Privacy Invasions

[jmike314]

While out browsing the interwebz today, I came across these.

Feds tell Web firms to turn over user account passwords.
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

Anybody see this someplace else that might be able to confirm?


And this...
House narrowly rejects bid to curb NSA domestic surveillance.
In an indication that Edward Snowden's disclosures about broad government surveillances are having a political impact, the U.S. House of Representatives came within seven votes on Wednesday of curbing a program that vacuums up the logs of all Americans' phone calls.

205-217...I wonder who voted how.

 

[caojyn]

A list of the Yeahs and Neahs.

http://defundthensa.com/

here ya go

 

[jmike314]

here ya go

Thank you, sir.

 

[chuter]

I'd say the password thing definitely crosses the line.....now what do we do about it.
I guess another round of letters to my congressmen is in order.

 

[jmike314]

And this.....

Lawmakers Who Upheld NSA Phone Spying Received Double the Defense Industry Cash

The numbers tell the story - in votes and dollars. On Wednesday, the house voted 217 to 205 not to rein in the NSA’s phone-spying dragnet. It turns out that those 217 “no” voters received twice as much campaign financing from the defense and intelligence industry as the 205 “yes” voters.

 

[Glocktogo]

You can't win when the game is rigged.

 

[NightShade]

Most of the time the passwords held on the web is encrypted anyway, that is why sites have the "forgot your password" recovery links. You have to then verify your e-mail and put in a new password. Those sites have a keycode or "salt" that is used to encrypt the passwords. Even if the lists of usernames, passwords and e-mails are turned over most of that info is already available online anyway, people post so much information on the "social" sites that they can already have your name and e-mail address along with your physical address and a list of all your "friends" too. The passwords would be basically worthless as well as they would have to try and decrypt them all and unless the person running the servers hands over the salt along with the list good luck on that one.

 

[Belthos]

Obviously the only reason they want your passwords is to use them like lockpicks to try and access other services or encrypted files, ones they cannot get access to with a court order.
Most people re-use passwords from site to site.

I say this because they do not need your google or yahoo password to gain access to your information on those services.
The google password is very useful because it will allow you to bypass the encryption on your phones and portable tablets, the ones you cannot be forced to "open" for them.
Police and customs can copy your phones,tablets and laptops at the border and sometimes in other areas.

 

[vvvvvvv]

While out browsing the interwebz today, I came across these.

Feds tell Web firms to turn over user account passwords.
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

Are they also required to divulge hash salts? Or are they required to run a "listener" that reads the input before it gets hashed and compared?

Feds trying to build rainbow tables?

 

[LightningCrash]

Are they also required to divulge hash salts? Or are they required to run a "listener" that reads the input before it gets hashed and compared?

The listener/debug would be more effective but more intrusive. Kind of useless to have a copy of a hash from a modern key stretching hash function.

The other thing I could see would be to search the entire DB table for the exact hash belonging to the person of interest. That only works if you don't have a per-user salt.