Feeds

'I don't understand why they feel like they own the word CANDY'

Plus: 'There was my user ID and password, in plain text, along with everyone else's'

High performance access to file storage

Quotw This was the week when remote access app LogMeIn pulled its free version, uniting freeboards in a resounding cry of "Hell no! We don't pay for stuff on the internet!"

The app may not have had quite the poor reception to its announcement of going from free to not-free if it hadn't a) been providing its service gratis for TEN YEARS and b) hadn't given folks almost no notice about the change. One Reg reader moaned:

Okay, so it's generous of them to offer 50 percent off a subscription for controlling two of the eight or so PCs I have previously shepherded, and the tools are great, but I really don't appreciate being given less than 24 hours notice. The only real choice I have is to hear the click of the loaded revolver being held to my cranium and pony up for a year's subscription for the two that really matter, in order to have time to come up with another approach that I can afford.

Now I know this could come across as 'freetard whinges as profit-making entity takes away his free toys' - I prefer to think of it as 'hopelessly addicted cracktard's free supply dries up as dealer hits him for national debt of a small Eastern European republic to pay for next fix'. Nice one, LogMeIn. You could have just asked nicely for a reasonable amount of money for a domestic user.

While on Twitter, folks were equally annoyed about the short notice. One said:

So logmein free is no more! Got an email today saying I need to pay from today! As in no days notice!

And another told the firm:

@LogMeIn because of the way you have handled the termination of your 'free' product, you will *never* get my custom.

This was also the week when telcos KC and Plusnet were outed as less-than-secure for customers' personal data. First, a customer of Hull-based firm KC let The Reg know that when one of its engineers popped round to plug him in, he inadvertently showed the customer a spreadsheet with telephone numbers, user IDs and unencrypted passwords for all subscribers.

Chris Hill explained:

He used a laptop to connect to the router and as he came to the user ID and password for my connection he opened a spreadsheet and looked my phone number up in it. There was my user ID and password, in plain text, along with everyone else's. He tried to shield it from me when he realised I was looking at the list.

I asked him if he had my password with him, he said 'yes - it makes our job much easier', then changed the subject. I said that I wasn't happy that our passwords are not encrypted and that I realised it wasn't his fault.

He didn't reply.

Hill said the same username and password combos were used to access the Karoo email service and there was no advice to change the password handed out by KC. The company told The Reg:

The security of our customers’ information is of primary importance to us and we are aware of and take very seriously our obligations under the Data Protection Act. We investigate any alleged data security incidents promptly and thoroughly, and we act quickly to make any improvements such investigations identify.

I can assure you that all of our laptops are encrypted, password-protected and fitted with tracking technology and the facility to remotely wipe data.

Yorkshire's Plusnet, owned by BT, was in a similar situation when an anonymous tipster told The Reg that the company was transmitting personal details over an unencrypted web page. The company was asking potential subscribers to fill in a form online that could be seen by other people while in transit once submitted. The source, who reported the problem to Plusnet, said:

I was just shocked by the way the sales rep brushed off my reporting of this during the contract setup (after discovering the vulnerability I used the phone instead).

She assured me that the security team would deal with it right away. In my opinion, over two weeks is more than enough time to sort this out.

Also, factor in the point that (as many new customers ordering an initial broadband setup are likely to do) I was using an open Wi-Fi hotspot to visit their site!

Another source said:

Plusnet ... store user passwords in unencrypted form, as I learnt when considering opening an account with them last summer [yes, six months ago]. When I told the 'tech' person I was talking to that many of the credentials could be used to access users' accounts with third party services, he replied that that was impossible. Though he didn't say why. I got broadband from someone else in the end.

The company said:

All Plusnet customer passwords are stored with full encryption. Our customer sign up page is currently unencrypted, and we are in the process of fixing this urgently.

In more tales of the mad, mad world of intellectual property, it appears that King, makers of insanely popular game Candy Crush Saga have trademarked the word CANDY in Europe and are on 30-day approval to do the same in the US. The company said:

We have trademarked the word 'CANDY' in the EU, as our IP is constantly being infringed and we have to enforce our rights and to protect our players from confusion.

We don't enforce against all uses of CANDY - some are legitimate and of course, we would not ask App developers who use the term legitimately to stop doing so.

But it turned out that the company had already found some use that it considered illegitimate, by a game whose full title was All Candy Casino Slots – Jewels Craze Connect: Big Blast Mania Land, but which appeared on the App store as Candy Slots. King said:

Its icon in the App store just says 'Candy Slots', focussing heavily on our trademark. We believe this App name was a calculated attempt to use other companies’ IP to enhance its own games through means such as search rankings.

But Candy Slots developer Benny Hsu insisted that he never intended to infringe on anyone's IP and said King had gone "too far" with its trademark by enforcing on an app that had only been out for a week. He told The Reg:

Candy is something we have all loved since we were children. I just wanted to create a game with a fun theme.

If anyone saw my icon or played my game, they would know that there was nothing in it that tried to copy Candy Crush. Also there are so many games in the App Store that have a candy theme. Candy Crush was not the first candy-themed game to be created and it won't be the last. So I don't understand why they feel like they own the word CANDY.

Despite the fact that Hsu thinks he could have fought off a takedown notice from the App Store, he's decided to change the name of the app to All Sweet Casino Slots and avoid the lawyer's fees. ®

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.