'I found the whole idea of an alien very exciting until it demanded all of my weed'

Plus: 'eBay has some work to do...'

The Essential Guide to IT Transformation

Quotw This was the week when eBay admitted it had suffered a ginormous breach exposing millions of users’ emails and passwords to hackers, along with personal information like names, dates of birth, phone numbers and physical addresses.

Although passwords were apparently encrypted, the online tat bazaar told everyone to change their login details anyway - just as a precaution.

eBay said that attackers breached their databases earlier this year after getting some employees’ login credentials and using them to infiltrate the corporate network.

However, it said it couldn’t find any evidence of any mischief caused by the breach:

After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

The marketplace hasn’t actually explained just how its passwords were encrypted or how the hackers got in, which isn’t making folks very happy. Rik Ferguson, veep of security research at Trend Micro, expressed a number of concerns on Twitter:

The criticism continued when software developer and blogger Troy Hunt discovered that he couldn’t copy and paste a long random chain in for his password. He said:

I find that I cannot copy out a strong, random password from my favourite password manager but must instead manually type in a subset of the characters (my usual length is infeasible to manually enter – twice).

Even when he tries a password with 20 random characters with at least four lowercase, four uppercase, four numbers and four symbols, it was rated only as "medium strength" by eBay's password strength tool - but other less secure options were given the okay.

Examples of “good, secure passwords” included $uperman1963 and phrase strings like bestjetpilot, but when he tried to use bestjetpilot, he was told it was invalid. He said:

Aha! So naturally I immediately go to change my password to “bestjetpilot”. Well how about that – invalid. But I followed the instructions!

Interestingly, that’s the guidance on the .com.au domain’s password page but it doesn’t appear on the .com or .co.uk pages.

Of course, it may be an invalid password because it’s in the advice or even because it’s not a very good password, but his point is that folks will have difficulty figuring out just what is a good password from eBay’s advice:

The point is that eBay has some work to do with how it communicates and implements passwords.

In other security news, Kaspersky Lab has discovered that its name has been taken in vain to slap on a set of mobile malware apps. Unknown malware writers have been making apps that pretend to be Kaspersky products, but are actually infectious software or just a program that does nothing once it’s been bought. Kaspersky Lab senior malware analyst Roman Unuchek said:

Scammers who want to make a quick buck from inattentive users are selling dozens of fake apps, copying the design, but not the functionality of the original. It is quite possible that more and more of these fake apps will start appearing.

Meanwhile, Cisco chief exec John Chambers has reportedly scolded the President of the United States of America by letter over the NSA’s tampering with its kit. Chambers chided Barack Obama over the allegations that the security agency had been fiddling with Cisco gear that was due for exportation so it could spy on folks abroad.

The Financial Times, which saw the letter, reported Chambers as writing:

We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security…

If these allegations are true, these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally

He also said that folks needed to be able to have confidence in an open global internet:

Absent a new approach where the industry plays a role, but in which you, Mr President, can lead, we are concerned that our country’s global technological leadership will be impaired. Moreover, the result could be a fragmented internet, where the promise of the next internet is never fully realised.

In China, the government continues to be peeved with Microsoft over its decision to stop support for XP, telling its IT procurement agency to avoid Windows 8 at all costs. Vendors bidding for a contract to supply the state with new energy-saving PCs, laptops, tablets and other gear was told that none of the products were allowed to have the newer version of Microsoft’s OS installed.

Microsoft said:

This morning, the China Central Government Procurement Center posted a notification titled 'Bidding Process for Government Purchasing Energy-efficient IT Products.' The notification indicates that the Windows 8 operating system is excluded in the bidding.

We were surprised to learn about the reference to Windows 8 in this notice. Microsoft has been working proactively with the Central Government Procurement Center and other government agencies through the evaluation process to ensure that our products and services meet all government procurement requirements.

We have been and will continue to provide Windows 7 to government customers. At the same time, we are working on the Window 8 evaluation with relevant government agencies.

And finally, a drug-pushing game called Weed Firm has shot to the top of the rankings in Apple’s App Store after the fruity firm waived its usual censorship rules. Not to worry though, even though the whole point of the game is to build up contacts in the underworld and grow their cannabis empire, the designers are not into a wee toke at all:

The creators of this game do not encourage the cultivation or use of cannabis. The plot of this game is solely a work of fiction and should be viewed only as such.

Perhaps that’s why the game’s reviewers seem to find it a tad lacking:

I found the whole idea of having an alien in the game very exciting until I actually unlocked it and it demanded all of my weed. Customers are extremely repetitive and would be great if it had more. Instead of only growing/selling weed you could include more drugs such as cocaine and heroine. Also found the area very small and repetitive, with nothing to spend my money on most of the time. The lap dance is a great idea but actually it's really boring. ®

Build a business case: developing custom apps

More from The Register

next story
4K video on terrestrial TV? Not if the WRC shares frequencies to mobiles
Have your say with Ofcom now, before Freeview becomes Feeview
YES, iPhones ARE getting slower with each new release of iOS
Old hardware doesn't get any faster with new software
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Nice computers don’t need to go to the toilet, says Barclays
Bad computers might ask if you are Sarah Connor
You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
Really, er, stands out among cheapie 7-inchers
Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
Cheapest models given new processors, more RAM
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
Microsoft stands on shore as tablet-laden boat sails away
Brit buyers still not falling for Windows' charms
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.