I have never been a big fan of CA‘s products.
I was on the phone today with one of our vendors.
I nearly fell out of my chair when they quoted their security specialist who said; “Protecting your computer with CA Antivirus? You’re better off splashing holy water on your PC”. Best part is they are a big CA vendor too.
I knew Trend was better. Holy Water and PC’s just don’t mix.
Technorati Tags: CA Antivirus, Trend Micro, Holy Water
Very nice. Nice indeed.
The Spider of Doom
or
How Google ate my Website
Josh Breckman worked for a company that landed a contract to develop a content management system for a fairly large government website. Much of the project involved developing a content management system so that employees would be able to build and maintain the ever-changing content for their site.
Because they already had an existing website with a lot of content, the customer wanted to take the opportunity to reorganize and upload all the content into the new site before it went live. As you might imagine, this was a fairly time consuming process. But after a few months, they had finally put all the content into the system and opened it up to the Internet.
Things went pretty well for a few days after going live. But, on day six, things went not-so-well: all of the content on the website had completely vanished and all pages led to the default “please enter content” page. Whoops.
Josh was called in to investigate and noticed that one particularly troublesome external IP had gone in and deleted *all* of the content on the system. The IP didn’t belong to some overseas hacker bent on destroying helpful government information. It resolved to googlebot.com, Google’s very own web crawling spider. Whoops.
After quite a bit of research (and scrambling around to find a non-corrupt backup), Josh found the problem. A user copied and pasted some content from one page to another, including an “edit” hyperlink to edit the content on the page. Normally, this wouldn’t be an issue, since an outside user would need to enter a name and password. But, the CMS authentication subsystem didn’t take into account the sophisticated hacking techniques of Google’s spider. Whoops.
As it turns out, Google’s spider doesn’t use cookies, which means that it can easily bypass a check for the “isLoggedOn” cookie to be “false”. It also doesn’t pay attention to Javascript, which would normally prompt and redirect users who are not logged on. It does, however, follow every hyperlink on every page it finds, including those with “Delete Page” in the title. Whoops.
After all was said and done, Josh was able to restore a fairly older version of the site from backups. He brought up the root cause — that security could be beaten by disabiling cookies and javascript — but management didn’t quite see what was wrong with that. Instead, they told the client to NEVER copy paste content from other pages.
Originally Posted Here on The Daily WTF
Our support manager writes today:
All,
A customer today reported that they were not getting any of our email responses to their questions. They were upset that we weren’t answering, but after looking in Maximizer we could see that we were sending the replies within 4 hours. After some investigation they discovered that their spam filter was configured to block all emails containing the word “Cialis†since there is a ton of spam going around advertising that product.
While that didn’t seem like a bad idea, they weren’t being specific enough in their filter and it was also blocking the word “specialist†(speCIALISt)….as in Technical Support Specialist.
Just something to keep in mind if someone complains about not getting the emails we are sending. I suspect blocking against CIALIS will become more popular.
Regards,
Director of Customer Service
Technorati Tags: IT, Tech Support, Funny
Found this on a forum I visit, and it’s so fitting for so many things, now I just need to link it to something, a test of some sort…
To have your servers racked underneath (underneath!) your AC unit so this can happen.
Reminds me of a datacenter I visited somewhere in the vicinity of Wisconsin. The IT manager had been assured by the HVAC guy that it was ok to have the units in the ceiling of the datacenter because the units were guaranteed not to leak.
When I was there he had plastic sheeting over his server racks.
What a wonderful idea this is!
We all hate keeping track of our access cards. It’s such a pain in the @#$. How dare our employers expect us to carry something around with us all the time when we ourselves don’t even carry a wallet?
Some of you may have noticed the article recently in the Cincinnati Enquirer about a local company implanting RFID tags. We’ve decided this is a great idea and are offering it here as well.
Article: here
Since no one should have to reinvent the wheel, we’ve attached our Patient Surgery Information and Consent form for you to reuse if necessary:
RFID IMPLANT PATIENT SURGERY INFORMATION AND CONSENT FORM1.zip
An online version can be found here
Enjoy.