Feeds

'I found the whole idea of an alien very exciting until it demanded all of my weed'

Plus: 'eBay has some work to do...'

Secure remote control for conventional and virtual desktops

Quotw This was the week when eBay admitted it had suffered a ginormous breach exposing millions of users’ emails and passwords to hackers, along with personal information like names, dates of birth, phone numbers and physical addresses.

Although passwords were apparently encrypted, the online tat bazaar told everyone to change their login details anyway - just as a precaution.

eBay said that attackers breached their databases earlier this year after getting some employees’ login credentials and using them to infiltrate the corporate network.

However, it said it couldn’t find any evidence of any mischief caused by the breach:

After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

The marketplace hasn’t actually explained just how its passwords were encrypted or how the hackers got in, which isn’t making folks very happy. Rik Ferguson, veep of security research at Trend Micro, expressed a number of concerns on Twitter:

The criticism continued when software developer and blogger Troy Hunt discovered that he couldn’t copy and paste a long random chain in for his password. He said:

I find that I cannot copy out a strong, random password from my favourite password manager but must instead manually type in a subset of the characters (my usual length is infeasible to manually enter – twice).

Even when he tries a password with 20 random characters with at least four lowercase, four uppercase, four numbers and four symbols, it was rated only as "medium strength" by eBay's password strength tool - but other less secure options were given the okay.

Examples of “good, secure passwords” included $uperman1963 and phrase strings like bestjetpilot, but when he tried to use bestjetpilot, he was told it was invalid. He said:

Aha! So naturally I immediately go to change my password to “bestjetpilot”. Well how about that – invalid. But I followed the instructions!

Interestingly, that’s the guidance on the .com.au domain’s password page but it doesn’t appear on the .com or .co.uk pages.

Of course, it may be an invalid password because it’s in the advice or even because it’s not a very good password, but his point is that folks will have difficulty figuring out just what is a good password from eBay’s advice:

The point is that eBay has some work to do with how it communicates and implements passwords.

In other security news, Kaspersky Lab has discovered that its name has been taken in vain to slap on a set of mobile malware apps. Unknown malware writers have been making apps that pretend to be Kaspersky products, but are actually infectious software or just a program that does nothing once it’s been bought. Kaspersky Lab senior malware analyst Roman Unuchek said:

Scammers who want to make a quick buck from inattentive users are selling dozens of fake apps, copying the design, but not the functionality of the original. It is quite possible that more and more of these fake apps will start appearing.

Meanwhile, Cisco chief exec John Chambers has reportedly scolded the President of the United States of America by letter over the NSA’s tampering with its kit. Chambers chided Barack Obama over the allegations that the security agency had been fiddling with Cisco gear that was due for exportation so it could spy on folks abroad.

The Financial Times, which saw the letter, reported Chambers as writing:

We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security…

If these allegations are true, these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally

He also said that folks needed to be able to have confidence in an open global internet:

Absent a new approach where the industry plays a role, but in which you, Mr President, can lead, we are concerned that our country’s global technological leadership will be impaired. Moreover, the result could be a fragmented internet, where the promise of the next internet is never fully realised.

In China, the government continues to be peeved with Microsoft over its decision to stop support for XP, telling its IT procurement agency to avoid Windows 8 at all costs. Vendors bidding for a contract to supply the state with new energy-saving PCs, laptops, tablets and other gear was told that none of the products were allowed to have the newer version of Microsoft’s OS installed.

Microsoft said:

This morning, the China Central Government Procurement Center posted a notification titled 'Bidding Process for Government Purchasing Energy-efficient IT Products.' The notification indicates that the Windows 8 operating system is excluded in the bidding.

We were surprised to learn about the reference to Windows 8 in this notice. Microsoft has been working proactively with the Central Government Procurement Center and other government agencies through the evaluation process to ensure that our products and services meet all government procurement requirements.

We have been and will continue to provide Windows 7 to government customers. At the same time, we are working on the Window 8 evaluation with relevant government agencies.

And finally, a drug-pushing game called Weed Firm has shot to the top of the rankings in Apple’s App Store after the fruity firm waived its usual censorship rules. Not to worry though, even though the whole point of the game is to build up contacts in the underworld and grow their cannabis empire, the designers are not into a wee toke at all:

The creators of this game do not encourage the cultivation or use of cannabis. The plot of this game is solely a work of fiction and should be viewed only as such.

Perhaps that’s why the game’s reviewers seem to find it a tad lacking:

I found the whole idea of having an alien in the game very exciting until I actually unlocked it and it demanded all of my weed. Customers are extremely repetitive and would be great if it had more. Instead of only growing/selling weed you could include more drugs such as cocaine and heroine. Also found the area very small and repetitive, with nothing to spend my money on most of the time. The lap dance is a great idea but actually it's really boring. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
iPAD-FONDLING fanboi sparks SECURITY ALERT at Sydney airport
Breaches screening rules cos Apple SCREEN ROOLZ, ok?
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
A moment of brilliance? UPnP for Internet of Stuff lightbulbs
Thus doth tech of future illuminate present, etc
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
The British Museum plonks digital bricks on world of Minecraft
Institution confirms it's cool with joining the blocky universe
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.