Try   HackMD

Interview: Andrew Fitz Gibbon

Discussion

Key: Keep the users' data on their sides.

Scenario 1: Direct verification of SSN

  1. A customer reserves a room in a hotel.
  2. The hotel requests for the their SSN.
  3. The hotel sends the SSN to the government for verification.

Problem: Risky to give out SSN

Untrusted Trusted Untrusted
Hacker Customers <-> government Merchant
  • Sensative data stored by the merchants may be abused or hacked.
  • Since customers do not trust merchants, the real SSN should be directly verified rather than handed over by the merchants.

Analogy: Credit card / mobile pay

  • Key Generate tokens

  • Problem: The merchants hold the credit card information, which is risky (similar to the aforementioned reasons for user data)

  • Solution: Mobile payment e.g. Apple Pay: Somehow trusted

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

    Solution applied on the SSN case

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Conclusion

Keep all data and purchase history on users' sides.
Third-party recommendation system (or run it locally) to process those.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Questions raised

No motivation for the merchants (pay for service; can't hold the data as they do now) & customers (satisfied with current services; prefer convenience over security)

Resources

  • No expert's export :(
  • Password management company /open sources projects
  • Data security
    • RSA (company)
    • Journal/conference: InfoSec, DevCon
Last changed by 
Shang-Ling Hsu
0
71

Read more

Microsoft intern (China) online test

The UI was extremely similar to LeetCode 3 questions; 1.5 hours Screen recording + web-cam recording No magnitude of input data specified Exception: The function signature was read-only and was ugly like &#x919C;&#x5F97;&#x8DDF;?&#x4E00;&#x6A23; int function_1(int input1, int input2[]){ // Delete the line below and start writing your code throw(some not implemented error i don&apos;t remember);

Mar 27, 2020
An Entrepreneur's Journey

Nov 5, 2019
CSE490 Oct 29

Oct 29, 2019
Untitled

Oct 23, 2019
Read more from Shang-Ling Hsu
Published on HackMD