Spectrum Interactive send your password in plain text

Posted on by
Reply

Earlier this year I found myself using the wireless internet at a Moto service station – the access is operated by Spectrum Interactive. Once you register, they send you a helpful welcome email with your password in plain text:

spectrum password plain text
Sending your password in human-readable form is bad enough if emails are lost or intercepted, but it also indicates that they’re probably not encrypting the passwords in their database.

This way, if they ever get hacked an attacker will be able to read the passwords of all the users and try them against other accounts they may own.

Spectrum Interactive, please read this: http://en.wikipedia.org/wiki/Salt_(cryptography)

 

Ticketweb hacked, email compromised

Posted on by
Reply

Online ticket sales site Ticketweb, a subsidiary of Ticketmaster in the UK, sent this email to all users over the weekend:

We have discovered that our TicketWeb UK direct email marketing system was exposed to unauthorised access. As a result, you may have received up to four emails on Saturday, February the 11th, from an unauthorised party.

The email in question posed as an Adobe newsletter, but linked to a phishing scam. The email goes on:

We have taken immediate action to close the vulnerability. You can rest assured that none of your credit card information was vulnerable during this attack.

It’s not clear if the database was extracted and then used, or if access to their legitimate email systems was gained illegitimately and a scam sent.

ticketweb-hacked-email

 

Chrome 17 loses the ‘plus’ from the ‘new tab’ button

Posted on by
2

Now the cynic might say that the Google Plus brand team wanted to reduce confusion with their social network’s name. The result: the ‘new tab’ icon in Chrome 17 looks like it’s faulty.

It might sound like the most pedantic obsession over minutae, but stuff like this matters.

It matters not just for us user experience people who pore over every detail, but for ‘regular users’ who are forced to approach interface after interface: re-learning the basics over and over because of design decisions made without proper thought.

Here’s the new icon:

Chrome 17's new tab icon without the plus symbolInternet Explorer hasn’t had a ‘plus’ icon for years, but it’s part of the tab bar. In Firefox it’s tab-shaped and features a ‘plus’ symbol. The new button in Chrome is a different shape, location and colour to the tabs – how would a first-time user know that this opens a new tab? Even if they work it out, it’s an extra level of cognitive stress that should be totally unnecessary for the user.

If you’re interested in reading more about how complete novices use software, this is a fascinating read, from Jennifer Morrow’s blog:

I find Joe, a 60-year-old hospital cafeteria employee, in the food court looking suitably bored out of his mind. Joe agrees to do a user test, so I begin by asking my standard demographics questions about his experience with the internet. Joe tells me he’a never used a computer, and my eyes light up.

http://jboriss.wordpress.com/2011/07/06/user-testing-in-the-wild-joes-first-computer-encounter/