{"id":17103,"date":"2019-12-05T04:30:03","date_gmt":"2019-12-05T12:30:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/12\/05\/news-10839\/"},"modified":"2019-12-05T04:30:03","modified_gmt":"2019-12-05T12:30:03","slug":"news-10839","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/12\/05\/news-10839\/","title":{"rendered":"Throwback Thursday: Bank error in your favor, collect $100,000"},"content":{"rendered":"

<\/p>\n

Credit to Author: Sharky| Date: Thu, 05 Dec 2019 03:00:00 -0800<\/strong><\/p>\n

It\u2019s the late 1980s, and this pilot fish is working as a teller at small suburban bank with a few branches.<\/p>\n

\u201cAutomation is catching on, but slowly,\u201d says fish. \u201cWe have terminals to process deposits, withdrawals and money orders \u2014 but at the end of the day, the branch manager still takes our totals and enters them into a handwritten ledger.\u201d<\/p>\n

The terminals use a text-based menu for everything, but for some operations that require a manager\u2019s approval \u2014 say, printing a cashier’s check \u2014 the manager must walk over, hold down an override key and type in a password to let the teller access the check-printing menu.<\/p>\n

Fish notices that the console beeps now and then during the password process. But it doesn\u2019t happen every time, and there\u2019s no pattern he can detect.<\/p>\n

So on a slow day, with no one in line, fish tries holding down the override key and pressing another key at random.<\/p>\n

The terminal beeps.<\/p>\n

\u201cI go through the alphabet,\u201d fish says. \u201cOn S, it doesn\u2019t beep.<\/p>\n

\u201cI blink. Is the security system so brain-dead that it actually warns you when you\u2019re mistyping the override password?\u201d<\/p>\n

He repeats the process. On SA, SB, SC and so on through the alphabet, there are beeps. But on SU, no beeps.<\/p>\n

Fish already has a pretty good idea what the override password is. He goes to the check-printing screen, holds down the override key and types \u201cSUPERVISOR.\u201d<\/p>\n

No beeps \u2014 and he\u2019s in.<\/p>\n

Then fish feeds an ordinary piece of paper (instead of a blank check) into the printer next to his terminal, and prints out a \u201ccheck\u201d for $100,000.<\/p>\n

He shows it to his manager. Manager just grimaces and says, \u201cDon\u2019t do that again.\u201d<\/p>\n

Says fish, \u201cI worked there for two years, and that password never changed.<\/p>\n

\u201cWhen I later became a sysadmin, I instituted strict password policies back when it was still common to have your username and password be the same. Whenever I got pushback \u2014 \u2018Why are you being so difficult about passwords?\u2019 \u2014 I\u2019d tell the story of my $100,000 check, and ask how much they could afford to lose because of a lax password policy.<\/p>\n

\u201cThat won the argument every time.\u201d<\/p>\n

You\u2019ll never guess Sharky\u2019s pA$$w0rd.<\/strong> Send me your true tales of IT life at sharky@computerworld.com<\/a>. You can also subscribe to the Daily Shark Newsletter<\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Sharky| Date: Thu, 05 Dec 2019 03:00:00 -0800<\/strong><\/p>\n

\n
\n

It\u2019s the late 1980s, and this pilot fish is working as a teller at small suburban bank with a few branches.<\/p>\n

\u201cAutomation is catching on, but slowly,\u201d says fish. \u201cWe have terminals to process deposits, withdrawals and money orders \u2014 but at the end of the day, the branch manager still takes our totals and enters them into a handwritten ledger.\u201d<\/p>\n

The terminals use a text-based menu for everything, but for some operations that require a manager\u2019s approval \u2014 say, printing a cashier’s check \u2014 the manager must walk over, hold down an override key and type in a password to let the teller access the check-printing menu.<\/p>\n

Fish notices that the console beeps now and then during the password process. But it doesn\u2019t happen every time, and there\u2019s no pattern he can detect.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-17103","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17103"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17103\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17103"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}