| veer's profileVeers SpacePhotosBlogLists |  Tools  Help |
|
September 06 Talking about Virtual TechDays
Quote Virtual TechDays July 04 Talking about U.K. terror probe focuses on physicians - International Terrorism - MSNBC.com
How nerd these Docs are .. they must have been worst docs ever found in NSH.... bastards cant be good doctors why the hell are you making bombs.. You are not engineers.. Dumb asses failed 4 times in 24 hrs and got caught.. they should be rewarded the dumbest terrorists on EARTH :):):) thanks god they failed and we are all alive to talk about them.. OSAMA will change his HR policy "DONT RECRUIT DOCTORS FOR SUICIDE MISSION" guess why because these Islamic Extremist doctors can kill but cant die themselves...as such get caught he he h ehe
Check it out more on Quote U.K. terror probe focuses on physicians - International Terrorism - MSNBC.com October 10 No more Indian
August 22 But why my temple?When I pray every morning I feel the super soul to bet he master of all and all his forms as an emancipation of allotropic nature of God.
When I was kid , my Mom asked to go under teh Horse of Jazia and seek the blessing for longetivity , she used to bow in front of Khankah maula and maqdoom sahib as they are equally revered by hindus in kashmir as by muslims.
But I saw some muslims looting the Temple of Fateh kadal and breaking into the temple and creating mahem inside inside temple. Reason General Zia was killed in an air crash.
I was yet to understand was my Shiva only responsible that they broke his Lingam into pieces.. Being a child I never could care abou these matters and my focus was on universal brotherhood and love for all irrespective of religions.
Then came 1990 and our exodus , we all left because of terrorism and fear. may be we were too weak to stand that terror wave. No regrets but defintely a wound that will never get filled up in Republic of India for it was equally responsible for my fate.
Few days back a police party entered some Mosque and PrimeMinister of India had to intervene , Wov I like Indian secularism , we must not let any one with arms enter any religious place. Hope that would have been the case in 1980s when after Zia death my temple was looted and burnt in kashmir. May that was just a start today 70% of temples in kashmir are raised to ground and brutted by Islamic fanatics.
To show case the secular image Govt of kashmir shows khirbhawani and Amarnath only to the whole world. but being from kashmir I know what has happened inside .
A SAMPLE CASE
In Rainawari was BODH MANDIR on the banks of lake. A pious place where for centuries Gita path and Bhajan was done daily .. but you will be astonished to see the condition of this temple today. If you can read kashmir check the walls of temple .. wher there is clearly written that we will F$$$$$U$$$$$C$$$$$$K you and Ah my Prime minister can you please intervene. and save my Shiv lingam form extinction in kashmir!!!
Or woudl People of India some day vote for a change .. vote for true secularism. and not appeasment. But awefully how? when even vande mataram is not mandatory but optional as per your religious lineage... I am ashamed to be part of India and I wish I was a somalian nomad or nigerian fisherman , so that at least I would have been proud of my national identity but not any more.. August 21 Janamashtami and Bulbul
Although as usual , I was not at home but Ashu cool dude took Bulis picture fully dressed up as Krishna :):):) she looks amazinga nd that day she talked to me and what elkse she could ask for but chocolates from London.... aah haaaa surely Bulbul I goonah get them for you... August 20 Talking about Sen. Allen has to go
Quote A mail from USA read Hi, August 16 security @ Microsoft : A nice discussionWell this is one the most fantastic techinical threads that I saw on my MVP mailing list in last one year. Couldnt stop but ask its author Vineet gupta, our IT PRO DPE for MS INDIA. It all started with the dumb people like me asking hwo to remeber the passwords when one has to change a password every 90 days and that too we cant repeat the last 12 passwords...
Well my fren Roji thomas asked people to change the Girl Friend every 90 days and keep her name as password. It was anice breather in the big techinical discussion. Okay let me reproduce those emails one by one in originality without harming the real story behind it.
Abhilash was good to point to some of the specific issues and discussion is worth reading.
1st Email from Vineet
Saurabh is right about the partner infra bit - the security is strong because when you log on to this site, you are actually logging on to the Microsoft AD and our group policy is rather strong, which is good for us.
But the reason this discussion is interesting for me is because we have so many good techies complaining about the issue of strong password policies. Despite having the two other alternatives (things you have = smartcards etc, things you are = biometrics), things you know = passwords, etc would still be the most prevalent in the next 3-5 years. For one, it is easy to use; second, people know how to use passwords and are still discovering multi-factor auth (for an example of 2-factor authentication done badly, check out the HSBC online banking scheme) But if we are not comfortable with strong password policies (complex passwords, change frequently, do not use previously used passwords, resetting process is strong, etc.), how do we propose authentication to happen securely, all other things being equal? Reply from Abhilash Speaking of alternatives ,There is something called as a SiteKey based authentication used by Banks.What it does is you can choose a picture from a set of pictures and give a name to that picture And it will put a cookie on your machine . It will show your site with the picture and the caption you gave . if it recognizes your pc. This was we can even identify phising sites . If it does not recognize the pc . you will be asked a set of question before the site key is shown and then you need to give your password. So kind of a two step process.Changing password every 90 days is so old fashioned and lame. This is like saying we don’t trust your ability to keep the password secure so you come up with a complicated word every 90 days or in other words buy a new lock every 90 days because we don’t trust our locking technology. I have closed one of my bank accounts for this very reason. Now for Microsoft site I write down my password in my diary in plain English because I cant remember the complicated word . I am not sure how that helps in having a secure world. Let us realize users are lazy and have tons of other stuff to deal with than finding a complex alphanumeric every 90 days and remembering it . Compound that with the fact that you have so many websites which required you to do so . Let us assume an average 15 . In my case this more like 50+ . you have to rememeber 15 x 4 alphanumeric symbol inserted password 2nd Reply from Vineet The reason behind password changing is not the end-user's lack of ability to keep the password secure - it is to prevent brute-force attacks. (Actually there are a few more tricks, but they are internal to the system - this is the only part visible to the end user) The lock analogy is wrong. The lock is the security protocol - which is not changed. The analogy for a password is a key. The reason you change your key is because someone can come up with a key by manufacturing all possible keys. The lock however is adaptable to new keys and if you change your keys fast enough, it will prevent breakage. The picture thing you are talking about has the following issues: 1) Accessibilty issues 2) The bootstrap issue - what happens before the pic identification? The solution to bootstrap = answering a question, does require you to remember the question, which is as good or as bad as remembering a complex password. 3) Biggest problem - If you show me fifteen pictures, and one of them is right, I can brute force this step. Even if you generate pics from a pool, the size of your picture pool would be much smaller than the size of all alphanumeric permutations, and opens itself to a brute force. So this is not impressive, and meanwhile the user gets a false sense of security. No good at all.BTW, I change my password every 30 days. The trick is to not keep passwords, but to use passphrases: "Life's Like That!" - really easy to remember. If you keep your password in your diary, you are opening yourself to a security breach. And you do not have to use different passwords for separate websites - you can use the same passwords for sites of the same category (all mail sites = one password, all At the end of the day, your password is your protection. If you can keep your diary secure, by all means, go ahead and store it there. Some systems expect you to respect the information you store on them, others do not. Reply from AbhilashAh. I guess we are ready to open the can of worms.. My first question to you my friend is have you used the site key concept. Please read about it fully before you go on a parade criticizing it. The site key requires you to name your own unique caption to the picture which is also shown along with the picture if the machine is identified. And the machine identification option is something that the user has a choice to control if you want a level of authentication before showing the picture that is acceptable too. It is now being implemented in major banks in the US including Bank of America. The key point in site key is the END USER is in CHARGE. [[Vineet Gupta]: ] I agree - my criticism was based on what you mentioned about site key. So I took your advise and read about Site Key. And what I found out was very interesting - Site Key does not solve the password problem at all. It is an anti-phishing (system-authentication) solution, and not a user-authentication solution. It does not solve the problem that a password tries to address and hence cannot replace passwords. Allow me to elaborate: - User Authentication = User proves to System that she is a legitimate user, and the proof is a secret that only she should know (password) - System Authentication = System proves to User that she is actually logging on to the correct system and not a fake system. Phishing attacks are fake system attacks. Site Key tries to authenticate the system to the user and not the user to the system.
- Establish a shared secret between the system and the user - picture + text caption. - To establish the shared secret, the system asks the user a series of questions, the answers to which should only be known to the user. - Once the system establishes that the the user is genuine, it allows the user to set up a image and a text-phrase as a secret, and to bypass the challenge questions agains, the system stores a cookie on the user's machine - The next time the user logs on to the system, it shows the user the same image and text. This allows the user to recognize the site as being genuine (authenticates the system to the user) - A phishing site would not be able to show the user the same text and image, and would therefore be recognized by the user as being fraudulent. - The system still needs to validate the user, so the user has to enter a password, or answer some questions set up by him. Analysis of Site Key As I already mentioned, the site key mechanism is not meant to solve the password problem (authenticate the user to the system). It is meant to solve the phishing problem (authenticate the system to the user). Which is why at the end of the image-text display process, the user still has to enter a password for authenticating himself to the system. Site Key also does not fully stop the phishing problem, though it does make it harder. This mechanism is open to a man-in-the-middle attack. The image-text display, cookie storage, etc. is done using Flash scripts, but it does not matter what technology is used. This mechanism would have the same level of security / insecurity, no matter what technology is used. The idea of shoving something down users throat in terms of security is not a good principle. My friend if someone really wants to take your password you will be amazed how really easy it is. If you are not referring to social engineering, I would be very interested in knowing what these "really easy" techniques are. and the option of having one password for all sites really tickles me, because all the Trojan needs to do is to get you just once on a phised site and you are out in the open as you share your password across sites Could you give me an example of a Trojan that carries out a phishing attack on a system X, gets confidential data of a user A, and then tries to attack system Y and Z also, which are used by user A? I don’t think you really understand the gravity of the problem we are discussing . Let us take a normal person in the united states He has a password for 1. ) Hotmail 2. ) AOL 3. ) Yahoo 4. ) GMAIL 5. ) Bank 1 6. ) Retirement account 7. ) Electricity 8. ) Power 9. ) Cell phone 10. ) Land Telephone 11. ) Cable 12. ) 3 or 4 credit card accounts There are people I know who had 30 + running accounts. Now let us say theoretically that you don’t log into all these sites in all months. And all of them wants you to change your password every 30 days . You are talking about inventing and generating 15 x 12 = 180 alphanumeric passphrases in a year which is finding a passphrase every other day of the year . Don’t tell me that is the best what IT has to offer. And we are talking about bringing Information Technology to the masses. There is something called what is practical . [[Vineet Gupta]: ] I am not advocating the usage of same password for multiple sites. What I am saying is that if you cannot remember 30-odd complex passwords that keep changing, assign the same password to a group of sites, so that you have to remember only 5-6 odd. This is certainly better than keeping simple / non-changing passwords for all sites. When comparing the two options, you have to look at the threats we are trying to mitigate:
Scenario 1: 30 Simple non-changing passwords for 30 sites. - Brute-Force attack against one system - reveals your password for that system - Attack against individual (your diary getting lost) - reveals all passwords Scenario 2: 5-6 Complex, Changing Passwords for 30 sites - Brute-Force attack against one system - does not reveal password of that system easily - Attack against individual (your diary getting lost) - reveals all passwords Which one is better?
And pardone me my friend age is catching up with some of us if not all . I frequently have issues with account lock out on my banking sites where I change password too –often . Hotmail passwords: Hotmailing Vineet / 2006 - Aug! , Hotmailing Vineet / 2006 - Sep! , Hotmailing Vineet / 2006 - Oct! Yahoo passwords: Yahoo mailing Vineet / 2006 - Aug! , Yahoo mailing Vineet / 2006 - Sep! , Yahoo mailing Vineet / 2006 - Oct! Electricity Passwords: Electrifying Vineet / 2006 - Aug!, Electrifying Vineet / 2006 - Sep!, Electrifying Vineet / 2006 - Oct! .. and so on. We can get creative with this, and really do not have to remember anything. This is what I meant by using pass-phrases in my previous mail. So now after a long time I I have decided to write out passwords in my diary with a simple cipher. And yeah my diary is secure J . I for one cannot rememeber so many alphanumeric combinations every other day . [[Vineet Gupta]: ] Most ciphers done by hand can be cracked by simple frequency analysis. But as you pointed out, your diary is secure ... so let's leave it there :-) And as the old joke goes the moment you connect your PC to the internet you are not secure anymore. 3rd Reply from VINEET Sorry for the late reply - been traveling. Detailed reply inline. In summary:
1. Site Key does not address the problem space which passwords address, and cannot be compared. Even for the problem-space Site Key addresses, it is not a great solution and can be broken. See inline notes for an analysis.
2. To authenticate a user to a system, you have to create a shared secret. This can be:
Till we get a simple, economical way of doing 2b or 2c, 2a will have to work. All things under 2a are open to a Brute Force attack. To reduce the probability of a successful Brute Force you have to increase the randomness of the secret and change the secret frequently. This is what leads to complex passwords and changing passwords requirement. This is math, plain and simple. No one wants to shove something down a user's throat - but you cannot defeat math.
3) The "simpler" ways of finding a password are social engineering techniques - that is a user-education issue. A system cannot really defend itself against social engineering. See notes below
4) Managing multiple passwords that change frequently is not as difficult as it may seem. See inline notes for an analysis.
It has been a long thread and I am happy we discussed at least some issues in detail. The point I want to convey is this: Today, the most widespread technology for authentication is password protection. Till we get something better at the same level of cost and simplicity, we have to make do with passwords and use them securely. Secure usage of passwords requires them to be complex and changed frequently. As people who are looked up to by the tech community, it is our responsibilty to educate the rest of the ecosystem on the importance of this point, and for this we need to educate and convince ourselves first. I would urge everyone on the list, including those who have not participated on this discussion, to read about passwords and understand them better. Final mail from Abhilash
Really happy to see a highly informative, researched ,educated and well thought of reply. Truly something from the evangelist desk! Issue of sitekey : Sitekey as you mentioned are primarily intended at anti phising techniques and system authentication . And I do understand the pain taken to explain the difference between User authentication and system authentication. But system authentication and User Authentication goes hand in hand. Because no matter, how often complex passwords are changed and enforced by the system. If the user is mis-directed /phised it beats the purpose in a way of having a great key. So my suggestion of site key is marginally better than a pure password alone . At least it involves some more level of security. Hope we can agree there.
It can be argued that mutual authentication cannot happen without having a trusted third party. (I do not have any links handy for this, but if you think hard enough about it, it is obvious). An example is Kerberos - it not only authenticates the user to the system but also the system to the user (you don't see it, but when you join a domain, you get the system's "credentials". Every time you log on, the trusted third party (KDC) helps verify the system's credidentials against the ones you have). The question we have to answer is how easy / difficult is it for an adversary to impersonate the system so that the user is not fooled into using it. Digital Certificates were designed to address this. A website would acquire a certificate from a Trusted Third Party (a Certificate Authority) and present that certificate to the user as a proof of the system being genuine. While we have evolved complex certificate chaining rules and an entire infrastructure around this, the root of the problem turns out to be the CA itself - what if a CA does not do its job well and ends up issuing a certificate to an adversary who may end up creating phishing attacks. Litigation does not solve the problem - it is a complex problem to address with multiple dependencies. So the big question is, on the internet, can you really trust the Trusted Third Party.
Site Key avoids a trusted third party route. Unfortunately the moment you don't have a TTP, you open yourself up to a man-in-the-middle attack. For Site Key, a man-in-the-middle exploit is described at http://www.cr-labs.com/publications/index.html.
So what is the solution? We do not have the answer today. Windows Card Spaces (formerly Infocard) also tries to address this issue. The approach WCS takes is to give a user a lot of identity-related data on the system she is starting to use, including past usage data. Since authentication is about identity proving, and identity is nothing but metadata (see section 7.1 on a draft of my article on Cryptography at http://devauthority.com/blogs/vineetgupta/articles/1878.aspx), surfacing a lot of metadata should be able to address the phishing problem. Why is this not prone to MTM? It is. But if the metadata you gather comes from a database prepared by a TTP, and you add the user's own experience to it, and you build the metadata over a period of time, the chances that you would be able to detect an impersonation carried out thru MTM or something else, are quite high. But of course this is far off (in terms of usage, the tech is already available). I am not going to argue with math but how often a password should be changed is a non-deterministic problem. Some say 30 days. Some say once in 6 months. Our MVP list has I guess has 90 days. Everyone will have his own view on what is a reasonable frequency. My view were just in those lines. I raised the issue of sitekey to say that as long as MVP user machine is identified he does not have to change his password that frequently. Well most recurring series pass phrases like “Yahoo mailing Vineet / 2006 - Aug!” can really give out a pattern and as you mentioned easily broken. We all agree there.
1. Brute-force attack against a system: There is no pattern getting recognized - brute force or dictionary attacks do not attempt to analyze how passwords change for a user. In any case, no self-respecting developer would actually store passwords. What is typically stored is a one-way hash of a password. Even if your passwords are changing according to some pattern, the resultant hash would not have a pattern. I am assuming that a cryptographhically strong hash is being used (MD5, SHA*).
2. Attack against individual: If you do not write your passwords in a diary, but only keep them in your head, there is no way of revealing the pattern, short of torture. (Incidentally, everytime someone says bio-metric, the image which comes to my mind are ghastly scenes of eyeballs, fingers, etc. being taken away from their owners ... not very encouraging! )
And my usage of the word Trojan was more in the sense of malaware and other generic nuisances. More like the idea of a someone who got into your backyard. Not About 4 years back there was this initiative called Hailstorm from Microsoft stable. I am not sure why it never came out to light. Maybe it is the trust factor of not trusting all your passwords with one vendor system that was the doom !. What I would really like is have a system which stores your passwords and changes them frequently with the website using industry standard secure interfaces randomly. And you give that credentials at every site and the site logs you in . These passwords I am willing to change every 15- 90 days user configurable. But as Vineet pointed out cost , adaptability are all issues here.
Incidentally I used something called RoboForm to manage my ever-growing list of passwords. Robo Form in turn stores all your password in your Disk / USB (Same Hailstorm/ SSO principle buy you have the data store ) but uses a master secret to unlock everything . And since you have an USB option you can carry it around in your key chain . This worked great for me for about a year until I washed the USB drive in my laundry accidentally. I really had a horrible two weeks after.
My point is I agree passwords are the most widespread and has the lowest cost and simplicity, but as people who are looked up by the tech community we should be moving towards the next generation of authentication for a start. One that is not a decade old proven legacy method but something new like the fingerprint scanner Vineet has. How much does a Fingerprint reader cost and can we get some discounts for MVP’s there and can we have fingerprint authentication for the MVP portal ;-) . and yeah MVP award kit should have a finger print reader too after all we do want to keep those NDA’s secure right Abhishek ( Abhishek : Yeah just when I got this Smart phone stuff sorted out . We need finger print readers, what next retina scanners ! )
Hope more comments / thoughts / dissections follow.
-Abhi
Talking about Re: Windows 2003 Driver for Compaq NC6000 laptop - Unicode (UTF-8)
Quote
August 09 yi kyuth shoore , Yi kyuth shooreI am scared and let down by personal, social , religious confrontations and in very sad mood I am writing this poem
yi kyuth shoore , Yi kyuth shoore
Chey Poze teh chaloh bhey apzyor... Magar yi kyuth shore , magar yi kyuth shoore
Chopey karivtav vanye,Chopey karivtav vanye Kath pyeth uutah Zoram Zore Zoram Zore :: Magar Yi kyuth shore,Magar Yi kyuth shore
Magaz saeen watav rawmit, Roohan sanyen gadyeh gamit
Kus lamaan yimaan .. hore teh yore , hore teh yore :: Magar Yi kyuth shore,Magar Yi kyuth shore
Naar logmut poshey wareyeh , kyulan lajmach waveh grayeh Kus wavaan yuth byol kus wavaan yuth byol ::: Magar Yi kyuth shore,Magar Yi kyuth shore
Na chuun Na myuun , Na Keh rozun Na keh sozun
Tyel kath aiseh karaan chuun myuun myuun chuun ::: Magar Yi kyuth shore,Magar Yi kyuth shore
March 17 Hukam Razai Chalna Nanak Likhiya NalThis Verse from RDB took me off shoot and my reverence to JAPJI sahabh came back like the Shores were once again swept by fresh tide form Lord... for three hours I searched for Lyrics from RDB ..finally got it from a frens and when I heard IK OMKAR ..tears of blessings came rolling down ... Was it that perfect song.. Or was it that pious . My heart pounded and Google was irresistible to find more on these verses...
Soche Soch Na Hovai Je Sochi Lakh Var
Thinking does not reach belief, if one thinks a million times
Guru Nanak lays emphasis on living a life based on Truth. Guru Nanak's Hukam Razai Chalna is placed in the Japuji Sahib as the First Commandment. This commandment implies total surrender of oneself to the Supreme. This commandment of surrender is given after Guru Nanak introduces the fallacy of performing cursory rituals.
To Learn more about JAP JI SAHIB here is the Link JAPJI EXPLORED
March 06 Something InterestingDon't let the opinions of the average man sway you. Dream and he thinks you're crazy. Succeed and he thinks you're lucky. Acquire wealth and he thinks you're greedy. Pay no attention. He simply does not understand." December 05 Comming back to LifeReverberating the Vibrations of lost world ,for connectivity can bring and isolation can disarray me.Last 2 Months have been totally different and hectic. Lot to write about it but pretty soon I will write about them before the end of year.
Waqt Waryah bemisaal ... Shabd dith totye Akh Sawaal Aakh hay ghachakh kott. Drakh hai maghar Yikh kar
August 29 Wrapping up Last weekendThis weekend was awesome..On Janamastami we went to ESKCON temple and there was a nice cultural festival and MAST KHANA khaya..Full veg meal ..Ahaaaaaaaaaaahh
Then saturday I was studying and in evening mai watchen "MAINE PYAAR KYUN KIYA" ..one bekaar movie from Salman....
Sunday was our last match of the season for our Cricket club ..Teams had been reshuffled and it looked like it was a real tussle between Bat and Ball..A real one..Although My performance wasn't so good in this match but the fact that our team won the match.... I was contended a lot...
We had a nice Lunch and thanks to Sohail for making a nice arrangement.Shamas Bhai came with his sister and wife as well.It was Mrs Shamas Bday and we had Nice Bday Hymes on Field.
The commarderie and Bonhomie in the Club is mazing inspite of the pitched debates about some umpiring Decisions but thats integral part of Cricket.
Evening Had a nice time in Swimming Pool with Frens like BP...
No Studies this weekend..as it was last weekend of Summer and Autumn has started from this Week officially..
Anyways a good active Weekend and Pictures of Cricket Match are uploaded as well. August 13 Blissful ShivaKashmiri Shaivism is wisdom beyond books " It is dependent on the Divine Grace and our efforts to realise the ultimate blessful Energy "SHIV" To help us in this realisation Sh Virender Qazi ji would be providing an Online Discourse Please note your time zones and add him to your Yahoo Messenger Sunday 14th Aug 2005 PST US Time 6.30 AM EST US TIME 9.30 AM India TIME 7 PM July 30 Nice Bolly wood music of SaherFinally after a long time I heard a nice originality in Bollywood - fantastic music in Saher
Some great tracks
1. Faizs ghazalic verse followed by instrumental
2. A nice song "palken jukawo na" 1-2-3
3. a nice prayer which my MOM often sings and i love the most "NAMAMISH MISHA NIRVAAN ROOPAM - VIBHUBAT"
WANNA HEAR THE ORIGINAL TRACK BY KAILASH MEHRA OF THE PRAYER CLICK HERE
July 11 The allotropes of masterAfter the hefty travel within myself and searching outside through the eternal space within my brains I was able to catapult the degree olf freedom against the slavery of sense...
I was constantly meditating and reciting avriuous purification lyrics of shaivism,lalded and constantly interacting sh virender qazi. It give gr8 pleasure to say that i was able to reach shudh vikalap stage which was 1.5 steps.
and at that stage some thing came in my mid
" Rabye hund myech dogul,athye manz barum tyengul
fookye fookye karaan chusas naar,waahye gachye na ath katarr" Meaning :- My body is jusy molten clay and I have placed a burning charcoal in it so that it dries up but since it has moisture of in humna mortal values it will try to cool off this charcoal
But I am constantly bloowing air..FYUKH FUKH so that it burns NAAR and My molten Body become KATTAR means hard clay pot fired in fire Here I am sybolizing the charcoal as wisdom of god I am putting the chat extracts of the conversation here for your reading
virendraqazi: Namaskar Mahrah!
vwangoo: namaskar vwangoo: waray virendraqazi: Yes dear vwangoo: I was going for meditation ..today I thought of doing sandya the way my grand father used to do vwangoo: just lit an agarbati and was looking for some good recitation online... vwangoo: to focus on vwangoo: can u suggest me a Saturday special :) sandya virendraqazi: Why not
vwangoo: thanks... virendraqazi: 3 Steps virendraqazi: One = Relax virendraqazi: Be in a comfortable posture vwangoo: okay I am following you keep on writing and I will do virendraqazi: Neat and clean environment virendraqazi: Nice frangrance of agarbati virendraqazi: all positive thoughts virendraqazi: Then think of your self as a child of virendraqazi: Mother Goddess or Param shiva virendraqazi: As per your samskara virendraqazi: But it is most important to be part of the virendraqazi: Supreme reality virendraqazi: Oh! Please forget yourself vwangoo: k virendraqazi: You are 100 per cent part of Supreme Creation virendraqazi: Why take the liability of burden on your self virendraqazi: It is only HE virendraqazi: We are travelling in train but carrying the burden on our head virendraqazi: When Lord Shiva is carrying it all vwangoo: k virendraqazi: So I conclude the step one with my humble request of Shiv Samavesa. You are charged with Shiva hood. You are but part of Ultimate Reality virendraqazi: Now should we travel to virendraqazi: Step virendraqazi: 2 vwangoo: k virendraqazi: Please be in comfortable posture virendraqazi: Relaxed and calm virendraqazi: Try to breathe comfortably and with ease virendraqazi: Partially close the eyes virendraqazi: Look within virendraqazi: Your mind virendraqazi: full of thoughts virendraqazi: Oh dear! It is employed for a job - that is to fantasize. It seeks impossible pleasures virendraqazi: from one flower to another - like a bee virendraqazi: With a smile watch your mind. Leave it free, alone and undisturbed virendraqazi: This is the stage of Vikalpa ( thought construct) Now we go to Sudh Vikalpa virendraqazi: Slow focus your attention to your virendraqazi: Dear one, your god, whom you admire most like your grand father virendraqazi: Please start virendraqazi: reciting the prayer or mantra vwangoo: ok virendraqazi: whatever is known to you well vwangoo: something came in my mind can i say that virendraqazi: Which can make you in tune virendraqazi: Pl vwangoo: Rabye hund myech dogul,athye manz barum tyengul vwangoo: fookye karaan chusas naar,waahye gachye na katarr vwangoo: it came to my mind and I writing it..i dont know why and from where.. virendraqazi: Wonderful! virendraqazi: You are in harmony virendraqazi: fookye karaan chusas naar,waahye gachye na katarr(PLEASE ELABORATE THIS ONE) vwangoo: i am doing 2nd step now and may be not oipen my eyes for some time but you do keep wiriting I will read them once I am back from Viaklpa vwangoo: Vikalpa vwangoo: My body is mud vwangoo: and I am placing a tyengul (fire wood c]piece of charcoal) virendraqazi: this is clear vwangoo: so that it dries up but since it has moisture of in humna mortal values it will try to cool off this charcoal vwangoo: But I am constantly bloowing air..FYUKH FUKH so that it burns NAAR vwangoo: and My molten Body become KATTAR means hard clay pot fired in fire vwangoo: Here I am sybolizing the charcoal as wisdom of god vwangoo: It hit my mind in step 1 virendraqazi: You are great and highly spiritual vwangoo: veer wangoo: Rabye hund myech dogul,athye manz barum tyengul veer wangoo: fookye fookye karaan chusas naar,waahye gachye na katarr virendraqazi: Pranam! vwangoo: all ur blessing virendraqazi: I am fit to be your virendraqazi: Humble Chela vwangoo: Shall I proceed to 2nd step ..and would wish that we continue this session every saturday evening which isyour sunday morning vwangoo: Please dont depreciate me by calling your self chela vwangoo: I ll be suffocated virendraqazi: We have only completed one and half step vwangoo: let me revise it agian till I am sure of it that I can hold it. vwangoo: before I got to next step virendraqazi: Good vwangoo: I am savig the text virendraqazi: Please be focussed with me so that there is a concrete development and learning. Knowledge is so vast and our life is so short. It will take thousands of our lives to learn some thing
vwangoo: sure vwangoo: When will we do next step vwangoo: because I still need to practise the 1.5 steps and experience it more vwangoo: I wish to plough more .... Would that be OK virendraqazi: Can we make it same time next week. vwangoo: yes that will be great I ll add to my calendar. vwangoo: July 16th vwangoo: which would be July 17th for India vwangoo: yours 7 AM virendraqazi: In Kalyuga we get great merit by involving others in this noble work vwangoo: which would be 6.30 PM here virendraqazi: Yes vwangoo: so I amadding it to the calendar ..july 16th 6.30 PM my time ..july 17th 7 am your time. virendraqazi: Wonderful virendraqazi: Please involve who so ever wants the benefit virendraqazi: Post the messages once or twice vwangoo: yes vwangoo: I will ask my frens to be part of conversation as well virendraqazi: I can send a formal instruction one day before. You can also formally sent me request. The purpose is our humble effort to generate interest in our community vwangoo: sure At this point I started off for next week to try and rehearse again .
June 11 Blessed by the knowledge that some one knows my masterhttp://www.universalshaivafellowship.org/
In this web-site the Universal Shaiva Fellowship (USF) presents the unique teachings of Swami Lakshmanjoo, a true Trika Master and the last living embodiment of the oral and written tradition of Kashmir Shaivism.
About Kashmir Shaivism Swami Lakshmanjoo said, "Kashmir Shaivism is known as the Pure Trika system. It is 'the three-fold science of man and his world.' Kashmir Shaivism is a philosophy meant for any human being without restriction of caste, creed, color or gender." Though Swami Lakshmanjoo was a master of Sanskrit Language and completely versed in all systems of Shaiva Philosophy, his teachings were always expressed in simple language, accessible to the sincere aspirant. "Trika philosophy is situated in the heart of that supreme energy of God consciousness. It teaches you to realize that this whole objective world, which is already in front of you, is not separate from God consciousness. You do not have to realize God situated in some seventh heaven. God and the individual are one, to realize this is the essence of Shaivism." June 08 Books that I was longing forLast week has been very hectic just like this one as well..Lots of confusion and choas but finally things settling down...IN this dusty grey world only two gud things happened.. I enrolled for PMP and got the books for study and along with that I ordered a nice set of Kashmiri Shaivism Philosphy books for my research...I was dejected when sunnypress NY rejected my order (they had no print copiesw available) and i couldn't get my books... Hopefully this time from India I get them all...Touch wood... I am still missing some books for study but i ll make them up provided I get the address of John Hughs one great devotee of Lakshman joo maharaj.. well for your interest here is the link to the great set of books i have ordered.. http://www.mlbd.com/WEBSITE%20ORDER%20NO.4136.txt approx 13 books in first lot...
May 26 Fire Fly Ash and meIt has put a simple dot on my feelings..That in the entire span of universe we are not even tiny points or dots. Our existence is smallest fraction that one thinks of…. We are like fire fly ash that comes out of Havan Kund. We can get just dumped in fraction or can fire an entire house hatch if we land up at wrong place. Now with so many problems and difficulties around where do we stand. If death is inevitable then why are we alive and if if we are meant to face difficulties what do we realize at the end. “Yeh sabh kya hai…” Answer is we are too small and fractioned to think about it like the fire ash fly we are part of that cosmic energy released billions of years ago and will dry up in it again and be born / reborn with energy conversions. So the fact that we shed tears is wrong because not just philosophically nor practically are they going to help us. The Emotions within us are significance of greater divine…The formation of Human being is inevitable and his failures/problem etc his misconception with world… Lakshman Jo Said “Let Shiva, who has taken the form of my individual being, offer salutation to his Universal Being Shiva, through media, which is also Shiva, for the removal of obstacles which are, indeed, one with Shiva.” So we evolve your though process as part of that Shiv who is inside you and who is unhappy because of karma chakra which is beyond our understanding….Relentlessly practice to invoke him and let he reach that universal Shivam through a medium which is unknown to us called Shiv itself and cure us of all the problems |
|
|
