EB Security Technical Implementation Guide

Most of us believe that our happiness and security are dependent upon our relationships, work, income and the external events that take place in our lives. When things are going well there is a sense of well-being and safety. We sleep well at night, wake up feeling refreshed and have the sense that the world can be managed – that we are in control. However, this kind of security is fleeting. As people and events are constantly changing, we are often edgy about what’s coming down the road.

We then spend our time and energy trying to manage and control ourselves and others. This craze to control takes many forms. It produces anxiety that never seems to dissolve and turns into addictions, compulsions, catastrophic thinking. It leads to difficult, unhappy relationships based upon power struggles.

No matter how much we attempt to strategize and organize, life itself often has its own plans and ideas. When we cannot accept this, our life then soon becomes an endless struggle, rather than a source of joy. We become unable to go with the turn of the tide that life’s changes brings and discover the new momentum that may be coming our way.

Most of the time it is fear that stops us. We long to live in the known, predict what will happen, to be able to respond in familiar ways. What we seek what is actually a false security, based upon keeping everything the same. But as the very nature of life is change, sooner or later our efforts must always fail.

The more we cling to what has been, the more real security eludes us. True security, the ability to live without fear, comes from being in touch with and trusting the one within who

The One Who Knows

Deep within each of us, there is a knowing and resilient part of ourselves who is able to respond full, know what to do when the moment arises and is at ease and filled with good will. This part of ourselves is filled with balance and creativity. As we contact this aspect of ourselves, bring it to light, give it time and attention, we become less affected by external circumstances and our life takes a completely different turn.

There is a process involved in connecting with and nurturing this part of ourselves, steps to take. These steps are directed to letting of that which is in the way. We start by un-learning some of what we’ve based our lives upon. Different individuals will resonate to different parts of the process. That is fine. Each step when done completely will take a person where they need to be.

Here are some basic, initial steps and principles in this wonderful journey to the center of a life of balance and trust.

A) Returning Home -

To begin, rather than racing forward, we stop and turn around. Some call this returning to our original nature. We describe this step as Returning Home.

Rather than continue our frantic search for pleasure, wealth, love, well being in the external world, we return home to ourselves. We take back our attention and return it to who, what and where we are at this very moment. As we do this a centeredness, balance and simplicity takes the place of the upheaval we live with most of the time.

This step is based upon the principle that difficulties we encounter do not arise from that which is going on outside of us, but from the way we react and respond. As we return home and become aware, our reactivity lessens and natural balance and wisdom takes its place.

Returning home can include times of walking, meditation, centering, focussing, journalling. All of these have the common denominator of placing our attention within. This not only restores our energy, but significantly reduces the endless spin of catastrophic thinking most of us engage in. As we do this we notice it is the catastrophic thinking itself that makes us uneasy, not the actual events right before us now.

B)Letting Go Of False Expectations

Our fear of life and need to control is often fuelled by the disappointments we have suffered. Over and over we try to make things work out according to our desires. We may not see that many of these dashed expectations and desires, are simply fantasies, dreams, hopes and demands we’ve placed upon others. When our personal wishes are not fulfilled, resentment and fear develop. Often we do not see that our wishes may have little to do with what is real – or what is beneficial for ourselves or others.

As we release our expectations, we become able to see and accept the world as it is and find a new way of living in it. We find who we are, where we belong and where our true security lay. Many then become amazed at how light, joyous and at ease they feel – and at the abundance of beauty and goodness that has always been available to them, day by day. We also begin to see that -

“The world is a womb, not a tomb, a place where everything is engendered and brought to life.” Henry Miller

cc/Dr Shoshanna/2005

Dr. Brenda Shoshanna, http://www.brendashoshanna.com, is author of LIVING BY ZEN, (Timeless Truths For Everyday Life), http://www.livingbyzen.com. A psychologist, long term Zen practitioner, speaker and workshop leader she offers talks and workshops on finding our inner security and fulfillment. Dr. Shoshanna also speaks on all aspects of relationships and living life to the brim. She is the author of ZEN MIRACLES (Finding Peace In An Insane World, Wiley, and ZEN AND THE ART OF FALLING IN LOVE, (Simon and Schuster). She is the relationship on i.village and can be reached at topspeaker@yahoo.com, (212) 288-0028.

[tags]secure, insecure, safety, happiness, control, addictions, compulsions, stress, struggle, joy[/tags]

August 7, 2006

In a September 2002 speech to the UN General Assembly, President Bush asked a pointed and crucially important question to the national representatives who had gathered to hear him talk about the looming war with Saddam Hussein’s Iraq: Will the United Nations serve the purpose of its founding, or will it be irrelevant? The current impasse over Iran’s nuclear ambitions may soon provide the answer to the President’s question.

Almost immediately after the passing of a UN Security Council resolution demanding that Iran halt its uranium enrichment activities by the end of August, state radio services began reporting that the Council’s demands would be rejected. On August 1, Iranian President Mahmoud Ahmadinejad officially denounced the resolution, insisting that Tehran was committed to its pursuit of nuclear technology and would not be bullied by threats from the UN. Iran’s top nuclear negotiator, Ari Larijani, went a step further, calling the UN resolution “illegal” and boasting that Iran would not only defy the Council’s wishes, but would increase its uranium enrichment activities as well.

There are two problems with Iran’s “right” to pursue nuclear technology: the lack of transparency provided by the hard-line government and the threat posed by the Iranian regime itself. Both require the global community to confront Iran over its nuclear program.

Lack of transparency has been a decades-long dilemma. Iran has consistently shrouded its nuclear plans in secrecy, and UN inspectors have repeatedly been blocked from access to sites and personnel involved in nuclear work. While Iran’s ambassador to the UN claims his country’s nuclear advances are no threat to peace and security in the world, the actions of his government make it impossible to determine the intent and scope of nuclear progress. Without access to key atomic facilities and players, there can be no credible assurances that Iran’s nuclear program is for peaceful energy production and not for the development of nuclear weapons.

But none of this is should be a surprise. The very nature of the regime is itself a threat to other nations. The government is headed by a radical former member of the Revolutionary Guard who never misses an opportunity to call for the destruction of Israel, or to spew hateful rhetoric about the United States and the West. Iran is a leading state sponsor of terrorism with ties to Hezbollah, Hamas, Palestinian Islamic Jihad, and the Palestine Liberation Organization. The regime continually exerts its influence among Shiites in Iraq, Lebanon, and the Palestinian Territories, decreasing stability in the Middle East while Iran tries to better its geopolitical position. The Iranian government deals harshly with dissent at home and uses international terror to increase its power relative to other Arab nations and the West.

Iran is a nation that must be dealt with, and soon. There can be no mistake about Ahmadinejad’s quest for nuclear power and regional influence. He does not take the United Nations seriously because he has repeatedly been witness to the futility of the Security Council when confronted with matters of grave importance. He has rejected the UN’s call to halt his country’s enrichment of uranium because he believes the five permanent members of the Council will never come to an agreement on either meaningful sanctions or the use of military force.

By setting a deadline, the Security Council has drawn its line in the sand. If Iran fails to stop uranium enrichment activities by the end of August, the Council will convene once more to discuss options for dealing with Ahmadinejad’s regime. But don’t count on anything significant coming out of the Security Council’s meetings. Two of the permanent five are already wavering, with both the Chinese and Russian envoys downplaying the threat of sanctions immediately after the passing of the resolution. According to the Washington Post, the Russian and Chinese representatives say the main goal of the resolution was to encourage Iran to resume negotiations and to support the efforts by UN nuclear experts to obtain greater cooperation from Tehran.

Sadly, this type of political backtracking is typical of Security Council deliberations and a major reason why the United Nations is largely ineffective on global security issues. Countries initially stand together behind generic statements that foster the perception of cooperation, but coalitions quickly fracture when the strategic and economic interests of individual nations outweigh the importance of consensus for the greater global good. Inevitably, the UN will bog down yet again in the face of Iranian nuclear development.

Ahmadinejad sees what President Bush sees: that the weakness of the United Nations ultimately means UN resolutions can be defied without consequence. If the UN fails to come together now, when global peace and security are threatened by a potentially nuclear-armed terrorist regime dedicated to the destruction of the West, it will once again demonstrate to the world that its member nations cannot fulfill its founding purpose. It will become, as President Bush warned, irrelevant.

[tags]United Nations, Iran, Security Council[/tags]

During the past few active hurricane seasons, the sales of generators have increased tremendously, along with generator-related accidents, which are preventable, if simple safety measures are followed. Many generator-related accident reports from the most recent hurricanes were due to carbon monoxide poisoning. Here are some safety tips to keep in mind when using a portable generator, especially after a hurricane:

Read and follow the manufacturer’s instructions that came with the generator! Sounds simple enough, but many people don’t. Keep the unit out outside, away from doors, windows and any vents that could allow carbon monoxide to come indoors. Do not put the generator in your garage, even if it is left open. It should be located in a dry area protected from the weather under a canopy, or open shed. Carbon monoxide is often undetectable, because it cannot be seen or smelled, which is why extreme caution is advised when deciding placement of your generator. If you start to feel dizzy or sick while using a generator, get to fresh air right away and seek medical help as soon as possible. It’s a good idea to install battery-operated carbon monoxide detectors/alarms. As with your regular smoke detectors, you should test the battery frequently.

Use the proper outdoor-rated power cords to attach appliances to the generator and make certain that the cords are in good condition. Connect only essential appliances to the generator. Don’t overload the generator and verify that it is properly grounded.

Never connect the generator directly to your home wiring. This could cause the generator to backfeed on to the power lines and possibly electrocute repair crews working on lines away from your home.

Turn off all appliances connected to your generator, before you shut it down.

Never refuel the generator while it is running – wait until it has cooled down.

Especially after a storm, make sure there are no debris which could ignite around the generator, and that water has not pooled anywhere around the generator, or the lines connected to it.

Keep children away from the generator at all times.

List T has lived in South Florida for over twenty years and has shared her hurricane experiences and lessons learned through articles and Hurricane Coming site and
Blog

[tags]portable gas generators, generator safety, hurricane preparations, storms and power loss[/tags]

A slightly longer series of articles “Keeping Your Secrets Secret” will examine practical examples in greater detail and provides useful tips and advice. Of course, these will continue with the theme of making crypto and computer security easily understood.

One-Way Hash

Also known as a one-way function, a message digest, a fingerprint or a checksum, the algorithm creates a fixed-length output that cannot be reversed. One-way hashes provide checksums to validate files, create digital certificates and played a central part in many authentication schemes.

Let us consider this example. For ages, the Chinese have a fortune-telling method that relies on “Ba Ji” (eight characters) which uses the time, day, month and year of birth according to their calendar. There are sixty possibilities (almost equal to 6 bits) for each of the four variables. Since the Chinese use two characters for each variable, the result is always eight characters. This is an example of a nonsecure 24-bit one-way hash.

Obviously, this way of producing a one-way hash is not acceptable for security purposes because of the huge number of collisions (different inputs producing the same output).

The most commonly used hashes are SHA-1 (Secure Hash Algorithm uses 160 bits) and MD5 (Message Digest uses 128 bits). In August 2005, a team of cryptographers led by Xiaoyun Wang of Shandong University, China, presented a paper that found faster ways of finding collisions than the usual brute force method. These exploits (vulnerabilities) may make digital certificates forgery a reality.

The implications to e-commerce may be widespread not to mention the millions of websites which used MD5 to hash the users’ passwords in their databases. Any webmaster can tell you that converting these sites to use SHA-256 or SHA-512 will not be a trivial task.

In a recent directive, NIST (National Institute of Standards & Technology, U.S.A.) has advised U.S. governmental agencies to use SHA-256 or SHA-512 (256 and 512 bits respectively) instead.

Biometrics

A biometric device is one that can identify unique characteristics from a finger, eye or voice. Many believe that biometrics should provide a higher level of security than other forms of authentication.

There is a news story in March 2005 of how a Malaysian owner lost his Mercedes car and index finger to car thieves armed with machetes. Obviously the keyless ignition electronics cannot detect whether the finger is still part of the original body nor whether the finger (and by extension the person) is alive or not.

Recent security breaches have heightened concern over depositories of personal information stored on many financial sites. When such breaches occurred, the incidence of identity thefts will thus rise also.

If you lose your credit card, you can always void the card and get a new one. When you lose your fingerprint (stored digitally), or other biometric features, who can replace those?

Passwords

When asked to conjure a random number or characters, most people inevitably used materials that are familiar to them like birthdays, names of family members, pets’ names and so forth.

For example, most will choose dates when asked to choose a six-digit number for their ATM Personal Identification Number (PIN). Doing so will reduce the number of possibilities by nine times.

Random Numbers and Generators

Random numbers are central to crypto. To qualify as true random numbers, the output from random number generators (RNG) must pass statistical tests of randomness. Two suites considered as de facto standards are the “diehard” suite developed by Prof. George Marsaglia of State University of Florida and “Statistical Test Suite” from NIST.

Second, the RNG’s output must be unpredictable even with complete knowledge of the algorithm or hardware producing the series and all the previous bits produced.

Third, the RNG’s output cannot be cloned in a repeat run even with the same input.

The most common approach to producing random numbers is by using an algorithm carried out by a computer program (Yarrow, Tiny, Egads, Mersenne Twister). Such algorithms cannot produce random numbers, hence their names, pseudo-random number generators (PRNG).

Another approach is to use physical events such as entropy produced by the keyboard, mouse, interrupts, white noise from microphones or speakers and disk drive behavior as the seed (initial value).

Some may argue that true random generators are those that can detect quantum behavior in subatomic physics. This is because randomness is inherent in the behavior of subatomic particles – remember the electron cloud from your high school physics.

One-time Pad

The most effective system is often the simplest. A one-time pad (OTP) is a series of random bits that has the same length as the digital object to be encrypted. To encrypt, just use a simple computer operation, exclusive OR (XOR). To decrypt, simply XOR the encrypted result with the same random bits.

The downside of using OTP is that once used, it must be discarded. Second, the OTP and the digital object must have the same number of bits. Lastly, the obvious problem of synchronizing the OTP between the receiver and sender.

[Author's note: The concluding Part 3 will focus on keys management and public key cryptography.]

“In God we trust, others use crypto.”

The author, Stan Seecrets, is a veteran software developer with 25+ years experience. © Copyright 2005, Stan Seecrets. All rights reserved. For more of his articles and website promotion, visit http://www.seecrets.biz or http://www.rushprnews.com

[tags]seecrets, crypto, cryptography, introduction, security, secrets[/tags]