Drew's House Of Insomnia

I’m always impressed with the creative ways people can launch side-channel attacks on cryptographic software:

Stealing encryption keys through the power of touch

Yikes, 0-for-2 in the 3rd round for a total of 7-for-14.

Here’s the prediction for the finals:

Los Angeles Kings vs. New York Rangers – Los Angeles in 7

<begin rant>

After eBay’s recent announcement of an attack on their infrastructure that may have compromised user passwords, the company has made a very lacklustre attempt to get users to reset their passwords.

Despite not having used it for years, I dutifully attempted to reset my password for my eBay account this morning. Good grief Charlie Brown! What an absolute waste of time!

I use a password manager which can auto-generate cryptographically secure passwords which means that I don’t have to memorize (or write down) dozens of secure passwords. You would think that this is a good thing, but when it came to resetting my eBay password, you would be wrong.

I regenerated the password and then copied and attempted to paste it into the new password field.  Guess what? The field has some kind of javascript preventing the pasting of values (disclaimer: I’m using Google Chrome on a Mac). Ironically, when logging into eBay, I can paste something from the clipboard into the password field.

After getting over that frustration, I manually typed out the password only to get a message about no whitespace characters being allowed. I checked the password and no whitespace characters were present. I assumed that I had added a space somewhere along the way and went to re-enter the password only to get the same message. After some javascript wizardry, I found that somehow, certain symbols (<, >, _, -) were being converted to spaces prior to submission to eBay.

At this point, I nearly lost my marbles. I regenerate a new password, eliminate any offending symbols, and replace them with some suitably random elements. I hit submit only to be told that the passwords didn’t match. The next attempt finally worked but I can definitely say that I’m not impressed.

All I can conclude from this whole fiasco is that eBay doesn’t give a damn about their users’ use of passwords. This Mickey Mouse security approach (limiting the use of symbols?!??!!) is a bad joke. I shudder to think what is happening to users much less technical than myself who might have had to go through this experience.

To the eBay engineers and programmers who developed this system I say: do your company and your users a favour and find a new line of work; you clearly aren’t competent enough to handle the responsibility.

</end of rant>

After going 1-for-4 in the second round (who the heck would have picked Montreal AND New York?!?!?!) to bring my overall record to 7 for 12, here are my predictions for the 3rd round:

Montreal Canadiens vs. New York Rnagers – Montreal in 6

Chicago Blackhawks vs. Los Angeles Kings – Chicago in 7

I went 6-for-8 in the first round, which isn’t bad, so now we’re onto the 2nd round predictions:

Anaheim Ducks vs. Los Angeles Kings – Anaheim in 6

Chicago Blackhawks vs. Minnesota Wild – Chicago in 5

Boston Bruins vs. Montreal Canadiens – Boston in 6

Pittsburgh Penguins vs. New York Rangers – Pittsburgh in 6