Mailbag: 500 Hard Drives, Yeah, sure…

Field Reports

From today’s mail, slightly sanitized enough to protect the companies whose names or contact data are being abused:

Hello, We want to place an order for 500 units new Western Digital Caviar Blue 500GB SATA/600 (WD5000AAKX) 7200RPM 16MB Hard Drive (OEM).
Do get back to us with your price quote which should include FedEx next day A.M shipping to our I.T location in Deerfield Beach, FL ____.
Method of Payment would be net 10 terms. We look forward to your immediate response.
Thanks,
Kevin Douglas
Puchase Manager
The Twister Group
________
Glenview, IL 60025
Phone: 855-_________ext 374 Fax: 877._______
Email: _______

Yeah, right. 500 hard drives, net 10 terms, shipped to Florida by early-day overnight delivery–hot rush, but billed to Illinois on credit terms to an unknown company, when your web site looks like this:

Twister Group

The fax number provided goes to a real electronics distributor in Indiana, no relation.

So I’m just wondering…. Are there companies stupid enough to ship this order?

For anyone selling computer hardware on the internet, expect orders for hardware to fall from the ‘net, and expect them to be fake. I had one last year that needed 6 notebook computers and 3 network routers with VPN support, drop-shipped to Florida, with a credit-card billing address in Georgia, and would you please bill it to these three credit cards in equal amounts? What? The numbers are consecutive? Really?

I called the bank on that one, after looking up the first 4 digits of the card numbers to identify them, and had a chat with their fraud department. They told me, short version, “Unbelievable. Impossible. Felons.” Words to that effect.

Fraud on the Internet goes both ways. It’s not just shady Internet vendors–every possible opportunity to have a transaction is being attacked.

Windows Update Broke My Computer… not!

Identification

Yesterday was Patch Tuesday. That’s the monthly release date for Microsoft to push out patches for Windows; it’s always on the second Tuesday of the month. Today, I’m getting phone calls about computers being down.

First call: “When I looked at the computer this morning, the screen said it was shutting down. It just sat there, so I rebooted. Nothing. Blank”

My questions: Does that computer run all the time? (Yes, it backs up at night to an external drive.)

So it hasn’t rebooted in a while? (I guess.)

“OK, unplug the external hard drive and any other USB storage devices, and reboot.” That fixed it.

Why? Because PCs of a certain age, circa 2003-2006, frequently dislike booting with a USB storage device plugged in. The machine is never turned off, until Windows Update comes along and forces a reboot.

Second call: “I thought I broke it. It was just sitting there with a spinning message forever. I let it run and it eventually shut down. My husband says I broke it again. You repaired it last week!”

Answer: LOTS of big patches last night. Slow shutdown was normal; patches were installing.

Hey, Microsoft! Automatic patching is clearly doing more good than evil, BUT clear communications would really help. Like “Your monthly security patches from Microsoft are installing right now. These happen on a regular schedule. Learn more at: (simple link that can be remembered for later)” NOT “Your computer is shutting down” or “Installing… Do not turn off your computer…” Clear messages that say that you’re working to improve their security are better than techie messages that say their systems are going DOWN. 🙁

Don’t scare your customers. That’s the job of the bad guys.

Shockwave 11.5.8.612, Multiple Patches

Patches

There’s a new version of Shockwave from Adobe. It’s now at version 11.5.8.612, updated to block multiple problems that allowed third-party code to run without the appropriate permissions.

Update at http://get.adobe.com/shockwave/

More information at Homeland Security:
http://www.us-cert.gov/current/index.html#adobe_releases_security_bulletin_for8