Seriously.

What do you want? Cliffs notes?

know one and either know the rest or have a good start on them.

And that can come in quite handy for bank sites, web mail, social media, etc (and they can hack the passwords, they are stored in a hash and will have to break them anyway - anonymous dumps passwords like this - and even if a person knows they were compromised on one system most don't change them everything).

stupid and deserve ill fate? Just wow.

Security requires knowledge and the diligence to apply it effectively.

Everything that makes a password strong is what makes it difficult or impossible to remember, and if you're over 50-60 years old, and you have accounts on eighty different sites, you're going to have to come up with a system or have weak passwords and/or nine or ten passwords for the whole group.

Maybe computer geeks find memorizing random symbols an easy thing, if so, that's only because they spend what is or becomes their "work hours" at it. People who have other professions are using computer devices because those purportedly make things easier. If those professional people are supposed to memorize page after page of random keyboard symbols, they wouldn't be using computers very much and a lot of computer geeks would be out of their jobs.

Maybe you trained yourself for those memory feats in high school or college, but the rest of us don't have time doing anything like it. You'd better hope you never get a concussion or have electro-convulsive therapy, because that ability is very actually fragile.

My opinion is if passwords are that much of a hassle, computer geeks better stop being arrogant SOB's about it and start trying to make it easier.

I have a system for managing passwords. It's not conventional, but they're all strong, and I don't have them memorized.

And I'll just add: websites and companies should practice due diligence about this, too. For one thing, I don't know why anybody should get away with brute force password cracking. If websites would limit the number of times per minute log ins can be attempted to something closer to the speed a human being could type it, that would neutralize brute force attacks. I know it presents its own attack issue (you can close a user out of an account by sending attempts), so it's not that simple, but I'm sure there are solutions. They should be thinking along those lines.

Flies, honey, vinegar and all that.

problems? They deserve it huh? Geez.

Nor women who remain with abusive guys deserve to be beaten, or people who are black deserve to be shot.

What an incredibly stupid thing to say. Does your apologia know no bounds?

If someone wants to hack you, all they need to do is get the password for you email account(s). With the reset/remember password features of web services, they can just change the rest of your passwords.

Modern encryption, competently applied, is beyond just about anything on this planet to crack in anything resembling a reasonable timeframe. It's not like in the movies where someone can just flail at a keyboard for a few seconds and suddenly "I'm in."

Considering that graphics cards can run parallel processes to the tune of several teraflops. CPUs, no, but GPUs? They are extremely good at encryption cracking due to the fact that they inherently run simultaneous processes. Stick 2 top of the line AMD or Geforce cards in a box, and you can better believe they can churn out some serious crunching. Not even out of the reach of the every day user, either. Heck, I have 2 overclocked Geforce 460's in my own box and a 4.5 ghz oc'd processor, and it's pretty much outdated compared to other rigs people run.

.
.
.

just cuz we don't like the powers that be - don't underestimate them.

They got trillions of our tax dollars to play with . . .

and they are

CC

Look up some conjectured brute-force times against 128 or 256-bit encryption. Bazillion-dollar budget and reputation as living embodiment of the Matrix notwithstanding, physics is physics.

or you're just sending random gibberish.

All it requires is one end be compromised, and with secret courts issuing secret blanket warrants that no one is allowed to publicly acknowledge having gotten, it isn't hard to compromise one end.

-edit-
A Microsoft spokesperson would not say whether the company has received such requests from the government.

-edit-
Google also declined to disclose whether it had received requests for those types of data.

-edit-
A Yahoo spokeswoman would not say whether the company had received such requests.

-edit-

Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users' passwords and how they would respond to them.

-edit-

The FBI declined to comment.

-edit-

are part of a law that says web firms cannot admit to being ordered to give up passwords.
I remember reading that in the original Patriot act, re: libraries, it was not legal to tell the victim the Feds were snooping.

are in the White House so why worry. All is good and my tomatoes are ripening.

Not even Nixon!

Or some such rancid apologist mockery. DU teaches no terrorist can fuck you like your own authoritarian countrymen.

email providers, or social networks. These companies should make access impossible without a unique, momentary key that is held only by the account holder on a device. Something that could put some sort of roadblock in front of these spooks.

48 billion passwords for the feds to keep up with - hahahahahahaha - Good Luck!

I know people who haven't changed passwords in a decade.

They would need a massive complex with rows of SuperComputers and a massive Security Complex in Utah to do something like THAT!

Never Happen LOL.

they don't have to turn anything over without a court warrant.

secrecy, how would anyone know?

.
.
.

Took me a year, and over $5,000 to beat criminal charges regarding a firearm that was a result of an illegal search and seizure of said firearm.

Beat the charges, but still have not recovered the firearm yet.

And this be Canada?

Get's better - It was a USAmerican living illegally in Canada who conspired with our Provincial Police to create the charges.

Canada ain't what it's cracked up to be, not by a long shot.

(sigh)

CC

http://www.newyorker.com/online/blogs/elements/2013/06/what-its-like-to-get-a-national-security-letter.html

How many people still can't describe what they are going through?

but talks about efforts over a long timeline...from my read of it.

More of a Time Line of Requests and speculation and info over who complied...who won't answer and who is suspected of doing it.

But, an interesting read although it's kind of jumbled.

Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.

Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.

Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.

Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.

Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.

Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!

. . .

President Skroob: Did it work? Where's the king?
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.
Dark Helmet, Colonel Sandurz: {looks at each other}

What the fuck?

How easy it would be for them to set someone up if they can get access to an account and post as the person who owns the account.

Yet the apologist will have no problem with it.

And you gave it to a third party so you don't own it...and besides it keeps us safe.
Do you want the terrorist to come over here and bomb us?
I think your hair is on fire, and I see some clutching their perls...

Thanks for posting!

And no, don't tell me that the MSM doesn't care, because the Washington Post broke the PRISM news and the USA Today broke the 2005 news that Bush was illegally wiretapping people.

Plus CNET's sources are anonymous.

Not because they might have been the first to report something.

NSA admits listening to U.S. phone calls without warrants
http://www.democraticunderground.com/10023024565

Nadler denied Declan's version of events, which was based on a thoroughly dishonest partial reading of a hearing transcript:

Jerrold Nadler Does Not Think the NSA Can Listen to U.S. Phone Calls
http://www.democraticunderground.com/10023027901

The website's parent company retracted the story:

Congressman denies report claiming NSA can listen to calls without warrants
http://www.democraticunderground.com/1014510665

I read the transcript myself and it was a weirdly worded walkback. I know his politics are different from mine but I am looking for out and out lies. Thanks!

I can't believe we were being misled...

Ops I mean arrest them without any public knowledge. Scary. Who is president again... Nixon?

Obama's not a dictator. Don't people understand he doesn't have a magic wand and force congress to do anything. There are three branches of government and the GOP has decided to obstruct everything.

At least I read that this is what we're supposed to say when bad things happen in the government.

Only with a warrant or subpoena, and then only after all appeals have been exhausted.

They store hashes, which can't be used themselves to gain access, and can't easily turned back into a password.

Weird.

"I've certainly seen them ask for passwords" and "legal requests". Wow. How scary that law enforcement would resort to...gasp!...legal requests to acquire passwords!

It's all in the wording. This article -which I have no doubt will not see the light of day beyond CNET- is more red meat for those who are predisposed to see the worst in everything.

Believe what you want but my advice is to always look at evidence before getting outraged.
[hr][font color="blue"][center]I'm always right. When I'm wrong I admit it.
So then I'm right about being wrong.[/center][/font][hr]

The Florida man who received the subpoena claimed the Fifth Amendment, which protects his right to avoid self-incrimination, allowed him to refuse the prosecutors' demand. In February 2012, the U.S. Court of Appeals for the Eleventh Circuit agreed, saying that because prosecutors could bring a criminal prosecution against him based on the contents of the decrypted files, the man "could not be compelled to decrypt the drives."

In January 2012, a federal district judge in Colorado reached the opposite conclusion, ruling that a criminal defendant could be compelled under the All Writs Act to type in the password that would unlock a Toshiba Satellite laptop.

Both of those cases, however, deal with criminal proceedings when the password holder is the target of an investigation -- and don't address when a hashed password is stored on the servers of a company that's an innocent third party.

"If you can figure out someone's password, you have the ability to reuse the account," which raises significant privacy concerns, said Seth Schoen, a senior staff technologist at the Electronic Frontier Foundation.

-------------------

If you have a password and you can use that account that is ripe for abuse - and if you don't think there are people in government who have and do abuse things, well

Of course it does. But this article shows no evidence it occurs. It mentions 'legal requests', which means 'warrant' but deliberately avoids using that word.

It's an outrage generator, nothing more than that.

Your example is one of different courts having different opinions on password-locked data. Has nothing to do with the deliberately provocative implication that the 'feds' are demanding passwords on a whim.

If there is abuse, show us the evidence.
[hr][font color="blue"][center]I'm always right. When I'm wrong I admit it.
So then I'm right about being wrong.[/center][/font][hr]

stop emailing as much and instead, use snail mail.

WASHINGTON — Leslie James Pickering noticed something odd in his mail last September: a handwritten card, apparently delivered by mistake, with instructions for postal workers to pay special attention to the letters and packages sent to his home.

“Show all mail to supv” — supervisor — “for copying prior to going out on the street,” read the card. It included Mr. Pickering’s name, address and the type of mail that needed to be monitored. The word “confidential” was highlighted in green.

“It was a bit of a shock to see it,” said Mr. Pickering, who with his wife owns a small bookstore in Buffalo. More than a decade ago, he was a spokesman for the Earth Liberation Front, a radical environmental group labeled eco-terrorists by the Federal Bureau of Investigation. Postal officials subsequently confirmed they were indeed tracking Mr. Pickering’s mail but told him nothing else.

As the world focuses on the high-tech spying of the National Security Agency, the misplaced card offers a rare glimpse inside the seemingly low-tech but prevalent snooping of the United States Postal Service.

more...

http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html?_r=0

All mail on everyone being surveilled, though. I guess I figure that I'm not important enough.

A state, Federal, which agency and who is in charge of it?

... to demand Facebook or other social media account passwords from prospective (or current employees) or students in the case of schools.

So in effect we've made it illegal for a government entity (a university) to demand from a person (a student) their facebook passwords. If corporations are people, then perhaps we could sue the government here if the NSA tries to obtain private passwords from "corporate persons" (these companies they're asking for passwords from). Of course we will still need new laws if we overturn Citizen's United to definitively define these passwords on these servers as OUR property and not the companies' property that are storing them. But for now that might be a line of defense.

story." - Declan McCullagh

http://en.m.wikipedia.org/wiki/Declan_McCullagh

"Declan McCullagh is an American journalist and columnist for CBSNews.com. He specializes in computer security and privacy issues. He is notable, among other things, for his early involvement with the media interpretation of U.S. presidential candidate Al Gore's statement that he "took the initiative in creating the Internet." McCullagh himself once claimed that "If it's true that Al Gore created the Internet, then I created the 'Al Gore created the Internet' story."[1]
In 2009, McCullagh turned his journalistic focus to the issue of climate change.[2]
McCullagh has written frequently in defense of libertarianism.[3] He began writing weekly columns for CBSnews.com on economic commentary entitled Other People's Money upon CBS Corporation's acquisition of CNET Networks. In August 2009, McCullagh renamed his column to Taking Liberties, which focuses on "individual rights and liberties, including both civil and economic liberties."[4] He also participated and won $100,000 on the California Lottery's Make Me a Millionaire game show in episode 2002.[5]
He attended Carnegie Mellon University and was student body president before being removed from office due to charges of committing domestic violence.[6][7][8] He pleaded guilty to harassment.[9]"

http://beta.mediamatters.org/research/2009/06/29/reporting-on-possibly-suppressed-epa-document-c/151642

"Reporting on possibly "suppressed" EPA document, CBS suppressed actual climate science

CBSNews.com uncritically reported an internal EPA document's false claim that "global temperatures have declined for 11 years."

In a June 26 CBSNews.com article reporting that the Environmental Protection Agency "may have suppressed" an internal report on climate change, senior correspondent Declan McCullagh uncritically reported the document's false claim that, in the article's words, "global temperatures have declined for 11 years." McCullagh identified that claim as one of "a number of recent developments [one of the document's authors, EPA researcher Alan Carlin] said the EPA did not consider" before it submitted a key finding that could lead to EPA regulation of carbon dioxide. In fact, the claim that "global temperatures have declined for 11 years" is simply not true. Annual global average temperatures have both risen and fallen over the past 11 years, and while there have been some relatively cooler years during that period -- including a decline in each of the past three relative to the year before -- climate scientists reject the idea that those temperatures are any indication that global warming is slowing or does not exist. Scientists have identified a long-term warming trend spanning several decades that is independent from the normal climate variability -- which includes relatively short-term changes in climate due to events like El Niño and La Niña -- to which they attribute the recent relatively cooler temperatures.

In a February 11 Guardian op-ed, Vicky Pope, the head of climate change advice at the U.K. Met Office Hadley Centre, wrote that claims about the pace of global warming based only on developments in the past 10 years or in the 1990s are not valid, "since natural variations always occur on this timescale." She continued, "1998 was a record-breaking warm year as long-term man-made warming combined with a naturally occurring strong El Niño. In contrast, 2008 was slightly cooler than previous years partly because of a La Niña. Despite this, it was still the 10th warmest on record." According to the Met Office, "Over the last ten years, global temperatures have warmed more slowly than the long-term trend. But this does not mean that global warming has slowed down or even stopped. It is entirely consistent with our understanding of natural fluctuations of the climate within a trend of continued long-term warming."

As this graph of annual global average temperatures from the U.K. Met Office Hadley Centre shows, the claim in the internal EPA document that, in the words of CBS, "global temperatures have declined for 11 years" is simply not true:"