Bone-Headed IT Mistakes

snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."

Printer Friendly Version

[Adradis]

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/06/16/25FE-stupid-users-part-3-admins_1.html [infoworld.com] Printer friendly version, rather then 7 pages.

Re:Printer Friendly Version

[Applekid]

Even the printer friendly version has text ads sliming it up, and they were practically more distracting than regular ads since they look identical to heading nodes within the article.

Eh, is it time to just hosts out infoworld.com so I don't frustrate myself trying to read anything they product?

Re:How About...

[Rakishi]

That wasn't an IT mistake, that was IT following their client's request perfectly. Mistake implies something did not have the desired result.

Bone-headed IT Mistakes: The Series

[mmkkbb]

The RISKS Digest [ncl.ac.uk] never gets old.

Re:"The tool and the toolbar"

[bluej100]

That story is almost word-for-word the same as an Alexa deleted my pages rant [slashdot.org] on a previous anti-Alexa Slashdot article [slashdot.org]. Apparently whoever compiled this article didn't read the reply to that post.

Re:My bigest boneheaded move

[Anonymous Coward]

By copying his script to "/usr/bin", he over-wrote the system command of the same name. On unix and unix-like systems, "df" is a command that reports disk usage [ed.ac.uk].

So this probably had two nasty side-effects:
1. Whenever any other user typed "df" to determine how much disk space was left, their shell environment would get suddenly "re-customized" to the settings that Mr. D.F. liked. Depending on what was in the script, this could have been merely annoying ("Why did my shell colors suddenly change?") to downright crippling (causing people's preferences to be stored in the wrong place, thereby breaking all kinds of software).
2. Most utilities in *nix end up being used in a wide variety of other utilities, scripts, and system processes. As a result, a whole slew of standard operations probably broke as a result of "df" returning garbage data. This may have broken some system loggers, or disk caps, or maybe it triggered emergency "disk nearly full!" emails being sent to all the admin staff.

Moral of the story: wield root wisely.

Re:My bigest boneheaded move

[pclminion]

What does that do? A cursory google search got me nothing of any use in explaining what that does.

When Googling UNIX-specific stuff, especially with terms as generic as something like "df", it often helps to insert the word "man" as an additional search term: "man df" Little tip'o'the day.

Re:Printer Friendly Version

[Hattmannen]

Two words for you: Firefox [getfirefox.com] and Adblock. [mozdev.org] (ok that's actually three, the latter of which is a composite word, but don's you mind that) Set the right filters and it takes care of Google's text ads as well.

Re:My bigest boneheaded move

[Anonymous Coward]

This guy's problem isn't that he named the script df, it's that he puts his local scripts in /usr/bin .

Never, ever do that kids, ever. Search paths are arbitrary, filesystem layout is not.

Re:Printer Friendly Version

[halcyon1234]

Plain Old Text, no ads:

For those of us who make our living behind a keyboard in IT, it's hard to imagine a more time-tested vulnerability than the end-user. Armed with network access, these IT viruses wreak havoc nearly everywhere you look -- havoc borne of tech idiocy.

Of course, not all computer users live to cause mayhem, sowing the seeds of destruction in our metaverse, merely by clicking every last Storm worm variant that appears in their inboxes. In fact, sometimes the worst offenses spring from our own ranks, hatched by individuals whose stated mission is to help technology work better: the IT admin.

For the most part, we IT folks toil away unsung in often miserable conditions just to make workplaces more efficient, secure, and supportive of end-user needs. But then, a few of us -- well, we can be caught doing some really dumb things.

So having kicked the user to the brain-dead curb in "Stupid user tricks: Eleven IT horror stories" and "More stupider user tricks: IT horror stories redux," it's only fair that we turn the spotlight inward to expose a few legendary IT brain farts committed by those who are paid to know better.

Preconfiguring PCs with stone-age malware

Incident: Toward the end of 2006, several high-profile consumer electronics companies -- both makers and retailers -- ended up with egg on their faces when reports surfaced that they were shipping to consumers devices infected with malware. Apple's Video iPod and several models of digital photo frames were found to be infecting the computers of unsuspecting users the first time they were plugged in. The risk associated with those infections was significant. In the end, however, the damage was limited.

A year later, though, that wasn't the case. In September 2007, German computer maker Medion announced that as many as 100,000 laptop computers sold through Aldi superstores in Germany and Denmark came preinstalled with Windows Vista, the Bullguard anti-virus program -- and a virus.

The case could have been devastating for the privacy or information security of anyone who bought one of the laptops. Modern malware, highly adept at stealing information such as bank account log-ins or credit card numbers, poses a real risk to consumers and companies alike.

Only, it wasn't, because the virus, Stoned.Angelina, dates back to 1994, a full year prior to the launch of Windows 95, let alone the advent of widespread Internet access or online commerce.

Thankfully, Stoned.Angelina isn't a particularly dangerous virus, at least not to anything more recent than DOS. It's a boot-sector virus that replicates itself by copying itself to floppy disks. Remember those? The Medion laptops didn't even have floppy drives.

Medion never said exactly how this historic malware relic ended up in the default image on so many laptops. In the case of the iPod and photo-frame infections, the malware came from an infected machine in the factory in China that assembled the final products and installed the software onto the devices' internal storage.

When you consider just how difficult it must be to load Stoned.Angelina onto a modern computer, you get a sense at how boneheaded the IT guy would need to be in order to infect a drive image used in tens of thousands of hard drives.

Fallout: With no way to spread and no effect whatsoever on Windows Vista, Stoned.Angelina took its toll mainly on Medion, making the company a laughingstock. The punch line: Even though the machine came preloaded with an anti-virus app, the anti-virus engine couldn't clean the system. Bullguard later released a repair program that cleaned out the boot sector, just in case you, someday, somehow, found a floppy drive that worked with the laptop and inserted a disk.

Moral: One, don't let the guy running an old copy of DOS on his computer build your drive images. And two, if you're going to deliberately infect thousands of computers, pick malware that's actually going to do something.

Oh, you wanted to recover those b