Feds tell Web firms to turn over user account passwords

Cnet ^ | 25 July, 2013 | Declan McCullagh

[Errant]

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."

[Domestic Church]

Sanctioned future domestic terrorism gone personal...

http://web.mit.edu/newsoffice/2013/neuroscientists-plant-false-memories-in-the-brain-0725.html

Another wildcard in play!

[Myrddin]

The cloud is a nightmare from a security perspective. Every VM requires the same scrutiny as a physical machine and has the added vulnerability of the VM host OS. Each VM vendor has its own peculiar security checklist. Interaction between VMs is an issue too. One VM soaking up too much CPU is like having a toilet flushed while you are in the shower. The VM industry is still having growing pains around applications being “good citizens” in the shared soup pot.

[Myrddin]

I didn’t mention the tyranny of the periodic IAVM letters. We have to snapshot every VM, apply the patches then perform a full system test to warn the customer of any negative impacts. We get one week to reply. Any problems detected must be resolved before the patches get applied. This is a whole new wrinkle in the art of proposals and contracting.

[rodguy911]

My entrie e-mail is already imitated by spammers.