Bone-Headed IT Mistakes 259
snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."
Printer Friendly Version (Score:5, Informative)
Re:Printer Friendly Version (Score:3, Informative)
Eh, is it time to just hosts out infoworld.com so I don't frustrate myself trying to read anything they product?
Re:How About... (Score:5, Informative)
Bone-headed IT Mistakes: The Series (Score:5, Informative)
Re:"The tool and the toolbar" (Score:5, Informative)
Re:My bigest boneheaded move (Score:5, Informative)
So this probably had two nasty side-effects:
1. Whenever any other user typed "df" to determine how much disk space was left, their shell environment would get suddenly "re-customized" to the settings that Mr. D.F. liked. Depending on what was in the script, this could have been merely annoying ("Why did my shell colors suddenly change?") to downright crippling (causing people's preferences to be stored in the wrong place, thereby breaking all kinds of software).
2. Most utilities in *nix end up being used in a wide variety of other utilities, scripts, and system processes. As a result, a whole slew of standard operations probably broke as a result of "df" returning garbage data. This may have broken some system loggers, or disk caps, or maybe it triggered emergency "disk nearly full!" emails being sent to all the admin staff.
Moral of the story: wield root wisely.
Re:My bigest boneheaded move (Score:5, Informative)
What does that do? A cursory google search got me nothing of any use in explaining what that does.
When Googling UNIX-specific stuff, especially with terms as generic as something like "df", it often helps to insert the word "man" as an additional search term: "man df" Little tip'o'the day.
Re:Printer Friendly Version (Score:2, Informative)
Re:My bigest boneheaded move (Score:1, Informative)
Never, ever do that kids, ever. Search paths are arbitrary, filesystem layout is not.
Re:Printer Friendly Version (Score:5, Informative)
For those of us who make our living behind a keyboard in IT, it's hard to imagine a more time-tested vulnerability than the end-user. Armed with network access, these IT viruses wreak havoc nearly everywhere you look -- havoc borne of tech idiocy.
Of course, not all computer users live to cause mayhem, sowing the seeds of destruction in our metaverse, merely by clicking every last Storm worm variant that appears in their inboxes. In fact, sometimes the worst offenses spring from our own ranks, hatched by individuals whose stated mission is to help technology work better: the IT admin.
For the most part, we IT folks toil away unsung in often miserable conditions just to make workplaces more efficient, secure, and supportive of end-user needs. But then, a few of us -- well, we can be caught doing some really dumb things.
So having kicked the user to the brain-dead curb in "Stupid user tricks: Eleven IT horror stories" and "More stupider user tricks: IT horror stories redux," it's only fair that we turn the spotlight inward to expose a few legendary IT brain farts committed by those who are paid to know better.
Preconfiguring PCs with stone-age malware
Incident: Toward the end of 2006, several high-profile consumer electronics companies -- both makers and retailers -- ended up with egg on their faces when reports surfaced that they were shipping to consumers devices infected with malware. Apple's Video iPod and several models of digital photo frames were found to be infecting the computers of unsuspecting users the first time they were plugged in. The risk associated with those infections was significant. In the end, however, the damage was limited.
A year later, though, that wasn't the case. In September 2007, German computer maker Medion announced that as many as 100,000 laptop computers sold through Aldi superstores in Germany and Denmark came preinstalled with Windows Vista, the Bullguard anti-virus program -- and a virus.
The case could have been devastating for the privacy or information security of anyone who bought one of the laptops. Modern malware, highly adept at stealing information such as bank account log-ins or credit card numbers, poses a real risk to consumers and companies alike.
Only, it wasn't, because the virus, Stoned.Angelina, dates back to 1994, a full year prior to the launch of Windows 95, let alone the advent of widespread Internet access or online commerce.
Thankfully, Stoned.Angelina isn't a particularly dangerous virus, at least not to anything more recent than DOS. It's a boot-sector virus that replicates itself by copying itself to floppy disks. Remember those? The Medion laptops didn't even have floppy drives.
Medion never said exactly how this historic malware relic ended up in the default image on so many laptops. In the case of the iPod and photo-frame infections, the malware came from an infected machine in the factory in China that assembled the final products and installed the software onto the devices' internal storage.
When you consider just how difficult it must be to load Stoned.Angelina onto a modern computer, you get a sense at how boneheaded the IT guy would need to be in order to infect a drive image used in tens of thousands of hard drives.
Fallout: With no way to spread and no effect whatsoever on Windows Vista, Stoned.Angelina took its toll mainly on Medion, making the company a laughingstock. The punch line: Even though the machine came preloaded with an anti-virus app, the anti-virus engine couldn't clean the system. Bullguard later released a repair program that cleaned out the boot sector, just in case you, someday, somehow, found a floppy drive that worked with the laptop and inserted a disk.
Moral: One, don't let the guy running an old copy of DOS on his computer build your drive images. And two, if you're going to deliberately infect thousands of computers, pick malware that's actually going to do something.
Oh, you wanted to recover those b