Feeds

'I don't understand why they feel like they own the word CANDY'

Plus: 'There was my user ID and password, in plain text, along with everyone else's'

Secure remote control for conventional and virtual desktops

Quotw This was the week when remote access app LogMeIn pulled its free version, uniting freeboards in a resounding cry of "Hell no! We don't pay for stuff on the internet!"

The app may not have had quite the poor reception to its announcement of going from free to not-free if it hadn't a) been providing its service gratis for TEN YEARS and b) hadn't given folks almost no notice about the change. One Reg reader moaned:

Okay, so it's generous of them to offer 50 percent off a subscription for controlling two of the eight or so PCs I have previously shepherded, and the tools are great, but I really don't appreciate being given less than 24 hours notice. The only real choice I have is to hear the click of the loaded revolver being held to my cranium and pony up for a year's subscription for the two that really matter, in order to have time to come up with another approach that I can afford.

Now I know this could come across as 'freetard whinges as profit-making entity takes away his free toys' - I prefer to think of it as 'hopelessly addicted cracktard's free supply dries up as dealer hits him for national debt of a small Eastern European republic to pay for next fix'. Nice one, LogMeIn. You could have just asked nicely for a reasonable amount of money for a domestic user.

While on Twitter, folks were equally annoyed about the short notice. One said:

So logmein free is no more! Got an email today saying I need to pay from today! As in no days notice!

And another told the firm:

@LogMeIn because of the way you have handled the termination of your 'free' product, you will *never* get my custom.

This was also the week when telcos KC and Plusnet were outed as less-than-secure for customers' personal data. First, a customer of Hull-based firm KC let The Reg know that when one of its engineers popped round to plug him in, he inadvertently showed the customer a spreadsheet with telephone numbers, user IDs and unencrypted passwords for all subscribers.

Chris Hill explained:

He used a laptop to connect to the router and as he came to the user ID and password for my connection he opened a spreadsheet and looked my phone number up in it. There was my user ID and password, in plain text, along with everyone else's. He tried to shield it from me when he realised I was looking at the list.

I asked him if he had my password with him, he said 'yes - it makes our job much easier', then changed the subject. I said that I wasn't happy that our passwords are not encrypted and that I realised it wasn't his fault.

He didn't reply.

Hill said the same username and password combos were used to access the Karoo email service and there was no advice to change the password handed out by KC. The company told The Reg:

The security of our customers’ information is of primary importance to us and we are aware of and take very seriously our obligations under the Data Protection Act. We investigate any alleged data security incidents promptly and thoroughly, and we act quickly to make any improvements such investigations identify.

I can assure you that all of our laptops are encrypted, password-protected and fitted with tracking technology and the facility to remotely wipe data.

Yorkshire's Plusnet, owned by BT, was in a similar situation when an anonymous tipster told The Reg that the company was transmitting personal details over an unencrypted web page. The company was asking potential subscribers to fill in a form online that could be seen by other people while in transit once submitted. The source, who reported the problem to Plusnet, said:

I was just shocked by the way the sales rep brushed off my reporting of this during the contract setup (after discovering the vulnerability I used the phone instead).

She assured me that the security team would deal with it right away. In my opinion, over two weeks is more than enough time to sort this out.

Also, factor in the point that (as many new customers ordering an initial broadband setup are likely to do) I was using an open Wi-Fi hotspot to visit their site!

Another source said:

Plusnet ... store user passwords in unencrypted form, as I learnt when considering opening an account with them last summer [yes, six months ago]. When I told the 'tech' person I was talking to that many of the credentials could be used to access users' accounts with third party services, he replied that that was impossible. Though he didn't say why. I got broadband from someone else in the end.

The company said:

All Plusnet customer passwords are stored with full encryption. Our customer sign up page is currently unencrypted, and we are in the process of fixing this urgently.

In more tales of the mad, mad world of intellectual property, it appears that King, makers of insanely popular game Candy Crush Saga have trademarked the word CANDY in Europe and are on 30-day approval to do the same in the US. The company said:

We have trademarked the word 'CANDY' in the EU, as our IP is constantly being infringed and we have to enforce our rights and to protect our players from confusion.

We don't enforce against all uses of CANDY - some are legitimate and of course, we would not ask App developers who use the term legitimately to stop doing so.

But it turned out that the company had already found some use that it considered illegitimate, by a game whose full title was All Candy Casino Slots – Jewels Craze Connect: Big Blast Mania Land, but which appeared on the App store as Candy Slots. King said:

Its icon in the App store just says 'Candy Slots', focussing heavily on our trademark. We believe this App name was a calculated attempt to use other companies’ IP to enhance its own games through means such as search rankings.

But Candy Slots developer Benny Hsu insisted that he never intended to infringe on anyone's IP and said King had gone "too far" with its trademark by enforcing on an app that had only been out for a week. He told The Reg:

Candy is something we have all loved since we were children. I just wanted to create a game with a fun theme.

If anyone saw my icon or played my game, they would know that there was nothing in it that tried to copy Candy Crush. Also there are so many games in the App Store that have a candy theme. Candy Crush was not the first candy-themed game to be created and it won't be the last. So I don't understand why they feel like they own the word CANDY.

Despite the fact that Hsu thinks he could have fought off a takedown notice from the App Store, he's decided to change the name of the app to All Sweet Casino Slots and avoid the lawyer's fees. ®

Beginner's guide to SSL certificates

More from The Register

next story
Criticism of Uber's journo-Data Analytics plan is an Attack on DIGITAL FREEDOM
First they came for Emil – and I'm damn well SPEAKING OUT
'It is comforting to know where your data centres are.' UK.GOV does NOT
Plus: Anons are 'wannabes', KKK says, before being pwned
Google's whois results say it's a lousy smut searcher
Run whois google.com or whois microsoft.com. We dare you, you PIG◙◙◙◙ER
Holy vintage vehicles! Earliest known official Batmobile goes on sale
Riddle me this: are you prepared to pay US$180k?
'Open source just means big companies can steal your code.' O RLY?
Plus: Flame of the Week returns, for one night only!
NEWSFLASH: It's time to ditch dullard Facebook chums
Everything hot in tech, courtesy of avian anchor Regina Eggbert
Hey, you, PHONE-FACE! Kickstarter in-car mobe mount will EMBED your phone into your MUG
Stick it on the steering wheel and wait for the airbag to fire
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.