Archive for the ‘General’ Category
Wednesday, April 9th, 2008
UPDATE (4.12.08): The bug mentioned here has been resolved. Read the post and the updates at the bottom for the entire story.
I’ve been using H&R Block’s online tax services to do my taxes this year. While corresponding with one of their tax professionals through their online message center, I discovered a very serious security hole in their software. I won’t describe the exact steps here because I don’t want anyone to take advantage of this, but by clicking through the tax software in a specific order, I found that all of the messages in my message center were replaced with random messages between other customers and their tax pros. Many of these messages contained confidential information and had very sensitive attachments, like W2s and other financial documents, that I was fully able to download. The process of doing this is repeatable, so it’s definitely a bug.
I tried reporting this to H&R Block, but I don’t think I was very successful. Here’s how it went…
I called the H&R Block tech support number and spent 20 minutes on hold. A young woman finally answered and said, How may I help you? I explained that I was calling to report an urgent issue, where I could see other customer’s private information in my message center. Her only response was to give me another phone number to call.
I called the new number and spent another 20 minutes on hold. A young woman finally answered and said, How may I help you? I explained that I was calling to report an urgent issue, where I could see other customer’s private information in my message center. Her only response was, So… how may I help you? I repeated that I was calling to report a serious bug in their system to which she replied, I can open a support ticket for you, if you like? At this point I asked for her supervisor. After 40 minutes on hold, the supervisor came on the line and said, How may I help you?
By now, I’m pretty pissed off. I can’t believe I just spent an hour and a half on the phone trying to relay this issue and I’m no closer than I was when I started. I gave the supervisor the facts, and he asked me for my username. He logged into my account, but for whatever reason the screens he sees are different than the ones that I see, so he couldn’t click on the required items. My only option was to verbally describe the screens and steps required to reproduce the bug. He put me on hold for a few minutes, and then came back on and thanked me for reporting this issue. That’s it.
When I relayed the procedure to the supervisor, I rattled it off fairly quickly. I actually expected him to escalate the issue to a higher level tech support and I would be repeating it in more detail to someone else. But, he didn’t, at least not with me still on the phone. He didn’t appear to be taking any notes either, so I don’t know if he actually got it or not. It’s possible they were recording the call, but there was no standard message about that at the beginning, so I don’t know.
In addition to the security bug itself, I can’t believe I had such a hard time communicating the seriousness of this problem. Not only is H&R Block potentially screwing its customers, but they’re also opening themselves up to a giant lawsuit. One thing is for sure… I will NOT be using H&R Block Online again next year.
UPDATE (4.10.08): I don’t know if my support call yielded any results, but I did forward this blog post to the tax pros I had interacted with through the H&R Block website, and they are taking action. I was contacted by two different support people and we ran through the procedure to replicate the bug. They’re looking into it now. I’ll continue to update this post with any new information I receive.
UPDATE (4.11.08): H&R Block has informed me that they’ve identified the cause of the bug and are working on the fix now. They hope to have it implemented by late tonight. I’ll be testing this later to confirm the fix. They’re also doing research to determine how many people may have been impacted by the bug. They told me that initial data suggests it was a relatively small number of users. I’ll update this post when I know more.
UPDATE (4.12.08): This morning I tested the system on my account and my girlfriend’s. Everything appears to be fixed.
Although this whole thing started out a bit rocky due to undertrained phone-support employees, I am glad to see that once the word reached the right people they did take swift action in solving the problem. To some degree I guess this incident is a testament to the power of blogging. I can’t say this with absolute certainty, but I personally believe that forwarding this post to the tax pros I worked with did more to get this resolved than my phone call to tech support.
In the interest if absolute transparency, I should also mention that in return for the trouble I had with tech support, and my assistance in trouble-shooting the system, H&R Block did refund the cost of this years return and offered me free tax preparation for next year.
Posted in General | 2 Comments »
Monday, January 28th, 2008
I received an email this morning through the contact form on my online portfolio. At first glance it seemed like a nice compliment…
“MESSAGE 1: Paul, I have spent the last hour pouring over all of your work, and it is fantastic. Certainly, I am studying for a degree in Graphic Design and Mass Media and, after graduation, hope to land a job as a Multimedia Designer. Finding you and seeing what you have all been involved in makes me very excited about this field of study. If you don t mind, and if you have time, I was wondering if you could answer just a few questions I have about what you do and how you do it. They won’t be too tough and shouldn t take much time to answer, I promise! If you are willing please let me know.”
My first thought was cool, I guess I can spare a little time to help someone out who wants to break into this industry. But, as I continued going through my morning email I came across this one, also from the contact form on my portfolio site…
“MESSAGE 2: hello,im xiau here,can knw more about you? cause i have to write a report about mutimedia designer… Insite my report,my content must have,designer’s introduction,background profile,portfolio,style of act work and achievement. Can you be my multimedia designer’s target? hope to hear from you soon…”
At this point, I’m thinking… that’s odd, a second email regarding questions about being a Multimedia Designer, except this one doesn’t look quite right. Now, I suppose it’s possible that there is some kind of class assignment somewhere, and my site was passed around (to a foreign exchange student who doesn’t speak much english), but the second email looks a lot like spam to me. But, I didn’t think about this too much. I continued going through my email, until I saw a third one, this time from the contact form on this site (One Digital life)…
“MESSAGE 3: Hi, doing some it coursework calld Dance o clock and was wondering if i could use a pic, this is not be seen by anyone exept the examiner and i will only use the pic for this course work Thanks If you dont reply with in 1 day i will take it as a yes (Sorry have to say that, teachers orders)”
This last one is a fair amount different in that it doesn’t mention Multimedia. But, it is odd that all 3 relate to education is some way, and I received them all in one night.
So, what do you think… do I have 3 legitimate emails, 3 spams, or some of each with an odd coincidence in timiing?
Posted in General | 6 Comments »
Thursday, January 3rd, 2008
“The Australian Government has announced that they will be joining China as one of the few countries globally that broadly censor the internet.”
Read More on TechCrunch
Apparently this was originally proposed as an opt-in policy meant to protect children from questionable material, but at the last minute they decided to implement it for everyone. You can opt-out, but you may end up on a list somewhere.
I’m all for protecting children, but I strongly disagree with policies being applied with such broad strokes.
via Thomas Hawk
Posted in General | No Comments »
Wednesday, December 12th, 2007
If you haven’t already heard, compUSA is closing it’s doors forever. Apparently they’ve been losing money for years, and were finally sold to an investment firm which will be liquidating their assets.As of now there is no hard date for closing all 103 stores. They will remain open at least through the holidays. Supposedly they’ll have some pretty steep sales, so you may want to keep an eye on your local store if you’re in the market for electronics on the cheap. Just hope you don’t have to return something.
Posted in General, Hardware | No Comments »
Tuesday, December 4th, 2007
If you’re using Media Temple’s Grid Service (gs), you probably already know that they’ve had a few hiccups with the service over the last few months. For me, it hasn’t been anything too terrible, but it has been fairly annoying at times.
This morning, Media Temple CEO, Demian Sellfors, made a public apology on the company’s blog. And, he announced that they would be giving all (gs) customers a two month credit for their troubles.
The credit should automatically show up in the billing section of you MT Account Center. As of this afternoon, mine hadn’t been posted, so I left a comment on their blog post about it. Shortly after leaving my comment, they posted the credit to my account, and emailed me to let me know it was there (Thanks guys!). If you’re a (gs) customer, you may want to check your Account Center to make sure you got the credit.
Although I haven’t been very happy with the downtime Media Temple has had lately, I still think they’re a good company. I’m willing to stick with them for a while longer. And, I would even still recommend them. Sometimes, shit just happens. It’s how the company deals with that shit that determines their commitment to their customers.
There is one side-note to this that I think is a little strange. I subscribe to the rss feed for Media Temple’s blog so I can keep track of any incidents they post. There has been a continual stream of posts coming in over the last few days about some trouble they were having with upgrades, which ultimately lead to the apology I mentioned. But, as far as I can tell, when you visit the blog in your browser, none of those posts are shown. They appear to only be available via the feed. Maybe I’m missing something, but this seems strange to me.
If you’re a Media Temple customer, you may want to subscribe to their feed, and not just visit the blog. Otherwise you may not get the whole story.
Posted in General, Technology | 1 Comment »
Friday, October 19th, 2007
“When asked if he was a happy man, the Dali Lama replied that emotions will rise and fall like waves of the ocean, but underneath at its center the ocean is always calm.”
[ Republished from Thomas Hawk’s Digital Connection ]
Posted in General | No Comments »
Tuesday, October 9th, 2007
Holy Crap! It’s been a month since I last posted anything here. I really have been a slacker, haven’t I. I haven’t been very good about blogging (for several months now), but in this case I really did think it had only been a couple of weeks. I was shocked when I realized the truth.
The last thing I wrote about was the $200 price drop on the iPhone. I actually had a lot more to say about that, including why I think Apple did what they did, but I’m going to go ahead and let it drop. Too much time has passed now.
New posts will be coming shortly.
Posted in General | No Comments »
Tuesday, August 14th, 2007
I think it’s good to ocassionally remind ourselves just how small we really are.
via SwissMiss
Posted in General | 1 Comment »