do it. think it. blog it! ... a twisted world

Well, after reading up on several blogs (Like Mary's and Jonas's) about receiving invitations to "Live8 the Long Walk To Justice" concert, I was hoping to get an invite too.. but Who Would Send Me One /. Then I thought; what good would it be if I just get an invite and not be able to attend the concert. Well, maybe I could still contribute to the cause, The "cause" being noble, I though that I'd contribute by buying myself a "one" band. Well, it's just a $ or two, but then I spend a lot more money on un-necessary stuff everyday. Here's what I think I'm gonna do. I'm gonna but a 100 Pack and distribute it around. If you would like to support the cause, but cannot afford to pay for a ONE band, let me know and I shall send one to you. The "one" bands are available in two sizes

• Small : For Youth or Women. Diameter is 2.25 in (5.72 cm).
• Large : Generally for Men. Diameter is 2.50 in (6.35 cm).

Let me know which one you would like to wear. But however; Please promise yourself that you would wear it everyday. The White Band can be worn on your wrist, your arm - in fact anywhere you like that it can be seen by everyone! You can wear it any way you like:

1. Around your wrist
2. Around your rear view mirror
3. As a hair band
4. Through the laces in your trainers
5. Around the straps of your handbag
6. As a lapel ribbon
7. On your key ring
8. Even on pet collars
9. The really important thing is that you just wear it.

You can find a local "White Band" by Clicking Here.

I'm Doing My Bit, You Do Yours. Another way of contributing to the cause and showing your support is by putting a makepovertyhistory.org band on your website. If Interested; Just ask me how?

"Jot Down Your Passwords" : said Jesper Johansson the senior program manager for Security and Policy Services at Microsoft Speaking on the opening day of the AusCERT conference at Australia's Gold Coast Resort. He continued to say He's got a point in what he's saying. Organizations enforce password policies on all their enterprise applications, sometimes strict and sometimes, weak. However the mininal feature that these password policies have is that they all expire in a pre determined period and sometimes we cannot use the same password as what had used before (or it just cannot be the same as the previous 6 password changes). This makes it extremely hard over a period of time to come up with really strong passwords and more importantly remember them. Well, I have forgotten quite a few myself, and then asking for a password reset with the support folks absolutely goes against the intent of the organizations establishing a "self service" portal for their employees. Then on the other hand, writing down passwords on a piece of paperas suggested by Johansson is simply ridiculous. The probability of that very piece of paper getting into the hands of a unintended recipient is extremely high.

I then remembered, Yahoo's webmail service allows their users to login to their mail accounts with a YahooID and password over HTTP. They DO have a feature where the user can switch to a secure mode and then enter his "login credential" and submit it over HTTPS. But how many folks really cick on the term "secure". If one types in https://mail.yahoo.com in their browsers address bar, they are immediately prompted with a WARNING that he certificate presented DOES NOT match the URL (because the cert is issues to login.yahoo.com instead of mail.yahoo.com.). WOW!!! So I did a little more digging around yahoo, and I found out that they are using this NEAT open source script by Paul Johnston which is a JavaScript implementation of the RSA Data Security, Inc. MD5 Message Digest Algorithm, as defined in RFC 1321. Thats a real cool one. I was impressed, (not with Yahoo, but Paul Johnstons script). NOW Thats a way in which passwords can be kept safe. So I went ahead and used that very same script (from yahoo/pajhome)on this site and modified it a little bit to concatenate 2 strings and here's what I came up with: A JavaScript version of obtaining a MD5 Hashed equivalent of you password thats unique for each site you use it on. Which obviously means that if your password is "hello" then the MD5 equivalent of that password on "sun.com" would be different from "yahoo.com".

Cheers !!! :: & I am really looking forward to your comments on this.