Bright Stove

Reflecting information risk journey

Archive for April 2007

Talking about the Windows Live Messenger campaign

leave a comment »

I heard about this i’m program recently, but didn’t really understand how it works until now, when I accidentally bumped into the i’m web site. This program allows all of us to be involved in helping the people around the world who need helps, by leveraging what Microsoft have and willing to offer. So I think it is worthwhile to get involved. To learn how, read the following and follow-thru’ the instruction. 



Written by mengchow

April 30, 2007 at 7:13 pm

Posted in Misc

Culture of Vulnerability (认识弱点的文化)

with one comment

上个月, 我到网络上的一家书店看到了一本书. 书名 “At Risk”, 处于危险中”. 这本书的内容是关于天灾与人类的弱点和弱点所造成的灾难. 这本书的封面用了一副闻名在日本和西方国家的大海浪大海嘯的木雕. 这副木雕是出名的日本艺术家”Katsushika Hokusai”1830年所雕刻的. 它含有五项要素.


一是灾难, 这是没有明显的被雕出. 对人们来说, 渔船被沉没或渔夫被淹死都是可怕的灾害. 雕刻所绘出的是人们在这种风险中生存与及保护他们的所有的斗争.

二是危险. 这副雕刻绘述了不只是海嘯, 还有后面的富士山,它所能发动的地震. 这都是人们所关注的.

三是弱点. 这关系到人们在这些危险狀况的弱点, 包括社会,经济,和物理,都对人们有很大的影响.其中也会有些匪徒趁火打劫,从祸害中盗取利益.


一就是他们的容量和弹性. 我们可以在雕刻里的船身设计, 以及渔船上的划手们把奖子格成一个晶格来挡浪看到了渔民们的反应,利用这些设备和反应来提升他们的容量和弹性.能够在这种危险中生活.



在前三十年的信息不安全的历史里, 我们也自身体验或读过各种IT灾祸, 被黑客或计算机病毒攻击的风险,IT系统,软件,人员,和用户的弱点. 但在容量和弹性,及文化中, 我们还没达到同样的效果. 要得到信息安全, 我们必须对IT方面的灾难,危险,及弱点有更大的了解与认识,也必须拥有同样的安全的风俗习惯和文化, 才能响应到一直在变化的安全问题.

Written by mengchow

April 28, 2007 at 6:22 am

Posted in Awareness

Book town (书城一游)

leave a comment »

GJ-20070324 008I was in Guangzhou in late March for a customer visit, and got an opportunity on a Saturday morning to do some sightseeing around town before continuing with my business travel in the country. As usual, my favorite tour spot is the book store. In Guangzhou, and most cities in China, instead of book stores, they have book town (书城). I visited the book town at Tian He (天和), and the first sight upon arrival was a big crowd of job seekers outside the main book mall (see photos below.) They were all crowding around make-shift stalls where job offers were posted, and registration were being taken.
The book mall is five stories high, all stuffed with books, from kids educational material to serious academic books and references. At the 5th floor is a small English books outlet.
I went to the computer science section and discovered a bookshelf (of about 3 meters width and 1.5 meter height) of computer/information security GJ-20070324 013books, all in Chinese. It has three sub-shelves, and about two-third or more of it contained various kinds of hacking and hacker related books, and less than one shelf of protection related stuff. Of those hacking related books, a small portion is translated books, i.e., those that we can find in popular book stores in Singapore and the US. The rest are locally published books. See photos below. They include detailed information on exploit developments, use of exploit tools, etc., with little information on how to implement security, or secure the various platforms or applications discussed. This imbalance in the kind of information/computer security related material on the bookshelves is a concern. It could be indirectly promoting learning the exploit tactics without really improving understanding of security protection.
2007-03-24 007Having said that, of the relatively small number of protection related material available, there were a few publications from universities that provided comprehensive treatment of information security as a knowledge domain, including material on China’s information security development and status, all in Chinese though.
Reflecting upon the above observations, I wonder how many jobs being offered and sought outside the book mall was security or hacking related. Maybe the disproportion of security versus hacking knowledge distribution in the book mall doesn’t really matter after all. Or maybe it does. I enjoyed the rest of the day at the computer mall after picking up a few of the protection related books that provide some insights on the development in China.

Written by mengchow

April 19, 2007 at 8:50 pm

Posted in Books

%d bloggers like this: