Wednesday, October 31, 2018

Windows 10 Insider Preview 17763.107 (RS5) (1809) (Oct 2018 Update) (2018-10 CU) to Slow Ring released

image

Print Friendly and PDF
Share/Bookmark

Sunday, October 28, 2018

How to enable sandbox for Windows Defender on Windows 10 and also how to check it is running in sandbox?

1. Run command prompt under administrator right

2. setx /M MP_FORCE_USE_SANDBOX 1

3. Reboot the machine

image

4. Done


To verify the Windows Defender running under sandbox:

1. Go to download process explorer https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

2. Run process explorer under administrator right

3. Right on the menu click “select columns”, then tick the box “Integrity Level”

image

4. The process “MsMpEngCP.exe” will under AppContainer

image


Reference:

https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/

https://www.zdnet.com/article/windows-defender-becomes-first-antivirus-to-run-inside-a-sandbox/

https://www.howtogeek.com/fyi/windows-defender-now-offers-ultra-secure-sandbox-mode-heres-how-to-turn-it-on/

https://www.thewindowsclub.com/sandboxing-windows-defender

Print Friendly and PDF
Share/Bookmark

Thursday, October 25, 2018

Google Chrome 70 support Progressive Web Apps (PWA) installation on Windows

After you go to https://mobile.twitter.com/ , you will find he Google Chrome menu have a “Install Twitter”. After the installation, you will see the shortcut under recently added and you pin it to start menu, the ICON become Google Chrome and mark “Twitter”.


pwa Print Friendly and PDF
Share/Bookmark

Windows 10 Insider Preview 18267 (19H1) to Fast Ring released

image

Print Friendly and PDF
Share/Bookmark

Nokia 3 receive Google Security Patch (Oct-2018)

Screenshot_20181025-072301[3647]

Print Friendly and PDF
Share/Bookmark

Windows 10 Insider Achievements Badge – Flight Lieutenant have been released

image

Print Friendly and PDF
Share/Bookmark

Windows 10 Insider Preview 17763.104 (RS5) (1809) (Oct 2018 Update) to Slow Ring released


image Print Friendly and PDF
Share/Bookmark

Tuesday, October 23, 2018

Windows 10 on World Dream Cruise

Dream Cruises is Asia's cruise line that aims to redefine vacation travel with a transformational journey at sea

World Dream launched in November 2017, offering guests the highest levels of service and spacious comfort in the region.

It is also equipped latest and greatest technology.. Cisco AP, FernTel IP Phone (Outdoor), Mitel IP Phone (Indoor), MICROS Systems – Oracle (POS), Of course Windows 10 anywhere.


IMG_20181020_104641196[3332]

PhotoBooth by Windows 10:

IMG_20181020_165128996[3333]

IMG_20181020_165137033[3334]

Windows 10 in control room

IMG_20181020_103938424_HDR[3335]

Print Friendly and PDF
Share/Bookmark

Thursday, October 18, 2018

Windows 10 Insider Preview 18262 (19H1) to Fast Ring and Skip Ahead released

image

Print Friendly and PDF
Share/Bookmark

Wednesday, October 17, 2018

Moto G5 plus – Android 8.1 Oreo update released

Screenshot_20181017-154757[3314]

Print Friendly and PDF
Share/Bookmark

Hong Kong Exchange and Clearing (HKEx) connection - Securities Market

BROKER SUPPLIED SYSTEMS (BSS) e.g. Ayers

https://www.hkex.com.hk/Services/Trading/Securities/Infrastructure/Overview/List-of-Broker-Supplied-Systems-(BSS)-Vendors?sc_lang=en

HKEx Orion Central Gateway (OCG) (In the past, it is Open Gateway (OG))

clip_image001

M Machine – AMS Client (AMS/3) (*AMS/3 -  the third generation of electronic stock trading system introduced in October 2000)

https://www.hkex.com.hk/-/media/HKEX-Market/Services/Trading/Securities/Infrastructure/Overview/New-Securities-Trading-Device-(NSTD)/NSTD_Information_Paper_e.pdf?la=en

clip_image002

https://www.hkex.com.hk/-/media/HKEX-Market/Services/Trading/Securities/Infrastructure/Orion-Trading-Platform-Securities-Market-OTP-C/OTPC/OTPC_Information_Paper_e.pdf?la=en

Throttles - The throughput rate of OCG messages into OTP-C through OCG is governed by a throttle mechanism

Securities and Derivatives Network/2 (SDNet/2) or HKEX Service Network (HSN) which are used for connection of China Connect Central Gateway (CCCG)/Orion Central Gateway (OCG)

China Connect Exchange Participants (CCEPs)/Tradethrough Exchange Participants (TTEPs)

Broker-to-Client Assigned Number (BCAN) and Client Identification Data (CID) files

HK Market:

ORION CENTRAL GATEWAY (OCG)

https://www.hkex.com.hk/Global/Exchange/FAQ/Securities-Market/Trading/Orion-Central-Gateway-(OCG)?sc_lang=en

HK-China Market:

China Connect Central Gateway (CCCG):

https://www.hkex.com.hk/-/media/hkex-market/mutual-market/stock-connect/reference-materials/technical-documents/cccg-specifications/cccg_overview

clip_image003

Orion Market Data Platform – Securities Market (OMD-C)

China Stock Connect (CSC)

Shanghai Stock Exchange (SSE)

Shenzhen Stock Exchange (SZSE)

clip_image004

Hong Kong Securities Clearing Company Limited (HKSCC), as a securities settlement system (“SSS”) operator

Hong Kong Futures Exchange Limited ("HKFE") - HKFE Clearing Corporation Limited (HKCC) to operate a clearing house for the purpose of clearing all trades concluded on the markets

Connectivity Guide HKEX China Connect Central Gateway Platform

https://www.hkex.com.hk/-/media/hkex-market/mutual-market/stock-connect/reference-materials/technical-documents/cccg-specifications/hkex_cccg_connectivity_guide

FAQ

https://www.hkex.com.hk/-/media/HKEX-Market/Mutual-Market/Stock-Connect/Reference-Materials/Technical-Documents/CCCG-Specifications/CCCG_FAQ.pdf?la=en

Interface Specifications HKEX China Connect Central Gateway Platform Binary Trading Protocol

https://www.hkex.com.hk/-/media/HKEX-Market/Mutual-Market/Stock-Connect/Reference-Materials/Northbound-Investor-ID-Model/HKEx_CCCG_Binary_Trading_Interface_Specifications_v1_2-(20180215).pdf?la=en

Section A – Notes to the Application

https://www.hkex.com.hk/-/media/hkex-market/mutual-market/stock-connect/reference-materials/forms,-checklists-and-procedures/device-and-service-application-forms-and-explanatory-notes/cccg-application-forms/explanatory_note_of_cccg_application Print Friendly and PDF
Share/Bookmark

Ricoh Hong Kong Smart Backup Service (Backup to Cloud Service)

Ricoh HK Smart Backup Service (Backup to Cloud Service):

https://ricoh-solutions.hk/en/solutions-n-services/cloud-services/

There are 30 days free trial promotion:

https://ricoh-solutions.hk/en/solutions-n-services/cloud-services/ricoh-smart-backup-service-30-day-free-trial/


The Service login page:

image


image

You will assign 100GB for trial.

The platform was powered by Acronis AnyData Engine


image


The software agent for different platform:

image


image


Backup Agent on Mac OS

image Print Friendly and PDF
Share/Bookmark

Monday, October 15, 2018

Global Navigation Satellite System (GNSS) and related information

Global Navigation Satellite System (GNSS)
US GPS
Russian GLONASS
China BDS
EU Galileo

Regional Navigation Satellite System (RNSS)
Japan Quasi-Zenith Satellite System (QZSS)
India NAVIC


Global Positioning System (GPS) is a navigation and tracking system that uses satellite conections and radio waves. This system can compute the exact geographic coordonates of a object or person on the surface of the earth as long as it has a device that contains a GPS receptor.

Assisted Global Positioning System (AGPS or A-GPS) is a system that often significantly improves the startup performance—i.e., time-to-first-fix (TTFF)—of a GPS satellite-based positioning system. A-GPS is extensively used with GPS-capable cellular phones.

Location-Based Service (LBS) is a tracking system that uses mobile phone signal. The tracking is done  by using GSM cell towers of local mobile phone service providers. Tracking through LBS is less precise when compared to GPS because the device estimates its position in the area of the cell tower.

GLONASS or "Global Navigation Satellite System", is a space-based satellite navigation system operating in the radionavigation-satellite service. It provides an alternative to GPS and is the second navigational system in operation with global coverage and of comparable precision.

中国北斗卫星导航系统 BeiDou Navigation Satellite System (BDS) BeiDou-3 will eventually consist of 35 satellites and is expected to provide global services upon completion in 2020. When fully completed, BeiDou will provide an alternative global navigation satellite system to the United States owned Global Positioning System (GPS), and is expected to be more accurate than the GPS.

Galileo is the global navigation satellite system (GNSS) that is being created by the European Union (EU) through the European GNSS Agency (GSA),headquartered in Prague in the Czech Republic, with two ground operations centres, Oberpfaffenhofen near Munich in Germany and Fucino in Italy.


Quasi-Zenith Satellite System (QZSS) is a project of the Japanese government for the development of a four-satellite regional time transfer system and a satellite-based augmentation system for the United States operated Global Positioning System (GPS) to be receivable in the Asia-Oceania regions, with a focus on Japan.


The Indian Regional Navigation Satellite System (IRNSS), with an operational name of NAVIC is an autonomous regional satellite navigation system


Satellite-Based Augmentation System (SBAS)

US Wide Area Augmentation System (WAAS) - GPS
European Geostationary Navigation Overlay Service (EGNOS) - GPS , GLONASS and Galileo
Japanese Multi-functional Satellite Augmentation System (MTSAT or MSAS) - GPS
Indian GPS Aided Geo Augmented Navigation (GAGAN) - GPS, GLONASS

The Wide Area Augmentation System (WAAS) is an air navigation aid developed by the Federal Aviation Administration to augment the Global Positioning System (GPS), with the goal of improving its accuracy, integrity, and availability.

European Geostationary Navigation Overlay Service (EGNOS) is Europe's regional satellite-based augmentation system (SBAS)

Japanese Multi-functional Satellite Augmentation System (MSAS), Multi-functional Satellite Augmentation System (MTSAT or MSAS) is a Japanese satellite based augmentation system (SBAS), i.e. a satellite navigation system which supports differential GPS (DGPS) to supplement the GPS system by reporting (then improving) on the reliability and accuracy of those signals. MSAS is operated by Japan's Ministry of Land, Infrastructure and Transport Japan Civil Aviation Bureau (JCAB).

Indian GPS Aided Geo Augmented Navigation (GAGAN). The GPS-aided GEO augmented navigation (GAGAN) is an implementation of a regional satellite-based augmentation system (SBAS) by the Indian government. It is a system to improve the accuracy of a GNSS receiver by providing reference signals.


Reference:

http://help.vonino.eu/what-is-gps-and-lbs-tracking/
https://en.wikipedia.org/wiki/Assisted_GPS
https://en.wikipedia.org/wiki/BeiDou_Navigation_Satellite_System
https://en.wikipedia.org/wiki/European_Geostationary_Navigation_Overlay_Service
https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System
https://en.wikipedia.org/wiki/Galileo_(satellite_navigation)
https://en.wikipedia.org/wiki/GPS-aided_GEO_augmented_navigation
https://en.wikipedia.org/wiki/MTSAT_Satellite_Augmentation_System
https://www.hkedcity.net/funpost/science_ahead/page_5b1674e0316e83bf4d000000
https://en.wikipedia.org/wiki/Indian_Regional_Navigation_Satellite_System
https://en.wikipedia.org/wiki/Quasi-Zenith_Satellite_System



Print Friendly and PDF
Share/Bookmark

Sunday, October 14, 2018

The 2018-10 Update for Windows 10 Version 1703 for arm-based Phone Devices have been released on my Lumia 640

wp_ss_20181014_0001[3303]

After apply the Oct update, it become 15063.1390

Print Friendly and PDF
Share/Bookmark

Nokia 5 receive Google Security Patch (Oct-2018)

Screenshot_20181013-215512[3301]

Print Friendly and PDF
Share/Bookmark

Tuesday, October 9, 2018

Regulatory requirement - IA, SFC and PCPD (with some HKMA and MPFA reference)

There are several area we need to consider when we design and setup our infrastructure:

(a) Information security policy

-> We need to have this policy within IT policy or separate a policy document. The document need to fit the regulatory requirement, market best practice, international security standard in design and control manner.

(b) Access control

-> User access control, identity and record management

-> Password policy and control

-> Network and system access control

-> Onboarding, change and off-boarding

(c) Encryption

-> Network transmission e.g. SSL, SSH……

-> Laptop HDD (e.g. bitlocker)

(d) Change management

-> Change management policy/procedure, better have a change management broad (CAB)

(e) User activities monitoring

-> System logging and audit log management

(f) System, Data backup and continuity planning.

-> Backup policy

-> DR site, data offsite…..

-> Regular restore test…

(g) Operation

-> All operation should have document and record for audit trail

-> Vendor management (Outsourcing)

(h) Cyber Security

-> Two tier firewall

-> 2FA

-> Patch Management

-> Encryption

-> Endpoint protection

-> Two tier antimalware solution

-> Zero trust network

-> Security Operation Centre (SOC) for logging, event management …

-> Incident management

-> Access control

-> Physical security

-> System, Data backup and business continuity planning (BCP)

-> User least privilege (Principle of least privilege)

-> DNS security

-> Password policy

-> Data encryption

-> Security Policy with management roles and responsibilities

-> Cybersecurity awareness training for internal system users

-> Cybersecurity alert and reminder to clients

-> Vendor management

(I)Internet facing service (e.g. Internet trading)

-> 2FA

-> Anti DDoS


Please check the following information for your reference:


Insurance Authority (IA)

Guidelines (GL) – Previous call Guidance Notes (GN)

https://www.ia.org.hk/en/legislative_framework/guidelines.html

For IT related, please focus on GL8, GL10 and GL14

https://www.ia.org.hk/en/legislative_framework/files/GL8.pdf

https://www.ia.org.hk/en/legislative_framework/files/GL10.pdf

https://www.ia.org.hk/en/legislative_framework/files/GL14.pdf

Security:

Cyber Intelligence Sharing Platform

https://www.ia.org.hk/en/legislative_framework/circulars/reg_matters/files/cir_20170517.pdf

Also, Insurtech applications:

https://www.ia.org.hk/en/aboutus/insurtech_corner.html


Securities And Futures Commission (SFC)

SFC:

Information Technology Management Issues to be considered by licensed corporations

https://www.sfc.hk/edistributionWeb/gateway/EN/circular/openFile?refNo=H569

Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading:

https://www.sfc.hk/web/EN/assets/components/codes/files-current/web/guidelines/guidelines-for-reducing-and-mitigating-hacking-risks-associated-with-internet-trading/guidelines-for-reducing-and-mitigating-hacking-risks-associated-with-internet-trading.pdf

Cybersecurity:

https://www.sfc.hk/web/EN/faqs/intermediaries/supervision/cybersecurity/cybersecurity.html

Circular to All Licensed Corporations Alert for Ransomware Threats

https://www.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=17EC26

Circular to Licensed Corporations Engaged in Internet Trading Good Industry Practices for IT Risk Management and Cybersecurity

https://www.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=17EC74


Privacy Commissioner for Personal Data (PCPD)

Guidance on Collection and Use of Biometric Data

https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_biometric_e.pdf

Data Breach Notification

https://www.pcpd.org.hk//english/resources_centre/publications/files/DataBreachHandling2015_e.pdf

Guidance on the Proper Handling of Customers’ Personal Data for the Insurance Industry

https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_insurance_e.pdf

Guidance on CCTV Surveillance and Use of Drones (Revised in March 2017)

https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_CCTV_Drones_e.pdf

Privacy Guidelines: Monitoring and Personal Data Privacy at work

https://www.pcpd.org.hk/english/publications/files/monguide_e.pdf

Guidance on CCTV Surveillance Practices

https://www.pcpd.org.hk/english/resources_centre/publications/guidance/files/CCTVpractices_e.pdf

Hong Kong Police Requirements For Digital CCTV Systems

https://www.police.gov.hk/info/doc/cpa/CCTV%20English.pdf

Collection and Use of Personal Data through the Internet – Points to Note for Data Users Targeting at Children (December 2015)

https://www.pcpd.org.hk/english/resources_centre/publications/files/guidance_children_e.pdf

Best Practice Guide for Mobile App Development (Revised in October 2015)

https://www.pcpd.org.hk//english/resources_centre/publications/files/Best_Practice_Guide_for_Mobile_App_Development_20151103.pdf

Guidance on the Use of Portable Storage Devices (Revised in July 2014)

https://www.pcpd.org.hk//english/resources_centre/publications/files/portable_storage_e.pdf

Guidance for Data Users on the Collection and Use of Personal Data through the Internet (Revised in April 2014)

https://www.pcpd.org.hk//english/resources_centre/publications/files/guidance_internet_e.pdf

Guidance on Personal Data Erasure and Anonymisation (Revised in April 2014)

https://www.pcpd.org.hk//english/resources_centre/publications/files/erasure_e.pdf

EU General Data Protection Regulation (GDPR)

https://www.pcpd.org.hk/english/data_privacy_law/eu/eu.html

PCPD - Information Technology

https://www.pcpd.org.hk/english/resources_centre/industry_specific/information_technology.html

PCPD – Banking & Finance

https://www.pcpd.org.hk/english/resources_centre/industry_specific/banking_finance.html

PCPD – Insurance

https://www.pcpd.org.hk/english/resources_centre/industry_specific/banking_finance.html


Hong Kong Monetary Authority (HKMA)

Reference control from HKMA:

General Principles for Technology Risk Management:

https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/supervisory-policy-manual/TM-G-1.pdf

Cyber Security Risk Management:

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2015/20150915e1.pdf

Enhanced Competency Framework on Cybersecurity:

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161219e1.pdf
Cybersecurity Fortification Initiative

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161221e1.pdf

Cyber Resilience Assessment Framework (C-RAF)

https://www.hkma.gov.hk/media/eng/doc/key-information/speeches/s20160518e2.pdf

Implementation of Cyber Resilience Assessment Framework

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2018/20180612e1.pdf

Security controls for Internet trading services:

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2017/20171027e1.pdf

Risk Management of E-banking:

https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/supervisory-policy-manual/TM-E-1.pdf

HKMA Open API Framework:

https://www.hkma.gov.hk/media/eng/doc/key-information/press-release/2018/20180718e5a2.pdf

https://www.hkma.gov.hk/media/eng/doc/key-information/press-release/2018/20180718e5a1.pdf

https://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/infrastructure/20180111e1.pdf

https://apidocs.hkma.gov.hk/

Fintech Facilitation Office (FFO)

https://www.hkma.gov.hk/eng/key-functions/international-financial-centre/fintech-facilitation-office-ffo.shtml


Mandatory Provident Fund Schemes Authority (MPFA)

List of MPF Guidelines:

http://www.mpfa.org.hk/eng/legislation_regulations/legulations_ordinance/guidelines/files/List%20of%20MPF%20Guidelines.pdf

Controls Relating to Security of Data

http://www.mpfa.org.hk/eng/legislation_regulations/legulations_ordinance/guidelines/current_version/reporting_requirements/files/Annex_to_II_6.pdf

Guidelines on Notification of Events of Significant Nature (e.g. Major (Core) system change / upgrade, move to cloud…..)

http://www.mpfa.org.hk/eng/legislation_regulations/legulations_ordinance/guidelines/current_version/reporting_requirements/files/II_9.pdf

Cybersecurity With growing concern over cybersecurity issues, we shared views with Hong Kong Monetary Authority (“HKMA”) and briefed trustees on the importance of cybersecurity risk management. We discussed with trustees international principles and guidelines on cybersecurity and the steps they should take to protect their technological assets and customer information against cybersecurity threats. We also reminded trustees to set cybersecurity strategies and urged them to conduct regular self-assessment and testing on cyber-resilience for withstanding and recovering from disruption caused by cyber attacks.

http://www.mpfa.org.hk/eng/information_centre/publications/annual_reports/files_20162017/MPFA-AR-(e).pdf

MPFA reference technology risk control from HKMA.


Good whitepaper for your reference:

IT Security Guidance:

https://www.avanade.com/~/media/asset/white-paper/it-security-guidance-for-monetary-authority-hong-kong.pdf

AWS FSI Whitepapers – Good for cloud computing:

https://aws.amazon.com/events/fsi-hk-whitepapers/

PCI standard if you need to handle credit card:

https://www.pcisecuritystandards.org/

https://www.pcicomplianceguide.org/faq/

SFC strengthens internet trading regulatory controls

https://assets.kpmg.com/content/dam/kpmg/cn/pdf/en/2017/11/sfc-strengthens-internet-trading-regulatory-controls.pdf

A Guide to Strong Risk Culture and Risk Management in the MPF Industry

https://www.pwchk.com/en/asset-management/strong-risk-culture-and-risk-management-in-the-mpf-industry.pdf Print Friendly and PDF
Share/Bookmark

Sunday, October 7, 2018

Buzzwords and Tech-Jargon – Some Tech (Disruptive Ideas) are going to changing the world

FinTech - Financial Technology

TechFin – Technology Finance

InsurTech - Insurance Technology

RegTech - Regulatory Technology

SupTech – Supervisory Technology

LegalTech – Legal Technology

ProTech – Property Technology

BuildTech – Building Technology

Print Friendly and PDF
Share/Bookmark

Nokia 3 receive Google Security Patch (Sep-2018)

Screenshot_20181007-013256[3269]

Print Friendly and PDF
Share/Bookmark

Thursday, October 4, 2018

Windows 10 Insider Preview 18252 (19H1) to Fast Ring and Skip Ahead released

image

Print Friendly and PDF
Share/Bookmark