Public Accountability on Email Security Fiasco

First published: 04th September 2007

On 30th August, a Swedish information security researcher highlighted insecure practices for accessing email by publishing 100 email addresses and passwords, including 19 from Hong Kong political parties and other HK organisations.

Can the organisations concerned:

  1. announce they have secured the affected accounts
  2. report what types of information were in the affected accounts, and, if the information is sensitive, how they are acting to minimise the damage caused by the security breach
  3. state what further action they are taking to prevent a future breach.

Also, as a member of the IT Functional Constituency, can I ask Hon. Sin Chung Kai, the owner of one of the accounts affected, what recommendations he will be making for the regular security audit of LegCo member's computers?


Share