decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Court Orders Password Turnover and In Camera Review of Social Media Accounts | 397 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Court Orders Password Turnover and In Camera Review of Social Media Accounts
Authored by: Anonymous on Sunday, November 18 2012 @ 05:17 PM EST
I'm assuming that the class members are to provide the
passwords, not the social media companies ;)

Also, I keep thinking about how dumb people can be. The only
social media I use is Twitter. And I don't use personal
messages there, so everything is already in the open. I
there for consider that before every tweet I make.

Other than Twitter I use a Google+ account to follow people
that have interesting topics they post on. I sometimes
comment, again al in the open and always considering this
when I post.

I.do.not.ever.post.personal.information.on.the.internet!
I have asked my friends not to mention me by name or put
pictures of me on their accounts. And to notify me if they
see that someone has done so. I have only had to get angry a
few times.

What you can find on me on the internet is now mostly what I
want people to find or what I don't mind people to find. I
wasn;t always like this though and there is some stuff I
would not post today on me on the internet from wayback in
1993 and before! Mostly in old usenet posts, when I noticed
these were saved for ever I wisened up. The world should
too.

Look on the internet and see how many people with permanent
heart conditions you can find for example. Good luck to them
finding jobs ... :/

[ Reply to This | Parent | # ]

Court Orders Password Turnover and In Camera Review of Social Media Accounts
Authored by: Anonymous on Sunday, November 18 2012 @ 05:21 PM EST
I was wondering how long it will take someone to modify the password command to
take 2 passwords. One to grant access and a second one that will wipe the
account. Although you could also use several login ID's. On one machine I had
a account called shutdown that let users shutdown the machine, rather than a
login shell it pointed to the shutdown command.

[ Reply to This | Parent | # ]

Court Orders Password Turnover and In Camera Review of Social Media Accounts
Authored by: Anonymous on Monday, November 19 2012 @ 01:37 AM EST
It's not _that_ difficult to reverse it back into the password. Remember, the
client into which you type your password, has to be able to hash it into that
number. So even if its salted, it has to be salted with something predictable
or something that will be sent to the client as part of the transaction.

On-line attacks can be defended against (just slow down the responses after a
couple of incorrect login attempts), but that only works when the hashes are
safely locked up and can only be accessed by talking to the server.

An attacker with a copy of the hashes (i.e. after a security breach where
someone hacked the server, or just stole a laptop out of the back seat of a car,
or whatever) can brute-force guess a lot of the passwords by trying several
billion guesses in an hour or so. They can use sophisticated password-guessing
algorithms and huge rainbow tables to speed up the guessing process. That's why
weak passwords are a problem; if the hashes ever get stolen, a weak password
equals a compromised account.

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )