Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Feds tell Web firms to turn over user account passwords


  • Please log in to reply
16 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 25 July 2013 - 07:28 PM

Feds tell Web firms to turn over user account passwords


The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

...Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:03:06 AM

Posted 25 July 2013 - 07:41 PM

Why companies are we talking? Banking, financial, or like youtube and email?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#3 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:03:06 AM

Posted 25 July 2013 - 07:42 PM

And when it says 'Internet firms', does it mean ISP?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:06 AM

Posted 25 July 2013 - 08:12 PM

major Internet companies = your ISP
From there they can access pretty much what they want on your account(s).

I guess this makes it easier than relying on the IRS to spy on us.

Edited by boopme, 25 July 2013 - 08:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:03:06 AM

Posted 25 July 2013 - 08:49 PM

This makes me sick. The government should work FOR us! Not agonist us.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 woolie

woolie

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 02 August 2013 - 01:20 AM

I guess I'm not surprised with tools like konboot out in the wild...

Those entities wanting private data and passwords may already

have the ability to take any thing they want anyway...

Simply more signs the nazi-fascist  folks are taking over the planet...   :mellow: :( 



#7 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:03:06 AM

Posted 02 August 2013 - 11:48 AM

I say we all go back to tin cans and string and writing risky ;) notes on paper and tying them to pigeons. 


Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#8 AlexFiend

AlexFiend

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 09 August 2013 - 06:49 PM

It seems I agree. Tin cans and carrier pigeons.



#9 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:06 AM

Posted 09 August 2013 - 09:22 PM

ok TY for this article. it is honestly frightening. and i don't hear anyone in the media talking about this (i admit i am pretty buried these days due to real world work). but it's scarey. i have a feeling most of the general public is completely disconnected and disinterested, thinking 'oh the government is just here to take care of me.' 

 

Is this happening because of the NSA or because the NSA has no one they are accountable to? I guess congress is ignoring it too, and i know congress is the only entity that can protect us in this regard. As far as Administration goes, I am certain whoever is in the current Administration has and always will want this kind of scrutiny all in the name of keeping us safe, but IDK, we were pretty safe before the Patriot Act ever came along.  This is so secretive too, and we wouldn't even know if we're compromised.

 

I need to get better passwords, this is a fact. 

 

A quote from the article above:

Cracking the codes
Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user's original password is hardly guaranteed. The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.

Algorithms, known as hash functions, that are viewed as suitable for scrambling stored passwords are designed to be difficult to reverse. One popular hash function called MD5, for instance, transforms the phrase "National Security Agency" into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.

But modern computers, especially ones equipped with high-performance video cards, can test passwords scrambled with MD5 and other well-known hash algorithms at the rate of billions a second. One system using 25 Radeon-powered GPUs that was demonstrated at a conference last December tested 348 billion hashes per second, meaning it would crack a 14-character Windows XP password in six minutes.



#10 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:04:06 AM

Posted 10 August 2013 - 06:49 AM

It indeed is, a sad state of affairs in this country.  One comment above states the Government should be working for us, instead of against us.  The sad reality is...the Government IS (in one sense) working FOR us.  Following the 9/11 terrorist attacks here, most citizens in this country (including myself) clamored loud and long for "justice", against those responsible for the attacks (and rightfully so).  Well, the government was only too happy to oblige, then, lo and behold...the Patriot Act was enacted...an Act giving the Feds almost limitless power to intrude even deeper into the lives of its citzenry.  No regard for the Constitution/Bill of Rights, warrantless or secretive "warrants signed by some judge in a dimly-lit basement" are a reality now.

 

Until such time as ALL the citizens of this country wake up to the reality of what's occurring, AND begin demanding a change in this dogma...government intrusiveness and disregard for citizens' rights will only escalate.  As for strong passwords, complex algorithms, etc, etc...keep in mind one thought:  Anything created by human beings & computers can be deciphered by human beings & computers...OR destroyed.  It's just a matter of time.

 

(Also, bear in mind...state and local governments are closely watching to see how or IF, citizens respond to the Feds increasing intrusiveness.  You can bet they will try to capitilize on this to advance their own agendas...all under the guise of "state security).

 

Consider what is happening in several middle east countries where oppressive government regimes exist, and the people are now openly rebelling.  Make no mistake...the same thing can also end up happening here.  It may not happen tomorrow, or even 10 years from now, but you can only push people so far!  The age-old cry of the oppressor throughout history has been, "we're doing it for the good of the people."  I would hate to think the aforementioned would happen here, as the resulting bloodshed would make the Civil War look like a minor skirmish.

 

Just some thoughts to consider.

 

Regards to all,


Edited by spc3rd, 10 August 2013 - 07:19 AM.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#11 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:06 AM

Posted 10 August 2013 - 09:03 AM

@spc3rd Thank you...I know you're right and good points. It's discouraging, most people in general that I know don't seem to be aware or don't care. And the Bill of Rights and our rights are trampled all in the name of protecting us.

 

I was apalled by the story that broke a few days ago re. an apartment complex in Colorado: Managment gave all tenants written notice to get rid of all their guns or move out by Oct 1. Aside from the 2nd Amendment, I was like, how they hell do they even know who has guns?? Anyway not trying to bring up a controversial issue over guns because everyone knows it is a touchy subject, but this story illustrates the insanity.  People who follow geopolitical topics and reports and historians have been saying it for years as in the frog boiling slowly for hours and after a while, it's all over. And I don't mean 'doomsdayers' but logical, thinking people who are educated and study history.

 

Funny how we all thought the world would change at Y2K.  And then it really did change at 9/11. 



#12 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:04:06 AM

Posted 10 August 2013 - 09:52 AM

(For stolen):

 

     It is saddening.  Those apartment tenants have been fortunate though.  Turns out the apartment complex is owned by a public housing partnership (which was funded by Federal dollars) and the partnership's Board held an emergency meeting and rescinded that directive mandating tenants get rid of all firearms.  (I believe that Board also said that memo didn't come from them).  Guess the right hand doesn't know what the left hand is doing there.

 

An additional example of local government (a housing authority) right here in the area I reside in...trying to intrude into tenants' privacy rights occurred a few years back.  The housing authority had sent out a memo to all tenants informing them of an upcoming apartment inspection, and told the tenants they would have to ensure that their BEDS WERE MADE UP!  A tenant living in one of the housing authority's buildings sent a copy of that memo to a local newspaper journalist, asking where the housing authority got off trying to tell people they had to make their own beds up.

 

The journalist confronted the housing authority about it, and the memo was subsequently redacted, and a new one sent out (minus the bed make-up requirement).  The journalist made a report of the incident in a subsequent news article.  This housing authority actually tried to "save face", and get the state's office of professional services to give them the "green light", so-to-speak, enabling them to enforce that absurd bed-making requirement.  Of course, the state office told them they had no legal ground to stand on. 

(The article appeared in an issue of the Virginia Gazette newspaper).

 

This goes to show just how LOW a local government will go in trying to invade people's privacy.

They likely figured that no tenant would dare stand up to their insanity...as tenants living in public housing are often viewed as being sub-human, unfortunately.  This further serves to qualify the statement I made in my OP about how state and local governemts are watching to see just how far they can go in imposing their own will on the public.

 

Many people tend to say, "Times have changed."  In my humble opinion...it is people who have changed...and unfortunately...not necessarily for the better.  Time is today, what it was yesterday and will be tomorrow.

 

Best regards and thanks for the follow-up post!


Edited by spc3rd, 10 August 2013 - 09:55 AM.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#13 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:06 AM

Posted 10 August 2013 - 11:52 AM

 Hi, I am still mulling this one over...

 

Consider what is happening in several middle east countries where oppressive government regimes exist, and the people are now openly rebelling.  Make no mistake...the same thing can also end up happening here.  It may not happen tomorrow, or even 10 years from now, but you can only push people so far!  The age-old cry of the oppressor throughout history has been, "we're doing it for the good of the people."  I would hate to think the aforementioned would happen here, as the resulting bloodshed would make the Civil War look like a minor skirmish.

 

Just some thoughts to consider.

 

Regards to all,

 

the same thing can happen here. And in another thread on this site, someone mentioned (think it was yabadoo) that the US is so overly generous in our spending to 'help' other countries that we are going completely under ourselves (well that was one point I got from that discussion). I would take that further to say our efforts to give are somewhat misplaced. We are not helping these rebels fight for their freedom like we should (although I'm sure we don't hear about it much on the news and such), but economically speaking, we are placing ourselves in such jeopardy when you consider the massive power of, oh say China, for instance.

 

the whole point is freedom is important.  And I am not sure what we are doing to help ensure freedom, including ours. The thing with Iraq took so long, and I guess it's still not over, and are they free now? I'm not even sure.

 

We in the US have enjoyed a very brief period of the best free system in the world.  Brief.  And I am thankful to be a part of that system. I am happy to help where I can, when you think about what to do, tho, it's overwhelming.  Only way is to get people elected who can make a difference, it's very important. 



#14 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 10 August 2013 - 12:25 PM

Lets try to stick to the subject of this topic. I posted the information here as I consider it security related in regards to user account passwords and wanted to ensure our members were aware.

We have a Speak Easy forum where you can post new topics for this type of ongoing discussion...at least in the direction where it is now appears to be going.

Thanks everyone for understanding.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:06 AM

Posted 10 August 2013 - 12:33 PM

okay, sorry! I agree! and thanks again, it is interesting. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users