Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel

Site Notices
Arrow Left Previous Page
Page / 3
Posted: 7/25/2013 2:59:22 PM EDT




Feds tell Web firms to turn over user account passwords







Declan McCullagh July 25, 2013 11:26 AM PDT







The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.







If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.







"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."







A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"







Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.







A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."







Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said.





Link

--




The Feds just keep pushing...









 
Link Posted: 7/25/2013 3:00:51 PM EDT
[#1]
Unreal....

Link Posted: 7/25/2013 3:03:15 PM EDT
[#2]
This doesn't make me angry.  We have come to expect this of our government.

What makes me angry is that they are getting away with it.  How the fuck do people not care?
Link Posted: 7/25/2013 3:05:27 PM EDT
[#3]

Discussion ForumsJump to Quoted PostQuote History
Quoted:


How the fuck do people not care?
View Quote


Did you hear what they named the royal baby?



 
Link Posted: 7/25/2013 3:06:03 PM EDT
[#4]
In before Josh.
Link Posted: 7/25/2013 3:06:32 PM EDT
[#5]
Link Posted: 7/25/2013 3:06:47 PM EDT
[#6]

Discussion ForumsJump to Quoted PostQuote History
Quoted:


This doesn't make me angry.  We have come to expect this of our government.



What makes me angry is that they are getting away with it.  How the fuck do people not care?
View Quote




 
People do care, but their protests are falling on deaf ears.  The NSA doesn't care what we think.  And our "representatives" just approved continued funding for NSA surveillance.



Link Posted: 7/25/2013 3:06:56 PM EDT
[#7]
Time to change all my passwords to begin with "FBHO".
Link Posted: 7/25/2013 3:12:22 PM EDT
[#8]
If I log in and start sounding like FedDC, go ahead and lock my account down.
Link Posted: 7/25/2013 3:15:02 PM EDT
[#9]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
If I log in and start sounding like FedDC, go ahead and lock my account down.
View Quote


What about a leftist troll or shill?
Link Posted: 7/25/2013 3:19:06 PM EDT
[#10]
Discussion ForumsJump to Quoted PostQuote History
Quoted:


What about a leftist troll or shill?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
If I log in and start sounding like FedDC, go ahead and lock my account down.


What about a leftist troll or shill?


Yes. If I come in here and start promoting socialistic policies such as wealth redistribution, more regulations, the NFA or any other big govt nonsense, lock me down.
Link Posted: 7/25/2013 3:25:33 PM EDT
[#11]
The fuck difference does that make? They already have access to everything sent over the WWW. Can't get any more pissed off at this after the shit that already came out.
Link Posted: 7/25/2013 3:26:29 PM EDT
[#12]
This country now more closely resembles the Soviet Union than anything close to what the Founders ever envisioned and fought for.



It disgusts me to my core.
Link Posted: 7/25/2013 3:26:54 PM EDT
[#13]
Bush's fault?
Link Posted: 7/25/2013 3:30:48 PM EDT
[#14]
Link Posted: 7/25/2013 3:31:45 PM EDT
[#15]
In before josh comes in justifying becoming a totalitarian surveillance state.
Link Posted: 7/25/2013 3:32:36 PM EDT
[#16]

Discussion ForumsJump to Quoted PostQuote History
Quoted:
Obtaining password hashes helps inform brute force attacks on passwords.



In other words, if you're one of the 1-3% of people technically savvy enough to encrypt yo' shit, then having access to a massive database of password hashes (the encrypted form of passwords) as well as the algorithms used to do the encryption then if you have a reasonably powerful computer (or a shitload of Crays) then you can take someone's encrypted shit and brute force the passwords with your massive library of password hashes.



And, not to put too fine a point on it, people tend to use the same password for multiple things. So if I figure out Bob's gmail password, I might well own every one of Bob's account. Or at the very least I have insight into how Bob makes up his passwords, which informs my attempts to access his data.



So the rest of the stuff is certainly a big deal...but this is also a big damn deal on its own.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:



Quoted:

The fuck difference does that make? They already have access to everything sent over the WWW. Can't get any more pissed off at this after the shit that already came out.




Obtaining password hashes helps inform brute force attacks on passwords.



In other words, if you're one of the 1-3% of people technically savvy enough to encrypt yo' shit, then having access to a massive database of password hashes (the encrypted form of passwords) as well as the algorithms used to do the encryption then if you have a reasonably powerful computer (or a shitload of Crays) then you can take someone's encrypted shit and brute force the passwords with your massive library of password hashes.



And, not to put too fine a point on it, people tend to use the same password for multiple things. So if I figure out Bob's gmail password, I might well own every one of Bob's account. Or at the very least I have insight into how Bob makes up his passwords, which informs my attempts to access his data.



So the rest of the stuff is certainly a big deal...but this is also a big damn deal on its own.




 
Well said.  We need to step up the pressure on our reps.






Link Posted: 7/25/2013 3:33:52 PM EDT
[#17]
Nazis.
Link Posted: 7/25/2013 3:34:35 PM EDT
[#18]
Can't say I'm surprised.
Link Posted: 7/25/2013 3:35:09 PM EDT
[#19]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
This country now more closely resembles the Soviet Union than anything close to what the Founders ever envisioned and fought for.

It disgusts me to my core.
View Quote

This. FTG
Link Posted: 7/25/2013 3:35:36 PM EDT
[#20]
There's only one way this is gonna stop and it's not pretty.

But we all know that the other boxes are useless.
Link Posted: 7/25/2013 3:36:54 PM EDT
[#21]
Glad all my sketchy stuff is untouchable.
Link Posted: 7/25/2013 3:37:47 PM EDT
[#22]
Come on guys the Obama administration is only after terrorists! They would neeeeeeeeeeeeeevvvvvvvveeeeeeeerrrrrrrrrrrrrrrrr overstep their bounds.
Link Posted: 7/25/2013 3:39:23 PM EDT
[#23]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
This doesn't make me angry.  We have come to expect this of our government.

What makes me angry is that they are getting away with it.  How the fuck do people not care?
View Quote


People care, they either feel powerless to change it, or don't want to pay the price to change it.
Link Posted: 7/25/2013 3:39:24 PM EDT
[#24]
Welcome to Stasi Amerika.
Link Posted: 7/25/2013 3:39:29 PM EDT
[#25]
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.
Link Posted: 7/25/2013 3:40:00 PM EDT
[#26]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Come on guys the Obama administration is only after terrorists! They would neeeeeeeeeeeeeevvvvvvvveeeeeeeerrrrrrrrrrrrrrrrr overstep their bounds.
View Quote


Josh - did you just take over Alien's account?

Link Posted: 7/25/2013 3:40:26 PM EDT
[#27]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Welcome to Stasi Amerika.
View Quote

Link Posted: 7/25/2013 3:40:49 PM EDT
[#28]
Nothing will be done about it, except even more intrusion.
Link Posted: 7/25/2013 3:41:46 PM EDT
[#29]
Tag for a response from Arfcom's resident statists.
Link Posted: 7/25/2013 3:41:56 PM EDT
[#30]
Big Brother isn't only watching you, he's reading your e-mail
Link Posted: 7/25/2013 3:42:40 PM EDT
[#31]
Link Posted: 7/25/2013 3:43:28 PM EDT
[#32]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.
View Quote


I don't believe them.
And I don't believe the article.
And I don't believe the Feds.


<Tightens Tin Foil....>
Link Posted: 7/25/2013 3:44:19 PM EDT
[#33]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Big Brother isn't only watching you, he's reading your e-mail
View Quote


At least someone is. I maybe open 5% of my emails
Link Posted: 7/25/2013 3:44:48 PM EDT
[#34]
Maybe they want the passwords because half of the people trolling the NSA are asking for login information they forgot.
Link Posted: 7/25/2013 3:44:52 PM EDT
[#35]
I'm going to go ahead and make copies of all the keys for my house, locks, and vehicles for them too.

I have nothing to hide.
Link Posted: 7/25/2013 3:45:25 PM EDT
[#36]
And encryption master keys...




Feds put heat on Web firms for master encryption keys



Link Posted: 7/25/2013 3:46:25 PM EDT
[#37]
Discussion ForumsJump to Quoted PostQuote History
Quoted:


It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue?

View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
Welcome to Stasi Amerika.


It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue?



Looks like this account has been compromised, lock it down!  
Link Posted: 7/25/2013 3:46:52 PM EDT
[#38]

Discussion ForumsJump to Quoted PostQuote History
Quoted:
It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue?



View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:



Quoted:

Welcome to Stasi Amerika.




It does rather make one worry about whether or not resistance to tyranny is even possible in the modern technological age. When the government is so up in your business that it has your health records, financial records, and every form of communication more sophisticated than semaphore being recorded for "security" purposes, is there even any hope that someone could resist if the government goes rogue?







 
It's very easy to stifle resistance when it's so trivial to electronically shut down all of the resistors' assets and support.
Link Posted: 7/25/2013 3:47:24 PM EDT
[#39]

Discussion ForumsJump to Quoted PostQuote History
Quoted:


Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.
View Quote




 
Snowden revealed that MS turned over their encryption algorithms and salts for Skype.  Why should we believe that they wouldn't do the same for login credentials?



Link Posted: 7/25/2013 3:49:23 PM EDT
[#40]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
The fuck difference does that make? They already have access to everything sent over the WWW. Can't get any more pissed off at this after the shit that already came out.
View Quote



The feds are probing us to see how much we'll take.

So far they are up to their elbows.
Link Posted: 7/25/2013 3:50:28 PM EDT
[#41]
How many people back their shit up with carbonite ?   Not I -

Fuck the cloud storage IMO !



Link Posted: 7/25/2013 3:51:36 PM EDT
[#42]
Discussion ForumsJump to Quoted PostQuote History
Quoted:
This doesn't make me angry.  We have come to expect this of our government.

What makes me angry is that they are getting away with it.  How the fuck do people not care?
View Quote

We do, but both big parties support the spying.  

If only there was a third party we could vote for.   One that valued limits on government power,  small, transparent, accountable government, fiscal responsibility, and individual liberties...
Link Posted: 7/25/2013 3:52:52 PM EDT
[#43]
Discussion ForumsJump to Quoted PostQuote History
Quoted:


  Snowden revealed that MS turned over their encryption algorithms and salts for Skype.  Why should we believe that they wouldn't do the same for login credentials?

View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.


  Snowden revealed that MS turned over their encryption algorithms and salts for Skype.  Why should we believe that they wouldn't do the same for login credentials?



The Feds are not likely to prosecute providers who lie to protect the Feds' requests.

Link Posted: 7/25/2013 3:53:35 PM EDT
[#44]
Discussion ForumsJump to Quoted PostQuote History
Quoted:

  Snowden revealed that MS turned over their encryption algorithms and salts for Skype.  Why should we believe that they wouldn't do the same for login credentials?

View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.

  Snowden revealed that MS turned over their encryption algorithms and salts for Skype.  Why should we believe that they wouldn't do the same for login credentials?


TRUST NO ONE Mfer's
Link Posted: 7/25/2013 3:56:06 PM EDT
[#45]
Quoted:
Feds tell Web firms to turn over user account passwords

Declan McCullagh July 25, 2013 11:26 AM PDT

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"

Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."

Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said.


Link--

The Feds just keep pushing...



 
View Quote


Everyone should be writing their representatives over this.   This is DANGEROUS territory.
Link Posted: 7/25/2013 3:57:10 PM EDT
[#46]
EAT A DICK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

















Link Posted: 7/25/2013 3:59:33 PM EDT
[#47]
Discussion ForumsJump to Quoted PostQuote History
Quoted:

We do, but both big parties support the spying.  

If only there was a third party we could vote for.   One that valued limits on government power,  small, transparent, accountable government, fiscal responsibility, and individual liberties...
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
This doesn't make me angry.  We have come to expect this of our government.

What makes me angry is that they are getting away with it.  How the fuck do people not care?

We do, but both big parties support the spying.  

If only there was a third party we could vote for.   One that valued limits on government power,  small, transparent, accountable government, fiscal responsibility, and individual liberties...


And people entirely throw that option away, CUZ THEY ALLOW WEED!!!  ONOES!

Link Posted: 7/25/2013 4:01:30 PM EDT
[#48]
I want to leave this country.
Link Posted: 7/25/2013 4:01:56 PM EDT
[#49]
Discussion ForumsJump to Quoted PostQuote History
Quoted:


The Feds are not likely to prosecute providers who lie to protect the Feds' requests.

View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
Quoted:
Pretty horrific if true, but if you read the article, all of the actual service providers quoted emphatically deny that they comply with such requests.


  Snowden revealed that MS turned over their encryption algorithms and salts for Skype.  Why should we believe that they wouldn't do the same for login credentials?



The Feds are not likely to prosecute providers who lie to protect the Feds' requests.



And more companies put more of their data "in the cloud."  
Link Posted: 7/25/2013 4:01:58 PM EDT
[#50]
If you haven't watched "The Lives of Others," go out and rent it.

When I first viewed it, little did I know that just a few short years later we'd be living under far worse.
Arrow Left Previous Page
Page / 3
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
Top Top