Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THE SCENES OF violence during a Last Saturday parade in Belfast illustrates the serious image problem that exists for organisations like the Royal Black Institution and its counterpart the Orange Order.
The marching season in Northern Ireland has always had its contentious parades – from the Garvaghy Road in Portadown to the Ardoyne Shops in North Belfast – but this year has given birth to a new flashpoint, a Catholic Church, near the city centre. The origins of this disturbance began on 12th July when a band called the Young Conway Volunteers were filmed parading in a circle outside the church resulting in the Parades Commission placing restrictions on the march that took place on Saturday.
The open defiance of the marchers and the resulting attacks on members of the PSNI begs me to ask what do organisations such as the ones mentioned above want to stand for in 2012.
For a long time I have watched people on both sides of the parades debate play the blame game over whose fault it was when the inevitable trouble kicked off over a parade passing through a contentious area or a protestor who threw the first stone. I am not in this column trying to determine blame or point a finger at a certain organisation but watching the stream of police Land Rovers leaving Antrim Road police station on Saturday I got to thinking that surely Loyalist marchers would want better images than this to come to people’s minds when they hold a parade.
“Provocative songs played primarily to antagonise?”
Surely as we enter this decade of commemorations that include important events such as the signing of the Ulster Covenant and the Battle of the Somme, these marchers would rather not have front page images of police officers on the ground injured and people cheering as provocative songs are played primarily to antagonise the neighbouring community?
Since the creation of the Parades Commission in 1998, Loyalist marchers have continuously felt that their attempts to celebrate important cultural events have been curtailed. Yet their frustration at this slight has seen not their ultimate figure of opposition the Commission in the firing line but the police who for years Loyalists lauded and continuously swore ultimate loyalty too.
This illustrates the necessity for organisations such as the Orange Order to adopt a new narrative in 2012 but how can they do this?
This coming month is the centenary of the signing of the Ulster Covenant. The iconic picture of Unionist leader Edward Carson signing the pledge to fight the introduction of home rule in Ireland will no doubt be displayed on banners in marches by the very same people who took part on the parades this past Saturday.
Yet while they are celebrating this historic event they could do well to think about where they want their own organisations and Unionism to be in a hundred years. The leaders of Unionism then give the Unionists of today an important lesson and that is important of adapting and changing with the times. Recent surveys conducted from the Northern Ireland Life and Times Survey to the Belfast Telegraph all indicate that attitudes religious attitudes particularly among Catholics to staying within the United Kingdom have been on the rise over the past decade.
“The desire to see the incorporation of Catholics into Unionism”
While the advocation of Protestant values in a new Northern Ireland state within the United Kingdom might have worked to mobilise the population in 1912, recent demographic shifts show the futility of such a strategy in 2012. If the Unionism today is determined to build a political coalition that can carry them over the next century then part and parcel of that must be the desire to see the incorporation of Catholics into the heart of Unionism.
The provocative scenes displayed on the streets of Belfast this Saturday and the silence of Unionist politicians to condemn such actions will certainly do nothing to help bring more Catholics into supporting the Unionist parties. Are some Unionist organisations ready to make big changes to incorporate the changes that have taken place since 1912? I do not know. But more than ninety years after the partition of the country it would appear that little strategic thinking about the future has taken place as to how Unionism can extend its reach beyond the Protestant community.
While the celebrations of the centenary of the signing of the covenant take place, the marchers who took gleeful pleasure on the actions that took place should pay heed to the words of Carson when he spoke to the Unionist Council in 1921 about necessity of incorporating Catholics into the Northern Ireland state.
If Unionism ever wants build the ‘strong house’ on the island of Ireland that David Trimble spoke of in 1998, then it must be prepared to throw open its doors to any and all that comprise the North of Ireland in 2012.
David McCann is a PhD researcher in Irish politics at the University of Ulster.
To embed this post, copy the code below on your site
Who the hell is Ronan Murphy? Why not get someone who actually knows about security to comment? Ireland has a relatively large and knowledgable infosec community who could give good advice, unlike Mr. Murphy who doesn’t know what he is talking about.
First, storing a password as md5 hash is not much better than plaintext. Md5 is broken and trivial to crack. Passwords should at minimum be hashed using sha256 (preferably sha512) then salted with a random value, then hashed again. That is a minimum.
Secondly, md5 is not encryption. It is hashing. Hashes are used for verification and retains none of the original information.
Was going to say the same thing. Can’t believe that somebody in 2013 is still recommending using an MD5 hash, especially when they appear to think it’s an encryption algorithm.
// sheesh
I just had a look at his profile. It seems he’s the CEO of an MSP. I wonder why he didn’t get one of his engineers to comment? His comment doesn’t inspire much confidence in his company as a security provider.
Better go cash in my 1 billion worth of prize bonds… oh wait, that was a dream :-(
Limited budget resources is no excuse. They just need a line of code to hash new passwords and another line to hash passwords when logging in. Then prepare a script to convert all previous passwords. I could almost do that for free.
How do you know that’s not happening but with reversable encryption
Your not supposed to encrypt passwords. You’re supposed to hash them. Hashing is not reversible. Encryption is.
I don’t, but if they are they shouldn’t. Nevertheless the solution is much the same except with two extra steps, remove the encryption code and decrypt all existing passwords before hashing them.
And yes, it is bad design, because regardless what they’re doing behind the scenes, being able to return a users existing password is an indication that the password is easily accessible. They are not using md5 and dehashing it as that requires brute forcing it, even if they were I’d be enclined to fire the developer for eating up all the server resources for that.
All it requires is one other careless overlook on security, such as an sql injection weakness, and bingo, anyone who can write sql can get all the user passwords because they weren’t hashed.
Oop I didn’t even know I had a password?? I thought I just got a letter in the post if I won ………
This article is absolute load of horseshite. The fact that they email you your password is simply bad design and easily remedied by simply sending a reset link.
However it does not mean that it is stored in plain text. To check that your password is correct it has to be compared to the origional.
Also md5 can be decrypted back to the original. Or maybe they store they have a master encryption key.
Journalist shouldnt write this waffle…..
iT IS POSSIBLE to hack every website…….
Btw md5 is not random
So are you saying that people are not getting their passwords sent by email? never mind the if’s and but’s and what should be done because we know that already, the article points out that our pals at the National Treasury Management Agency don’t know so maybe you should help them out.
@Rehabmeerkat, the point of using salted hashes is that the backend code compares hashes to validate passwords, rather than comparing candidate passwords with the original password. Neither can MD5 “be decrypted back to the original”. Instead, it’s possible, with some work, to find message text which hashes to the same MD5 hash value which is equivalent if the backend code is comparing hashes. Finally, it’s unclear what you mean when you say “they store they have a master encryption key” since MD5 is a hashing algorithm which does not use keys, rather than an encryption algorithm which does (or, are you referring to storing passwords enciphered under a master key, rather than hashing them and comparing hashes? If so, that’s still lousy security practice).
MD5 can be reversed via rainbow tables, check http://md5decryptor.co.uk to see it
That’s technically not reversed. Theoretically there is an infinite number of collisions and you are just finding one by brute force. But when talking about hashed passwords generally the first result is the password.
Yet the Bank Guarantee letters weren’t stored in plain text, …. Or were they….
@NickyRyan_ Thanks for this insightful (although a bit scary) article!
I have to confirm unfortunately that the fact that passwords have been sent via email does mean that they’re stored in plain text or equivalent (maybe encrypted with the key stored not far from there).
Usually, as Robin Hilliard mentioned, instead of comparing passwords, systems should compare “hashes” obtained from these passwords, using a complex hash function. MD5 which is mentioned shouldn’t be used in that case as it can be easily reversed using rainbow tables. The way this works is fairly easy to understand: for millions of passwords, the MD5 result is pre-calculted and stored in a big table (called rainbow table). Then, it’s only a matter of looking up the MD5 result to derive the password.
The proper way to secure these passwords will be to use salted hash: that means that each password in hashed using a unique “salt”.
It’s not to late to burn these Bondholders.
have your say