User Panel
Posted: 7/25/2013 2:59:22 PM EDT
Feds tell Web firms to turn over user account passwords Declan McCullagh July 25, 2013 11:26 AM PDT The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. "I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back." A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts. A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it." Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said. -- The Feds just keep pushing... |
|
This doesn't make me angry. We have come to expect this of our government.
What makes me angry is that they are getting away with it. How the fuck do people not care? |
|
|
Quoted: This doesn't make me angry. We have come to expect this of our government. What makes me angry is that they are getting away with it. How the fuck do people not care? View Quote People do care, but their protests are falling on deaf ears. The NSA doesn't care what we think. And our "representatives" just approved continued funding for NSA surveillance. |
|
If I log in and start sounding like FedDC, go ahead and lock my account down.
|
|
|
Quoted:
Quoted:
If I log in and start sounding like FedDC, go ahead and lock my account down. What about a leftist troll or shill? Yes. If I come in here and start promoting socialistic policies such as wealth redistribution, more regulations, the NFA or any other big govt nonsense, lock me down. |
|
The fuck difference does that make? They already have access to everything sent over the WWW. Can't get any more pissed off at this after the shit that already came out.
|
|
This country now more closely resembles the Soviet Union than anything close to what the Founders ever envisioned and fought for.
It disgusts me to my core.
|
|
Quoted:
The fuck difference does that make? They already have access to everything sent over the WWW. Can't get any more pissed off at this after the shit that already came out. View Quote Obtaining password hashes helps inform brute force attacks on passwords. In other words, if you're one of the 1-3% of people technically savvy enough to encrypt yo' shit, then having access to a massive database of password hashes (the encrypted form of passwords) as well as the algorithms used to do the encryption then if you have a reasonably powerful computer (or a shitload of Crays) then you can take someone's encrypted shit and brute force the passwords with your massive library of password hashes. That 1-3% of people who are savvy enough to take some defensive measures against snoopery are rendered moot. And, not to put too fine a point on it, people tend to use the same password for multiple things. So if I figure out Bob's gmail password, I might well own every one of Bob's accounts. Or at the very least I have insight into how Bob makes up his passwords, which informs my attempts to access his data. So the rest of the stuff is certainly a big deal...but this is also a big damn deal on its own. |
|
In before josh comes in justifying becoming a totalitarian surveillance state.
|
|
Quoted: Obtaining password hashes helps inform brute force attacks on passwords. In other words, if you're one of the 1-3% of people technically savvy enough to encrypt yo' shit, then having access to a massive database of password hashes (the encrypted form of passwords) as well as the algorithms used to do the encryption then if you have a reasonably powerful computer (or a shitload of Crays) then you can take someone's encrypted shit and brute force the passwords with your massive library of password hashes. And, not to put too fine a point on it, people tend to use the same password for multiple things. So if I figure out Bob's gmail password, I might well own every one of Bob's account. Or at the very least I have insight into how Bob makes up his passwords, which informs my attempts to access his data. So the rest of the stuff is certainly a big deal...but this is also a big damn deal on its own. View Quote View All Quotes View All Quotes Quoted: Quoted: The fuck difference does that make? They already have access to everything sent over the WWW. Can't get any more pissed off at this after the shit that already came out. Obtaining password hashes helps inform brute force attacks on passwords. In other words, if you're one of the 1-3% of people technically savvy enough to encrypt yo' shit, then having access to a massive database of password hashes (the encrypted form of passwords) as well as the algorithms used to do the encryption then if you have a reasonably powerful computer (or a shitload of Crays) then you can take someone's encrypted shit and brute force the passwords with your massive library of password hashes. And, not to put too fine a point on it, people tend to use the same password for multiple things. So if I figure out Bob's gmail password, I might well own every one of Bob's account. Or at the very least I have insight into how Bob makes up his passwords, which informs my attempts to access his data. So the rest of the stuff is certainly a big deal...but this is also a big damn deal on its own. Well said. We need to step up the pressure on our reps. |
|
|
There's only one way this is gonna stop and it's not pretty.
But we all know that the other boxes are useless. |
|
Come on guys the Obama administration is only after terrorists! They would neeeeeeeeeeeeeevvvvvvvveeeeeeeerrrrrrrrrrrrrrrrr overstep their bounds.
|
|
|
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.
|
|
|
Big Brother isn't only watching you, he's reading your e-mail
|
|
Quoted:
Welcome to Stasi Amerika. View Quote It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue? |
|
|
|
Maybe they want the passwords because half of the people trolling the NSA are asking for login information they forgot.
|
|
I'm going to go ahead and make copies of all the keys for my house, locks, and vehicles for them too.
I have nothing to hide. |
|
And encryption master keys...
Feds put heat on Web firms for master encryption keyshttp://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/ |
|
Quoted:
It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue? View Quote View All Quotes View All Quotes Quoted:
Quoted:
Welcome to Stasi Amerika. It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue? Looks like this account has been compromised, lock it down! |
|
Quoted: It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue? View Quote View All Quotes View All Quotes Quoted: Quoted: Welcome to Stasi Amerika. It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue? It's very easy to stifle resistance when it's so trivial to electronically shut down all of the resistors' assets and support.
|
|
Quoted: Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests. View Quote Snowden revealed that MS turned over their encryption algorithms and salts for Skype. Why should we believe that they wouldn't do the same for login credentials? |
|
|
How many people back their shit up with carbonite ? Not I -
Fuck the cloud storage IMO ! |
|
Quoted:
This doesn't make me angry. We have come to expect this of our government. What makes me angry is that they are getting away with it. How the fuck do people not care? View Quote We do, but both big parties support the spying. If only there was a third party we could vote for. One that valued limits on government power, small, transparent, accountable government, fiscal responsibility, and individual liberties... |
|
Quoted:
Snowden revealed that MS turned over their encryption algorithms and salts for Skype. Why should we believe that they wouldn't do the same for login credentials? View Quote View All Quotes View All Quotes Quoted:
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests. Snowden revealed that MS turned over their encryption algorithms and salts for Skype. Why should we believe that they wouldn't do the same for login credentials? The Feds are not likely to prosecute providers who lie to protect the Feds' requests. |
|
Quoted:
Snowden revealed that MS turned over their encryption algorithms and salts for Skype. Why should we believe that they wouldn't do the same for login credentials? View Quote View All Quotes View All Quotes Quoted:
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests. Snowden revealed that MS turned over their encryption algorithms and salts for Skype. Why should we believe that they wouldn't do the same for login credentials? TRUST NO ONE Mfer's |
|
Quoted:
Feds tell Web firms to turn over user account passwords Declan McCullagh July 25, 2013 11:26 AM PDT The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. "I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back." A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts. A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it." Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said. Link-- The Feds just keep pushing... View Quote Everyone should be writing their representatives over this. This is DANGEROUS territory. |
|
Quoted:
We do, but both big parties support the spying. If only there was a third party we could vote for. One that valued limits on government power, small, transparent, accountable government, fiscal responsibility, and individual liberties... View Quote View All Quotes View All Quotes Quoted:
Quoted:
This doesn't make me angry. We have come to expect this of our government. What makes me angry is that they are getting away with it. How the fuck do people not care? We do, but both big parties support the spying. If only there was a third party we could vote for. One that valued limits on government power, small, transparent, accountable government, fiscal responsibility, and individual liberties... And people entirely throw that option away, CUZ THEY ALLOW WEED!!! ONOES! |
|
Quoted:
The Feds are not likely to prosecute providers who lie to protect the Feds' requests. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests. Snowden revealed that MS turned over their encryption algorithms and salts for Skype. Why should we believe that they wouldn't do the same for login credentials? The Feds are not likely to prosecute providers who lie to protect the Feds' requests. And more companies put more of their data "in the cloud." |
|
If you haven't watched "The Lives of Others," go out and rent it.
When I first viewed it, little did I know that just a few short years later we'd be living under far worse. |
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.