stigFromOslo.com

In the article “- Urovekkende passordbruk” in the Norwegian newspaper Aftenposten.no, journalist Christine Jensen reports on a survey performed by Visendi showing that only 9.4 % changes their password on a monthly basis. The survey was requested by Microsoft Norway, and in a comment on the results, Chief Security Officer Ole Tom Seierstad says that password protection is especially important during the summer when people tend to bring their laptops on vacation. According to Mr. Seierstad, the threat of computer crime is greatly increased during this period and password protection is “one of the easiest and most efficient ways of protecting your data.”

While the Microsoft CSO might be right about passwords being easy to use, the security provided by the Windows authentication system is minimal at best in regards to information and computer security. Password protecting your Windows computer does nothing to protect the data stored on that computer. It only provides a “locked door” through which a user must pass in order to gain access to that particular operating system. The data is still stored on the hard drive and can easily be accessed, provided you have physical access to the computer, by booting (restarting the computer) into a different operating system (e.g. one stored on a CD, a floppy disk or a USB memory stick), or by moving the hard drive to a different computer.

While the latter might require a bit of time and technical knowledge, rebooting a computer into a different operating system is fairly fast, easy and well documented and described online (e.g. Helix, Ophcrack LiveCD or Backtracker). Mr. Ove Skåra, Chief Information Officer of the Norwegian Data Inspectorate puts it this way: “A password doesn’t help much if the computer is stolen and reaches a person with just above average knowledge of computer technology.” Or, as I would say – a bit of imagination and access to the Internet.

Not only does the Windows authentication system provide minimal data security, the way your password is stored (by default) on the Windows XP operating system is highly insecure. This makes it simple to crack these passwords and gain full control over the exposed computer, even remotely. Ophcrack is just one of many Windows password crackers freely available online that cracks Windows passwords stored in this default way in mere minutes. (Not convinced? Download the program and the required rainbow tables and try it out on your own computer. Note: Cracking other peoples passwords without their consent is illegal! Don’t do it.)

The best way to secure your data from unauthorized access is to securely encrypt the data. Encryption is a process in which the original text – called the plain text – is transformed into cipher text, which is impossible to understand. The data is stored in it’s cipher text form and only made readable again – decrypted – when an authorized user (i.e. you, the owner, or someone you authorize) requests it and provides the right password/key and encryption/decryption algorithm.

While encryption might also be password based and thus dependent on the strength of the password, an encrypted text is not stored on the hard drive as plain text and is therefor harder or impossible to get to for someone who doesn’t know the password.

Should a computer, on which all data is securely encrypted, be stolen you can still sleep well at night knowing full well that it will probably take the perpetrator all the time in the universe – and then some – to crack your code and gain access to your data.

While some encryption technology is available with the Windows operating systems, I would recommend the use of PGP, GnuPG, TrueCrypt or similar third-party software to encrypt your data. These programs are easy to use, well documented and tested, and provides a high level of security.

If you want to increase the security on your Windows computer, start by preventing the operating system from storing your passwords in the default format. Here is how.

A few weeks ago I went to see the latest movie about John McClain’s colorful and action packed life as a member of New York’s finest. Those men and women in blue who every day put their lives on the line to save the world from petty thieves, terrorists and megalomanic hackers. The movie was great. It had everything. High speed car chases, fancy martial arts moves and a hero and a half who thoroughly and whole-heartedly kick some bad-ass scumbag’s behind. All very entertaining and completely improbable.

In Jan Guillou’s latest addition to the Swedish spy Carl Hamilton’s more secretive but no less action packed life, the wealthy and highly decorated count is recruited as the head of the Palestinian fleet. Together with his old friend Brigadier General Mouna al Husseini they set out in a newly procured, futuristically advanced Russian submarine to destroy the whole Israeli fleet. Not only do they succeed in their mission, after playing tricks and games with both the American and the British navy, they also survive an ambush from two American submarines. Very cool.

The main difference between these two pieces of modern entertainment is in their political message. While the “Die Hard” movie is sprinkled with a typical American “war on terrorism”-attitude mixed with the eternal war of intrigue between the myriad of semi-secret agencies, the whole story in “Madame Terror” is based on the political-religious conflict between Israel and Palestine – and their respective allies and friends. But in between – or rather in front of – the political game is an action-packed story with under-water chases, fancy maneuvering and super-advanced ass kicking. All very entertaining and good bit impossible.

In a fairly strong comment in the Swedish newspaper Expressen.se, former chief of research Ingemar Dörfer of the Swedish Institute of Defence Research (FOI) characterizes Jan Guillou’s brilliantly written story as “completely improbable”. According to Mr. Dörfer the book is “full of factual errors and absurd reasoning”. And if Guillou had presented the book as a description of the true world as it is, I am sure Mr Dörfer is correct. The South African air force is (or was at the time) equipped with Mirage III rather than the Jas 39 Gripen. And of course former president Bill Clinton didn’t bargain with Russia to leave 23 Russian men for dead. (At least such accusations have never been proven.)

But this, ladies and gentlemen, is entertainment. Just as detective John McClain takes down a helicopter with a police squad car, rides the tail of a F-35 fighter jet and saves the world (i.e. USA) from total destruction and collapse with a worried look on his face and a witty comment; so too can Hamilton and friends sink as many Seawolf-class submaries they like, cripple any navy with a single submarine and have the Russian president sign any order he like. Because just as in love and war, all is fair in the world of fiction.

Last week all the guys in the family pitched in and fixed the roof on the family summer house. It is exactly 50 years since the place was originally built by my grandfather and a new roof is a fitting jubilee present, don’t you think?

Second day is over and I won a silver for my efforts in the pattern category. Wee! Very happy with my self. A gold would of course be better, but all things considered, I am very happy with my achievements.

The one-step category did not yield any shiny metal, but both my self and Mr. Jack Connoly was very happy with what we did, considering we went up against all the 1. and 2. dan black belts in AIMAA.

Like with the first day of this two day competition Mr. James Farrell proved yet again to be a good organizer and an efficient leader of such an event. The whole thing went brilliantly smooth and after a 10 am start the whole place was clean and empty before 5 pm. Impressive!

I also have to say cudos to one Mr. Long (I hope I got his name right). A black belt (I think 2.dan) who on this second day went in for patterns, two sets of one-steps and two groups of team patterns. And I believe he got medals for all, even after a SERIOUS beating in the one-steps. I have never seen someone going in with such force in a traditional technique. Respect, sir. Respect!

[Video: One-Steps]
[Video: Taegeuk Sa Jang]

(Thanks to Evelina for taking the picture and the two videos.)

Day one of the AIMAA Irish National Open Taekwondo Championship 2007 is over and I must say I am pretty impressed with Mr. James Farrell’s soft iron grip on the whole thing. Never before have I seen such an event fly by with such ease and grace.

Today was the day for sparring (gyeorugi) and breaking (gyeokpa). And since just about all senior black belts on scene was reffing and judging the low grades and junior, the show started with a bang to free up the high-grades. Smart move!

Another clever idea was to do sparring and breaking in sequentially for each category. That way each competitor got to do his or her stuff within a small time frame and was free to watch or leave. Naturally this freed up a lot of space as people got their thing done in a swish and got home for a nice, early dinner.

Since I was neither sparring nor breaking in this competition (I really don’t like this IFT/AIMAA style sparring with all their quiet boxing), my original plan was to hang around for my club mates’ matches, get a few good pictures, and head off. That didn’t happen.

I think was around for about an hour before I had “snuck” in as part of the floor staff, holding boards for breaking, taking time for matches and even assisting in keeping a ring organized with refs, judges, papers and competitors. In short, I had fun.

Tomorrow is the day for patterns (single and team) and one-steps (han beon gyeorugi). I’ll be doing my own pattern – Taegeuk Sa Jang – and a set of five ITF/AIMAA one-steps. My aim: To stand out with my pattern, get through the one-steps without messing up too bad, and above all – have fun. By todays yardstick, the outlook is quite bright.