while the headcount of CA China has been cut greatly. What’s pity for this previous software giant.
Please read the below news report. Read more…
Nov. 22-23, the annual conference – Telecom Security Summit 2007 will be happening at Jingdu Xinyuan Hotel, Beijing. At this conference, officers and experts from governance, China Mobile, China Telecom, China Netcom, Huawei, IBM, CA and etc. will present on telecom and security topics, covering security management and communication networks, trustworthy networking, identity and authentication, and etc.
As one of the speaker of this summit, I will address on “Security As A Service” at morning, Nov.23. Under this topic, I hope to illustrate what’s the real security requirements of enterprises and how to make it from telecom operator perspective.
WordPress 2.3发布后,相信很多博客都争先恐后地升级到了最新的版本。其中除了其它众多的更新和漏洞修复外,2.3中对Tag的支持也是大家期待和喜欢的原因。虽然以前有Ultimate Tag Warrior这样的插件也可以实现Tag功能,但是安装和配置都很麻烦,很多人就放弃了。现在好了,有了2.3,Tag支持在安装一开始就有了。
升级到2.3后,在编辑界面上,主编辑框的下面,就出现了一个Tag的输入窗口。然后到模板显示配置部分,可以看到有个widget叫Tag,将它拖到sidebar上。这样,Tag Cloud就在主页出现了。
可是,这样升级后,我发现在主页面上,Tag却没有出现在每篇日志上。这到底是怎么回事呢? 这篇文章详细解答了这个问题。
原来,需要自己到当前的模板上,在wordpress的主循环main loop中添加:
<?php the_tags(‘before’, ’separator’, ‘after’); ?>
这里, ‘before’是指在tags之前需要显示的东西,例如”Tags:”. ‘after’是指在tags后面要显示的,例如什么也不显示,或者一个回车’<br>’. 中间的’separator’就是分隔符了,逗号,竖线都可以。
我修改了index.php, 和single.php后,tags就在主页面和单日志网页显示出来了。Thanks to Rich !
John Schiefer,26岁,来自美国洛杉矶,网名是“”acid” 或 “acidstorm”。
前不久,他向机关和媒体承认运行了超过25万计算机组成的僵尸网。他通过两个IRC的聊天室”#bottalk” and “#rizon,”来控制他的庞大僵尸网,用以盗窃用户的帐号、口令、信用卡号等。John声称他主要使用AIM的漏洞来扩张他的僵尸网,发送链接给目标用户群,诱骗他们点击,点击后botware或trojan木马就下载到了他们的计算机上,潜伏下来。
先前John曾在洛杉矶的Internet电话公司 – 3G Comm工作,主要是为公司的商业客户提供安全保护。由于John的特殊身份,这则报导带来了大量的讨论,职业安全顾问们值得信任吗?他们都在做什么? Read more…
美国贸易委员会发表的白皮书”保护个人信息-商业指南”,ftc.gov,指出,一个好的数据安全计划应建立在下面五个关键原则之上:
1.Take stock. 要求收集整理计算机和文件中到底有那些个人信息
2.Scale down. 说起来也简单,就是尽可能少地保留个人信息。
3.Lock it
4.Pitch it
5.Plan ahead
这几点看起来不难,可是想全部作到,可真不容易。
这个白皮书特别针对数据的收集、整理、裁减、保护、消毁、计划等环节,使用非技术语言、深入浅出地讲解了各个环节的要点。
PCI的全称是Payment Card Industry, 是信用卡相关的一项符合性标准。目前我尚不清楚到底有多少个国家实施了这个标准,北美是要求的。这个标准在硬盘里休息了很长时间,今天在飞机上终于有时间将它打开读了起来。我手里的版本是2006年9月份的。
笼统看,PCI 数据安全标准(DSS)共有6组12大要求,覆盖了从建设、到运营和策略的很多方面。相对于BS7799/ISO7799/ISO27001和CoBiT等,它的要求显得很朴实直接、具有很高的操作性。下面就是那6组12大要求,中英文对照: Read more…
Recent Comments