It has been nearly a decade since Seth Godin’s book “Purple Cow: Transform Your Business by Being Remarkable” was released. To explain the term “Purple Cow”, Godin describes driving across the English countryside and seeing cows grazing in lovely pastures right near the side of the road. It was an incredible site… at first. But, not long into the journey they became commonplace and boring. Every cow looked the same.
For a cow to standout in this setting it would need to be remarkable. A purple cow, for example, would surely stand out. It would be something that grabbed your attention, was worth paying attention to, and was worth talking about.
The most recent and glaring example of a Purple Cow in the lottery industry has been the Black ticket. In a sea of ultra-colorful, bright, and even sometimes sparkling tickets, the one that stands out is the one that is none of these things.
At OrderPad, we’re anxious to see what the next Purple Cow within the industry will be. And we’re even more anxious to see who will have the courage to create it.
Always be nice to people who play the Lotto 6/49.
“Whose world could you change?”
Writing for the web is different than writing hardcopy. Shorter is better than longer, and conciseness is king. On the Retailers section of its website, the Lottery explains that being a Montana Lottery retailer is a smart business move if you’d like your store to have more buzz, more traffic, more sales, and more loyalty.
New York Lottery is the Michael Jordan of advertising; they’re so good at it that they make it look easy.
What have you and your friends always wanted to do?
As consumers of online services, it becomes easy to take for granted that the information we provide when registering for well-known web sites is stored safely and securely. But what about a web site created by a smaller company like yours truly? In this blog post, I will provide a specific example of why web sites created by large companies are not inherently more trustworthy, followed by an overview of the options software developers have when storing sensitive information like user passwords. Finally, I will discuss the choice we made when we created Lottery Answers, and why we made it.
It seems that each new week brings news of more Sony web sites being hacked. If you recall, in late April, information for over 100 million user accounts was stolen when hackers gained access to the databases behind Sony’s PlayStation Network and Sony Online Entertainment.
Since then, hackers have attacked various regional Sony web sites, but the latest attack is notable for a very specific reason: the passwords for over 1 million user accounts were stored in plaintext, which means they were stored exactly as the users entered them, unencrypted in any way. When you consider that many people use a single password for all of their online accounts, including their email and banking, it becomes very clear how bad this situation is.
For consumer web sites, there are three primary methods for storing user passwords: plaintext, encrypted, and hashed. Sony has provided a perfect example of why plaintext passwords should never be stored, so nothing more needs to be said about this method of storing passwords.
Encryption can be used to store a password securely, but encryption is a two-way street, and an encrypted password can be decrypted if the attacker also has access to the cryptographic key. Is this safe? Consider that if an attacker has gained access to the database, there is a good chance they also have access to the application files that are used to run the web site. Even if this is compiled code, it can be disassembled, and someone snooping through the code could determine what the key is, instantly revealing every password in the database.
Finally, we can use a method known as hashing. When a password is hashed, the result is something that doesn’t look anything like the original password, much like when the password is encrypted. Hashing, however, is a one-way process. You cannot “un-hash” the hashed password, which removes the weakness of having a single key that would give an attacker access to every password in the database.
When we created the Lottery Answers web site, we made the decision very early on to store passwords as securely as possible, which means we hash passwords before saving them to the database. Lottery Answers isn’t a likely target for hackers, but knowing that people tend to reuse their online passwords, we absolutely, positively did not want to be “that site”, the one that got hacked and had their users’ passwords stolen. We know many of you personally, and we would never want to be responsible for putting your online security at risk.