Category My beliefs

Jul 25 2013

Feds tell Web firms to turn over user account passwords

per cnet.com

Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.

 

(Credit: Photo illustration by James Martin/CNET)

The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.'”

Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.

“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?”
–Jennifer Granick, Stanford University

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it.”

Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has “never” turned over a user’s encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. “We take the privacy and security of our users very seriously,” the spokesperson said.

Apple, Yahoo, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users’ passwords and how they would respond to them.

Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn’t recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, “we don’t get a high volume” of U.S. government demands.

The FBI declined to comment.

Some details remain unclear, including when the requests began and whether the government demands are always targeted at individuals or seek entire password database dumps. The Patriot Act has been used to demand entire database dumps of phone call logs, and critics have suggested its use is broader. “The authority of the government is essentially limitless” under that law, Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence committee, said at a Washington event this week.

Large Internet companies have resisted the government’s requests by arguing that “you don’t have the right to operate the account as a person,” according to a person familiar with the issue. “I don’t know what happens when the government goes to smaller providers and demands user passwords,” the person said.

An attorney who represents Internet companies said he has not fielded government password requests, but “we’ve certainly had reset requests — if you have the device in your possession, than a password reset is the easier way.”

 

Source code to a C implementation of bcrypt, a popular algorithm used for password hashing.Source code to a C implementation of bcrypt, a popular algorithm used for password hashing.

(Credit: Photo by Declan McCullagh)

 

Cracking the codes
Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user’s original password is hardly guaranteed. The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.

Algorithms, known as hash functions, that are viewed as suitable for scrambling stored passwords are designed to be difficult to reverse. One popular hash function called MD5, for instance, transforms the phrase “National Security Agency” into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.

But modern computers, especially ones equipped with high-performance video cards, can test passwords scrambled with MD5 and other well-known hash algorithms at the rate of billions a second. One system using 25 Radeon-powered GPUs that was demonstrated at a conference last December tested 348 billion hashes per second, meaning it would crack a 14-character Windows XP password in six minutes.

The best practice among Silicon Valley companies is to adopt far slower hash algorithms — designed to take a large fraction of a second to scramble a password — that have been intentionally crafted to make it more difficult and expensive for the NSA and other attackers to test every possible combination.

One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival estimated that it would cost a mere $4 to crack, in an average of one year, an 8-character bcrypt password composed only of letters. To do it in an average of one day, the hardware cost would jump to approximately $1,500.

But if a password of the same length included numbers, asterisks, punctuation marks, and other special characters, the cost-per-year leaps to $130,000. Increasing the length to any 10 characters, Percival estimated in 2009, brings the estimated cracking cost to a staggering $1.2 billion.

As computers have become more powerful, the cost of cracking bcrypt passwords has decreased. “I’d say as a rough ballpark, the current cost would be around 1/20th of the numbers I have in my paper,” said Percival, who founded a company called Tarsnap Backup, which offers “online backups for the truly paranoid.” Percival added that a government agency would likely use ASICs — application-specific integrated circuits — for password cracking because it’s “the most cost-efficient — at large scale — approach.”

While developing Tarsnap, Percival devised an algorithm called scrypt, which he estimates can make the “cost of a hardware brute-force attack” against a hashed password as much as 4,000 times greater than bcrypt.

Bcrypt was introduced (PDF) at a 1999 Usenix conference by Niels Provos, currently a distinguished engineer in Google’s infrastructure group, and David Mazières, an associate professor of computer science at Stanford University.

With the computers available today, “bcrypt won’t pipeline very well in hardware,” Mazières said, so it would “still be very expensive to do widespread cracking.”

Even if “the NSA is asking for access to hashed bcrypt passwords,” Mazières said, “that doesn’t necessarily mean they are cracking them.” Easier approaches, he said, include an order to extract them from the server or network when the user logs in — which has been done before — or installing a keylogger at the client.

 

Sen. Ron Wyden, who warned this week that "the authority of the government is essentially limitless" under the Patriot Act's business records provision.Sen. Ron Wyden, who warned this week that “the authority of the government is essentially limitless” under the Patriot Act’s business records provision.

(Credit: Getty Images)

 

Questions of law
Whether the National Security Agency or FBI has the legal authority to demand that an Internet company divulge a hashed password, salt, and algorithm remains murky.

“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?” said Jennifer Granick, director of civil liberties at Stanford University’s Center for Internet and Society. “I don’t know.”

Granick said she’s not aware of any precedent for an Internet company “to provide passwords, encrypted or otherwise, or password algorithms to the government — for the government to crack passwords and use them unsupervised.” If the password will be used to log in to the account, she said, that’s “prospective surveillance,” which would require a wiretap order or Foreign Intelligence Surveillance Act order.

If the government can subsequently determine the password, “there’s a concern that the provider is enabling unauthorized access to the user’s account if they do that,” Granick said. That could, she said, raise legal issues under the Stored Communications Act and the Computer Fraud and Abuse Act.

The Justice Department has argued in court proceedings before that it has broad legal authority to obtain passwords. In 2011, for instance, federal prosecutors sent a grand jury subpoena demanding the password that would unlock files encrypted with the TrueCrypt utility.

The Florida man who received the subpoena claimed the Fifth Amendment, which protects his right to avoid self-incrimination, allowed him to refuse the prosecutors’ demand. In February 2012, the U.S. Court of Appeals for the Eleventh Circuit agreed, saying that because prosecutors could bring a criminal prosecution against him based on the contents of the decrypted files, the man “could not be compelled to decrypt the drives.”

In January 2012, a federal district judge in Colorado reached the opposite conclusion, ruling that a criminal defendant could be compelled under the All Writs Act to type in the password that would unlock a Toshiba Satellite laptop.

Both of those cases, however, deal with criminal proceedings when the password holder is the target of an investigation — and don’t address when a hashed password is stored on the servers of a company that’s an innocent third party.

“If you can figure out someone’s password, you have the ability to reuse the account,” which raises significant privacy concerns, said Seth Schoen, a senior staff technologist at theElectronic Frontier Foundation.

 

 

Jul 23 2013

Charlottesville weekly apologizes over anonymous racist comment – Richmond Times-Dispatch: Virginia News

Now I’m not defending any racist or hateful speech, but as someone who values the first amendment, I don’t like the idea of ‘protesting’ to prevent even ugly speech from being said. And here’s why: What’s to keep something the protesters say from being considered ‘hateful’ and ‘ugly’ in the future? Nothing! If that happened, then they’d be the first to bitch about their ‘rights’ being infringed!

Sorry, but if you want to protect your right to free speech, then that means enduring comments you may despise. Otherwise, you run the risk of having your speech taken away. What’s more important to you? Being able to keep your own speech or removing that which you disagree with?

It’s a dangerous slippery slope that way too many in this country are willing to go down to keep from being ‘offended.’ I don’t give a shit about being offended because I frankly don’t give a rip about what folks think about me. Yet, most people are so sensitive that they can’t just ignore something…no, it has to be silenced.

One day someone will come for their free speech and I hope they remember this day. 

 

Charlottesville weekly apologizes over anonymous racist comment – Richmond Times-Dispatch: Virginia News.

Jul 23 2013

Feds probe company that helped get EB-5 funding for McAuliffe’s Greentech

First Wonderboy Bob’s antics and now this? I think people have gotten to be so damn stupid and apathetic that they deserve everything they get. This is the guy some want to be governor? How about we throw BOTH parties out of power and start over again? This is so damn messed up it isn’t funny. Ever notice how they go to Richmond, or DC, poor and come back millionaires? It’s time WE THE PEOPLE take our system back..for our children’s sake if anything.

 

per blogs.nbc12.com

 

The Associated Press is out with a damaging report on the company recruited by Terry McAuliffe to help secure funding for his Greentech Automotive start up venture.

 

The Associated Press is out with a damaging report on the company recruited by Terry McAuliffe to help secure funding for his Greentech Automotive start up venture.

Macker mississippi

AP reporter Alicia Caldwell has discovered that a high ranking official in the Department of Homeland Security is under investigation for helping to facilitate access to the EB-5 program for a Chinese Company through the group Gulf Coast Management.

Here is part of Caldwell’s report:

U.S. Citizenship and Immigration Services Director Alejandro Mayorkas, who has been nominated to be the department’s No. 2 leader, was named by the DHS Inspector General’s Office as a target in an ongoing investigation about the foreign investor program run by USCIS.

According to an email sent to lawmakers Monday evening, the IG’s office initially starting investigating the EB-5 visa program last year based on a referral from an FBI analyst in the counter intelligence unit in Washington. The email does not specify what criminal violations it is investigating.

The EB-5 program allows foreign nationals to get a visa if they invest $500,000 to $1 million in a project or business that creates jobs for U.S. citizens. The amount of the investment required depends on the type of project. Investors who are approved for the program can become legal permanent residents after two years and would later be eligible to become citizens.

The White House did not have an immediate comment on the investigation. Neither the department nor USCIS immediately responded to inquiries.

Were Mayorkas confirmed as the department’s deputy secretary, he likely would run the department on an interim basis until a permanent replacement has been approved to take over for departing Secretary Janet Napolitano.

The root of the complaint against Mayorkas is an allegation that he helped a financing company run by Anthony Rodham, the brother of former Secretary of State Hillary Rodham Clinton, win approval for an investor visa even after the application was denied and an appeal rejected.

read the full story here.

What Caldwell’s report doesn’t include is the connection of Gulf Coast Management to McAuliffe’s Greentech Automotive. According to Gulf Coast Management’s web site, the only company they are currently working on securing funding for is Greentech Automotive.

McAuliffe was the connection between Anthony Rodham, the brother of former Secretary of State Hillary Clinton, and Greentech.

In the past, officials in Mississippi have blamed the lack of progress in the Greentech venture on a hold up in EB-5 funds.

Last week company spokesperson Marianne McInerney rejected any claims that Greentech was inappropriately using the EB-5 program.

“We’ve met every regulation of the EB 5 program so I would say those (claims) are misguided”, she said.

She also said that the EB-5 program was only one component of the company’s investment plan.

“EB-5 is one part, and it’s an important part, of our strategy but not the only one,” she said.

McAuliffe resigned his position with Greentech in late 2012. We will have much more on Greentech tomorrow on NBC12.

Jul 23 2013

Prices Fuel Outrage in Brazil, Home of the $30 Cheese Pizza

This is here right now too. If you factor in the ‘volatile food and energy markets’ (which is where WE PAY THE MOST) inflation in the USA is running 7%+. Throughout the globe, economies are crashing because they’re taking money from those who are making income and giving it to those who won’t work (those who can’t work deserve to get our help). What that does is drain funds from the economy by taking away disposable income for those who are working. Is it any surprise then that the economies are stagnant or in recession/depression? It doesn’t take much brains to see that these quasi-socialist, socialist and/or Marxist systems just don’t work. Why? Because eventually you run out of money!

I sit back and watch the calls for us to ‘take the money from the 1% they’ve stolen.’ Well, that’s all good, but even if we took 100% of their money, it’d fund the government for less than a week. So, what then? Now all the money from the ‘rich’ has been taken, so who gets the chopping block next? The upper middle class, then the middle of the middle class and then the lower middle class. Then 401k’s will be nationalized (an Idea Obama has floated before) and that money will be taken from those who’ve worked their ass off. Soon, you’re down to the poor, who have no money, and that’s when the system collapses under it’s on weight. It’s happening in Greece and many other countries and will happen here-it’s a certainty…you can take that to the bank.

 

Per the NY Times

By 
Published: July 22, 2013

SÃO PAULO, Brazil — Shoppers here with a notion of what items cost abroad need to brace themselves when buying a Samsung Galaxy S4 phone: the same model that costs $615 in the United States is nearly double that in Brazil. An even bigger shock awaits parents needing a crib: the cheapest one at Tok & Stok costs over $440, more than six times the price of a similarly made item at Ikea in the United States.

Multimedia

For Brazilians seething with resentment over wasteful spending by the country’s political elite, the high prices they must pay for just about everything — a large cheese pizza can cost almost $30 — only fuel their ire.

“People get angry because we know there are ways to get things cheaper; we see it elsewhere, so we know there must be something wrong here,” said Luana Medeiros, 28, who works in the Education Ministry.

Brazil’s street protests grew out of a popular campaign against bus fare increases. Residents of São Paulo and Rio de Janeiro spend a much larger share of their salaries to ride the bus than residents of New York or Paris. Yet the price of transportation is just one example of the struggles that many Brazilians face in making ends meet, economists say.

Renting an apartment in coveted areas of Rio has become more expensive than in Oslo, the capital of oil-rich Norway. Before the protests, soaring prices for basic foods like tomatoes prompted parodies of President Dilma Rousseff and her economic advisers.

Inflation stands at about 6.4 percent, with many in the middle class complaining that they are bearing the brunt of price increases. Limiting the authorities’ maneuvering room, the popular indignation is festering at a time when huge stimulus projects are failing to lift the economy from a slowdown, raising the specter of stagflation in Latin America’s largest economy.

“Brazil is on the verge of recession now that the commodities boom is over,” said Luciano Sobral, an economist and a partner in a São Paulo asset management firm who maintains an irreverent economics blog under the name the Drunkeynesian. “This is making it impossible to ignore the high prices which plague Brazilians, especially those who cannot easily afford to travel abroad for buying sprees where things are cheaper.”

Brazil’s sky-high costs can be attributed to an array of factors, including transportation bottlenecks that make it expensive to get products to consumers, protectionist policies that shield Brazilian manufacturers from competition and a legacy of consumers somewhat inured to relatively high inflation, which remains far below the 2,477 percent reached in 1993, before a drastic restructuring of the economy.

But economists say much of the blame for the stunningly high prices can be placed on a dysfunctional tax system that prioritizes consumption taxes, which are relatively easy to collect, over income taxes.

Alexandre Versignassi, a writer who specializes in deciphering Brazil’s tax code, said companies were grappling with 88 federal, state and municipal taxes, a number of which are charged directly to consumers. Keeping accountants on their toes, the Brazilian authorities issue an estimated 46 new tax rules every day, he said.

Making matters worse for many poor and middle-class Brazilians, loopholes enable the rich to avoid taxation on much of their income; wealthy investors, for instance, can avoid taxes on dividend income, and partners in private companies are taxed at a much lower rate than many regular employees.

The result is that many products made in Brazil, like automobiles, cost much more here than in the far-flung countries that import them. One example is the Gol, a subcompact car produced by Volkswagen at a factory in the São Paulo metropolitan area. A four-door Gol with air-conditioning sells for about $16,100 here, including taxes. In Mexico, the equivalent model, made in Brazil but sold to Mexicans as the Nuevo Gol, costs thousands of dollars less.

The ability of many Brazilians to afford such cars reflects positive economic changes over the past decade, like the rise of millions of people from grinding poverty and a decline in unemployment, which is now at historically low levels. Salaries climbed during that time, with per-capita income now about $11,630, as measured by the World Bank, compared with $6,990 in neighboring Colombia. But Brazil finds itself far below developed nations like Canada, where the per-capita income is $50,970.

As a result, a resident of São Paulo, Brazil’s financial capital, has to work an average of 106 hours to buy an iPhone, while someone in Brussels labors 54 hours to buy the same product, according to a global study of wages by the investment bank UBS. To buy a Big Mac, a resident here has to work 39 minutes, compared with 11 minutes for a resident of Chicago.

Stroll into any international airport in Brazil, and such imbalances are vividly on display, with thousands of residents packing into flights each day for shopping trips to countries where goods are substantially cheaper.

Even though the Brazilian currency, the real, has weakened against the dollar this year (it currently stands at about 2.20 to the dollar), Brazilians spent $2.2 billion abroad in May, the highest amount on record for the month since the central bank began tracking such data in 1969.

Eyeing this market, some travel agents have begun tailoring trips to Miami for clients eager to buy baby products like digital monitors, strollers, pacifiers, even Pampers wipes, which in Brazil cost almost three times as much as in the United States.

Seeking to prevent such shopping binges from getting out of control, the federal police screen travelers upon arrival, picking out people whose luggage appears to bulge with too many items. If it can be proved that Brazilians spent over a certain limit abroad, they are immediately forced to pay taxes on their purchases.

Such screening catches foreigners, too. In May, the police at São Paulo’s international airport arrested two American Airlines flight attendants, both American citizens, on smuggling charges after they were found going through customs carrying a total of 14 smartphones, 4 tablet computers, 3 luxury watches and several video games. The smartphones were hidden in their underwear, the police said, and were intended to be sold on the black market.

Before the protests began, Brazil’s government had begun trying to combat price increases. The central bank raised interest rates after an uproar over food prices this year contributed to inflation fears. The authorities removed some taxes on some products, like cars. Even so, inflation remains high while the economy remains sluggish, leaving many Brazilians fuming about the high taxes embedded in the price of products they buy.

A new federal law requiring retailers to detail on receipts how much tax customers are being charged has fed some of this anger. Fernando Bergamini, 38, a graphic designer, was stunned after spending $92 one recent day on groceries like tomatoes, beans and bananas, only to glance at his receipt and discover that $25 of that was in taxes.

“It is shocking given the services we receive for giving the government our money,” Mr. Bergamini said. “Seeing it like this on a piece of paper makes me feel indignant.”

Lucy Jordan contributed reporting from Brasília, Taylor Barnes from Rio de Janeiro, and Paula Ramon from São Paulo.

 

Jul 22 2013

The Bankruptcy of Detroit

I’ve been following that sad state of affairs with great interest. Why? Because it’s the ultimate fate of our country due to the debt we have-but that’s neither here nor there. What bothered me were statements made on the radio today.

This afternoon I had nothing to do so I was on my way home and for the first time in a while, I turned the radio on. A nationally syndicated blow hard was on and he spoke about the Detroit deal. The reasons for the bankruptcy in his mind were ‘the unions’ and ‘liberalism.’ While I do think making people dependent on the system, and then taking money from others to pay to the dependent ones, is morally wrong, that’s not the only reason for the destruction of Mo-town.

Nor were the unions totally to blame either. Big Management wants to make sure they get every damn dime they can and that’s how it is. And if we didn’t have unions, then we’d all be slaves to the company. The 40 hr work week, vacations, labor laws and benefits all came about in the USA due to the unions, so they’ve done many things to help out the worker.

With that said, here’s the rub. Both parties helped cripple the auto industry. Do you really think it costs 50k to build a 4×4 F-150? Seriously, that’s so overpriced it isn’t funny. Why? Because the company is going to make sure management (specifically the upper echelon) gets their outrageous pay and then uses the ‘good old boy’ network to make sure their buddies do too. All these CEO’s are on other company’s Board of Directors so it becomes ‘you scratch my back, I’ll scratch yours.’ “You give me thirty million here and I’ll vote to give it to you at your company.” What a fucking racket. However, do Union workers need $40 per hour to build cars? No, but despite all that is said on the right, the figures that the CEO’s, and the other members of upper management, are getting is causing far more harm than the unions. So, look at the figures of their pay and think about whenever they say the ‘unions are killing us on labor cost.’ I’ll bet you 20 bucks they’re mad because it’d cut into their big ass paychecks, which is why they’re angry.

http://money.cnn.com/magazines/fortune/fortune500/2012/ceo-pay-ratios/

Now look at those figures and tell me it’s the unions fault! I’m sorry, talk radio, but the 1%, both in business and politics/government, are getting richer off our backs and we’re not seeing a damn dime of it really. Looks like it’s time for a union renaissance.

Jul 11 2013

Gun Geo Marker app tries to locate homes, businesses of gun owners Read more: http://www.foxnews.com/tech/2013/07/11/gun-geo-marker-app-tries-to-locate-homes-businesses-gun-owners/#ixzz2YmXsbFLF

Now I try to stay out of controversial topics but this is one I cannot keep quiet about. This is so irresponsible it’s breathtaking. Not only does it tell criminals where to find guns to steal, but it tells them who DOES NOT own a weapon and where they can break in without consequences. Some people, especially on the far left and far right, don’t understand the law of ‘unintended consequences.’

 

http://www.foxnews.com/tech/2013/07/11/gun-geo-marker-app-tries-to-locate-homes-businesses-gun-owners/