Green Energy
Feds tell Web firms to turn over user account passwords
From CNET:
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.
"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."
A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"
Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
-
Update: Clinton’s E-mail Is On A Hosted Exchange 2010 Server, Not In Chappaqua
Update: Clinton’s e-mail is on a hosted Exchange 2010 server, not in Chappaqua There's been a lot of controversy over how Hillary Clinton apparently used a mail server running in her Chappaqua, New York, home when she started her tenure as secretary...
-
The Nsa And The Heartbleed Bug
Are any of us surprised to learn that this might have been the case? From the article "NSA Exploited Heartbleed Bug for Years, Exposing Consumers": The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites...
-
Pretty Good Privacy
From Wiki: Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing,...
-
Hey! Maybe Weiner Was Hacked By. . .
Newsmax: Gmail Hackers Had Access to Accounts for Months Thursday, 02 Jun 2011 SHANGHAI - Hackers who broke into Google's Gmail system had access to some accounts for many months and could have been planning a more serious attack, said the cyber-security...
-
Swell. . .
Hey, Pasto, when was it we were trying to figure out if you were hacked? New York Times NYT: Attack on Google said to hit password system New details surface about the December raid that compromised security By John Markoff The New York Times updated...
Green Energy