'I don't understand why they feel like they own the word CANDY'
Plus: 'There was my user ID and password, in plain text, along with everyone else's'
Quotw This was the week when remote access app LogMeIn pulled its free version, uniting freeboards in a resounding cry of "Hell no! We don't pay for stuff on the internet!"
The app may not have had quite the poor reception to its announcement of going from free to not-free if it hadn't a) been providing its service gratis for TEN YEARS and b) hadn't given folks almost no notice about the change. One Reg reader moaned:
Okay, so it's generous of them to offer 50 percent off a subscription for controlling two of the eight or so PCs I have previously shepherded, and the tools are great, but I really don't appreciate being given less than 24 hours notice. The only real choice I have is to hear the click of the loaded revolver being held to my cranium and pony up for a year's subscription for the two that really matter, in order to have time to come up with another approach that I can afford.
Now I know this could come across as 'freetard whinges as profit-making entity takes away his free toys' - I prefer to think of it as 'hopelessly addicted cracktard's free supply dries up as dealer hits him for national debt of a small Eastern European republic to pay for next fix'. Nice one, LogMeIn. You could have just asked nicely for a reasonable amount of money for a domestic user.
While on Twitter, folks were equally annoyed about the short notice. One said:
So logmein free is no more! Got an email today saying I need to pay from today! As in no days notice!
And another told the firm:
@LogMeIn because of the way you have handled the termination of your 'free' product, you will *never* get my custom.
This was also the week when telcos KC and Plusnet were outed as less-than-secure for customers' personal data. First, a customer of Hull-based firm KC let The Reg know that when one of its engineers popped round to plug him in, he inadvertently showed the customer a spreadsheet with telephone numbers, user IDs and unencrypted passwords for all subscribers.
Chris Hill explained:
He used a laptop to connect to the router and as he came to the user ID and password for my connection he opened a spreadsheet and looked my phone number up in it. There was my user ID and password, in plain text, along with everyone else's. He tried to shield it from me when he realised I was looking at the list.
I asked him if he had my password with him, he said 'yes - it makes our job much easier', then changed the subject. I said that I wasn't happy that our passwords are not encrypted and that I realised it wasn't his fault.
He didn't reply.
Hill said the same username and password combos were used to access the Karoo email service and there was no advice to change the password handed out by KC. The company told The Reg:
The security of our customers’ information is of primary importance to us and we are aware of and take very seriously our obligations under the Data Protection Act. We investigate any alleged data security incidents promptly and thoroughly, and we act quickly to make any improvements such investigations identify.
I can assure you that all of our laptops are encrypted, password-protected and fitted with tracking technology and the facility to remotely wipe data.
Yorkshire's Plusnet, owned by BT, was in a similar situation when an anonymous tipster told The Reg that the company was transmitting personal details over an unencrypted web page. The company was asking potential subscribers to fill in a form online that could be seen by other people while in transit once submitted. The source, who reported the problem to Plusnet, said:
I was just shocked by the way the sales rep brushed off my reporting of this during the contract setup (after discovering the vulnerability I used the phone instead).
She assured me that the security team would deal with it right away. In my opinion, over two weeks is more than enough time to sort this out.
Also, factor in the point that (as many new customers ordering an initial broadband setup are likely to do) I was using an open Wi-Fi hotspot to visit their site!
Another source said:
Plusnet ... store user passwords in unencrypted form, as I learnt when considering opening an account with them last summer [yes, six months ago]. When I told the 'tech' person I was talking to that many of the credentials could be used to access users' accounts with third party services, he replied that that was impossible. Though he didn't say why. I got broadband from someone else in the end.
The company said:
All Plusnet customer passwords are stored with full encryption. Our customer sign up page is currently unencrypted, and we are in the process of fixing this urgently.
In more tales of the mad, mad world of intellectual property, it appears that King, makers of insanely popular game Candy Crush Saga have trademarked the word CANDY in Europe and are on 30-day approval to do the same in the US. The company said:
We have trademarked the word 'CANDY' in the EU, as our IP is constantly being infringed and we have to enforce our rights and to protect our players from confusion.
We don't enforce against all uses of CANDY - some are legitimate and of course, we would not ask App developers who use the term legitimately to stop doing so.
But it turned out that the company had already found some use that it considered illegitimate, by a game whose full title was All Candy Casino Slots – Jewels Craze Connect: Big Blast Mania Land, but which appeared on the App store as Candy Slots. King said:
Its icon in the App store just says 'Candy Slots', focussing heavily on our trademark. We believe this App name was a calculated attempt to use other companies’ IP to enhance its own games through means such as search rankings.
But Candy Slots developer Benny Hsu insisted that he never intended to infringe on anyone's IP and said King had gone "too far" with its trademark by enforcing on an app that had only been out for a week. He told The Reg:
Candy is something we have all loved since we were children. I just wanted to create a game with a fun theme.
If anyone saw my icon or played my game, they would know that there was nothing in it that tried to copy Candy Crush. Also there are so many games in the App Store that have a candy theme. Candy Crush was not the first candy-themed game to be created and it won't be the last. So I don't understand why they feel like they own the word CANDY.
Despite the fact that Hsu thinks he could have fought off a takedown notice from the App Store, he's decided to change the name of the app to All Sweet Casino Slots and avoid the lawyer's fees. ®
Sponsored: 2016 Cyberthreat defense report