Google’s 1-character typo locked users out of their phones and more

Google says it has fixed a major Chrome OS bug that locked users out of their devices. Google’s bulletin says that Chrome OS version 91.0.4472.165, which was briefly available this week, renders users unable to log in to their devices, essentially bricking them.

Chrome OS automatically downloads updates and switches to the new version after a reboot, so users who reboot their devices are suddenly locked out them. The go-to advice while this broken update is out there is to not reboot.

ChromeOS is open source, so we can get a bit more detail about the fix thanks to Android Police hunting down a Reddit comment from user elitist_ferret. The problem apparently boils down to a single-character typo. Google flubbed a conditional statement in Chrome OS’s Cryptohome VaultKeyset, the part of the OS that holds user encryption keys. The line should read “if (key_data_.has_value() && !key_data_->label().empty()) {” but instead of “&&”—the C++ version of the “AND” operator—the bad update used a single ampersand, breaking the second half of the conditional statement.

I spent a fair piece of time as an English major. I practically have a major neurological breakdown every time I bump into a typo. Which means – on the InterWebiTubes – probably once or twice per hour. Or more.

This one wins the prize horse laugh.

Hacker’s typo stopped a billion dollar bank heist from the Fed

A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve…

Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka…

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled “foundation” in the NGO’s name as “fandation“, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said…

At the same time, the unusually large number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis…

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

The transactions that were stopped totaled $850-$870 million…

Never steal anything small still works, I guess.

Initial releases of info on the crime is over here. No mention of the typo. Discussion I watched on BloombergTV Asia said there are 2-step verification protocols in place for Fed transfers – and they were ignored in favor of order entry codes. Whatever is true, I ain’t impressed – if it takes a typo to stop a con like this one.

Wells Fargo typo leads to foreclosure – victim dies in court

delassus_luau
Larry Delassus, disabled veteran, at a seniors’ get-together last August

On the morning of Dec. 19, 2012, in a Torrance courtroom, Larry Delassus’ heart stopped as he watched his attorney argue his negligence and discrimination case against banking behemoth Wells Fargo.

His death came more than two years after Wells Fargo mistakenly mixed up his Hermosa Beach address with that of a neighbor in the same condo complex. The bank’s typo led Wells Fargo to demand that Delassus pay $13,361.90 ­— two years of late property taxes the bank said it had paid on his behalf in order to keep his Wells Fargo mortgage afloat.

But Delassus, a quiet man who suffered from the rare blood-clot disorder Budd-Chiari syndrome and was often hospitalized, didn’t owe a penny in taxes.

One of his neighbors, whose condo “parcel number” was two digits different from Delassus’, owed the back taxes…

Delassus and his attorney did not discover until May 2010 that a mis-entered number had dragged Delassus into this spiral. As court documents obtained by L.A. Weekly show, after admitting its error, Wells Fargo foreclosed on Delassus anyway and sold his condo.

Delassus had to move to a tiny apartment in an assisted-living home in Carson.

Friends say he didn’t die of heart disease that day in court, as the coroner found. He was, they believe, killed by a system so inhumane that it could not undo a devastating piece of red tape the system itself created…

He really thought he was gonna get his place back,” Popovich says. “He thought if he told the truth, they could do something for him.”

RTFA. Wander through the chronology. Understand that Wells Fargo continued their case against Delassus even after it was clear their own screwup caused the conflict.

And the judge admits, now, she was going to side with Wells Fargo!

Celebrity cereal box lists phone-sex line instead of charity

The telephone number pasted on boxes of cereal named for Cincinnati Bengals wide receiver Chad Ochocinco was supposed to be for a charity — but mistakenly directed callers to a sex line, the player’s agent said on Thursday.

The wrong number was given by the Feed the Children charity,” Ochocinco’s agent Robert Bailey said. “It’s a shame because it’s a good cause.”

The outspoken Ochocinco said he was confident the mistake — an 800 area code was substituted for 888 — would be corrected by PBL Sports, the marketing company behind “Ochocincos” cereal.

A portion of the $5 price of each box goes to the Feed The Children organization, according to PBL’s website.

In a tweet, the football player had directed fans to his own website and urged them to order his cereal, adding, “Start your day with a lil suga!!!”

That’s a genuine HAR!

Mint fires boss over coin typo


Daylife/AP Photo used by permission

Chile’s mint has sacked its managing director after he sent into circulation thousands of coins bearing an incorrect spelling of the country’s name.

The 50-peso coins, worth around 10 U.S. cents each, were issued in 2008 with Chile spelled “Chiie” — an error that was only noticed late last year.

Director Gregorio Iniguez has been fired over a series of issues, including the misspelled coins, which have brought the institution into disrepute,” a mint official told Reuters on Friday, speaking on condition of anonymity.

Yes, if you can find any hang onto them. Screwups like this always appreciate better than the real deal.

When a dyslexic driver programs the GPS…

A Swedish couple in search of the isle of Capri drove to Carpi, an industrial town in northern Italy, because they misspelt the name in their car’s GPS.

Italian officials say the couple asked at Carpi’s tourist office where they could find Capri’s famous Blue Grotto.

The car’s sat nav system had sent them 650km off course to Carpi.

Capri is an island. They did not even wonder why they didn’t cross any bridge or take any boat,” said a bemused tourism official in Carpi.

Once they realised their mistake, the couple got back in their car and headed south, the official added.

Maybe GPS should come with spell check?

Call the Feds to buy your duck stamp – and get phone sex!


NSFW if you click

People calling a federal phone number to order duck stamps are instead greeted by a phone-sex line, due to a printing error the government says would be too expensive to correct.

The carrier card for the duck stamp transposes two numbers, so instead of listing 1-800-782-6724, it lists 1-800-872-6724. The first number spells out 1-800-STAMP24, while the second number spells out 1-800-TRAMP24.

People calling that second number are welcomed by “Intimate Connections” and enticed by a husky female voice to “talk only to the girls that turn you on,” for $1.99 a minute.

Duck stamps, which cost $15 apiece, are required to hunt migratory waterfowl. The government uses nearly all the revenue to purchase waterfowl habitat for the National Wildlife Refuge System. In 2006-2007, the latest figures available, duck stamp purchases brought in nearly $22 million…

The agency first learned of the mistake a few days ago, when a duck stamp owner informed them about the glitch. Levin said the agency has not received any complaints.

Sounds like most of the duck hunters who got the wrong number found the experience pleasurable enough – and didn’t see any need to complain.