Monthly Archives: February 2010

Offtopic – a story about customer service (or lack of such)

Posted on by
1

So some of you know that I switched (back) to a mac. Great.

One tiny thing mudded the whole experience – a couple of days after getting the Macbook Pro, I’m finding a single “stuck” pixel. Really annoying (nothing life-threatning, but definitely not Apple-like…). So I call support. Great guys on the phone, really appreciative (and just as annoyed as I was by the pixel). Too bad I was on my way back to Israel – the land of service that sucks.

And so I’m faced with the local Apple representative (hope that they wouldn’t stay Apple affiliated after this) – who got the repair order from Apple US – to replace the screen or the entire laptop (yes – they would do that in the US…). BUT (and that’s a big BUT) – the local guys aren’t as savvy to help as their US counterparts. Especially if the laptop was not bought at the local Apple store (where the prices are literally double than in the US – and you get dirt on your keyboard in the form of Hebrew alongside the English engraving).

Long story short – laptop left at the authorized service center just to be returned with a “we don’t fix issues that concern dead or stuck pixels – live with it”.

Fast forward one week – entering a web scheduled Genius appointment at an Apple store in the US. Was late 20 minutes (flight delays). Huge line, but local crew is super supportive, getting the manager to deal with me (laptop is being used for work, and I kind’a got attached to it…). 2.5 hours later I get an email – come pick your laptop – we fixed it (in Israel it took them a whole day – without even touching it). Picked up the laptop when the store was CLOSED (staff was happy to assist, and offered additional support and tips).

Laptop has EVERYTHING new (looks like they just swapped out my disk and memory to a fresh piece). Fully working, no bad anything, one happy customer.

How F*#&ing hard was that huh?

The China/Google thing, accountants and other miscreants

Posted on by
Reply

Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I know… had REALLY good reasons for not being able to post anything) was somewhat oracleish in predicting that this would be the focus of this year.

Just to set the stage right – we are at a point where I just saw a USA Today “Money” section front page article on how Google’s engagement with the NSA post the breach will affect the security vendor market, and a few VCs were also quoted to the fact that we will be seeing IPOs this year that will ride this trend.

Overhyped – definitely. Real – just as it’s overhyped. You must be asking then what to do? If the hype is too much, then there must not be so much behind these scary global cyberwar threats! Not exactly – the threat exists, and countries do deal with making sure they have an edge over everyone else (see how I didn’t use adversaries… hint, hint ;-) ), but at the same time this has been happening for years now.

The news here is somewhat lukewarm when compared to the hype. The news is that it is becoming common knowledge that companies tend to miserably fail when keeping their own intellectual and informational assets under wraps. The news is that even the “do no evil” Google(tm) have their own share of problem using old(tm) (or should I say pathetically insecure?) software inside the Googleplex.

But let’s dig a little deeper past the hype – have anyone heard of the fourty-something other “big” companies that were affected? have anyone heard of the thousands of companies that deal with data of sensitive nature (whether they know it or not) that also have a big job ahead of them dodging the flak from their local government trying to make sure the exposure is somewhat lessened? Probably not.

I’ve have the questionable pleasure of assisting some of these entities – which have anywhere between loose and close ties to local and federal government (either providing data at will, or being relied on for compiling national threat level information at varying level of the threat modeling). Without getting into any specific details I can truly say that I was simply disappointed. A lot of good people trying to do good things, but ev

entually (as always) a big fat failure due to some sideline error brings the whole security architecture down. Things as easy as applying service packs, eliminating use of old un-pached software (IE6 – are you still here? I think I to

ld you to get out and never come back again!) and just plain good-ole’ malpractice.

Without sounding too dreary (I’m sure the horrible weekend east-coast weather is doing that to me) we still have our work cut out for us. As long as people (non-security-industry ones) are ignorant regarding the implications of their actions in an all-connected world (nice evasion of “cyberworld”!), holes will be cut open in any modern security design – no matter how well it was thought to be, or how much money was thrown into it. With almost zero-cost, we managed to implement an “idiot-proof” system that would just stop these things from happening for one of the companies…

What can you do? remember how we were taught to plan for the worst – count people in that too. Your people. They may be the smartest guys in accounting, or marketing, or production, but in terms of information assurance they can be your worst enemy (no offense guys, but it’s just like that…).