'I found the whole idea of an alien very exciting until it demanded all of my weed'

Plus: 'eBay has some work to do...'

Internet Security Threat Report 2014

Quotw This was the week when eBay admitted it had suffered a ginormous breach exposing millions of users’ emails and passwords to hackers, along with personal information like names, dates of birth, phone numbers and physical addresses.

Although passwords were apparently encrypted, the online tat bazaar told everyone to change their login details anyway - just as a precaution.

eBay said that attackers breached their databases earlier this year after getting some employees’ login credentials and using them to infiltrate the corporate network.

However, it said it couldn’t find any evidence of any mischief caused by the breach:

After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

The marketplace hasn’t actually explained just how its passwords were encrypted or how the hackers got in, which isn’t making folks very happy. Rik Ferguson, veep of security research at Trend Micro, expressed a number of concerns on Twitter:

The criticism continued when software developer and blogger Troy Hunt discovered that he couldn’t copy and paste a long random chain in for his password. He said:

I find that I cannot copy out a strong, random password from my favourite password manager but must instead manually type in a subset of the characters (my usual length is infeasible to manually enter – twice).

Even when he tries a password with 20 random characters with at least four lowercase, four uppercase, four numbers and four symbols, it was rated only as "medium strength" by eBay's password strength tool - but other less secure options were given the okay.

Examples of “good, secure passwords” included $uperman1963 and phrase strings like bestjetpilot, but when he tried to use bestjetpilot, he was told it was invalid. He said:

Aha! So naturally I immediately go to change my password to “bestjetpilot”. Well how about that – invalid. But I followed the instructions!

Interestingly, that’s the guidance on the .com.au domain’s password page but it doesn’t appear on the .com or .co.uk pages.

Of course, it may be an invalid password because it’s in the advice or even because it’s not a very good password, but his point is that folks will have difficulty figuring out just what is a good password from eBay’s advice:

The point is that eBay has some work to do with how it communicates and implements passwords.

In other security news, Kaspersky Lab has discovered that its name has been taken in vain to slap on a set of mobile malware apps. Unknown malware writers have been making apps that pretend to be Kaspersky products, but are actually infectious software or just a program that does nothing once it’s been bought. Kaspersky Lab senior malware analyst Roman Unuchek said:

Scammers who want to make a quick buck from inattentive users are selling dozens of fake apps, copying the design, but not the functionality of the original. It is quite possible that more and more of these fake apps will start appearing.

Meanwhile, Cisco chief exec John Chambers has reportedly scolded the President of the United States of America by letter over the NSA’s tampering with its kit. Chambers chided Barack Obama over the allegations that the security agency had been fiddling with Cisco gear that was due for exportation so it could spy on folks abroad.

The Financial Times, which saw the letter, reported Chambers as writing:

We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security…

If these allegations are true, these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally

He also said that folks needed to be able to have confidence in an open global internet:

Absent a new approach where the industry plays a role, but in which you, Mr President, can lead, we are concerned that our country’s global technological leadership will be impaired. Moreover, the result could be a fragmented internet, where the promise of the next internet is never fully realised.

In China, the government continues to be peeved with Microsoft over its decision to stop support for XP, telling its IT procurement agency to avoid Windows 8 at all costs. Vendors bidding for a contract to supply the state with new energy-saving PCs, laptops, tablets and other gear was told that none of the products were allowed to have the newer version of Microsoft’s OS installed.

Microsoft said:

This morning, the China Central Government Procurement Center posted a notification titled 'Bidding Process for Government Purchasing Energy-efficient IT Products.' The notification indicates that the Windows 8 operating system is excluded in the bidding.

We were surprised to learn about the reference to Windows 8 in this notice. Microsoft has been working proactively with the Central Government Procurement Center and other government agencies through the evaluation process to ensure that our products and services meet all government procurement requirements.

We have been and will continue to provide Windows 7 to government customers. At the same time, we are working on the Window 8 evaluation with relevant government agencies.

And finally, a drug-pushing game called Weed Firm has shot to the top of the rankings in Apple’s App Store after the fruity firm waived its usual censorship rules. Not to worry though, even though the whole point of the game is to build up contacts in the underworld and grow their cannabis empire, the designers are not into a wee toke at all:

The creators of this game do not encourage the cultivation or use of cannabis. The plot of this game is solely a work of fiction and should be viewed only as such.

Perhaps that’s why the game’s reviewers seem to find it a tad lacking:

I found the whole idea of having an alien in the game very exciting until I actually unlocked it and it demanded all of my weed. Customers are extremely repetitive and would be great if it had more. Instead of only growing/selling weed you could include more drugs such as cocaine and heroine. Also found the area very small and repetitive, with nothing to spend my money on most of the time. The lap dance is a great idea but actually it's really boring. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Will.i.am gets CUFFED as he announces his new wristjob, the PULS
It's got four KILOWATTS of something, apparently
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Jaguar Sportbrake: The chicken tikka masala of van-sized posh cars
Indian-owned Jag's latest offering curries favour with us
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
Here's your chance to buy an ancient, working APPLE ONE
Warning: Likely to cost a lot even for a Mac
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.