rcd@opus.UUCP (05/05/84)
One of the reasons I'm down on leaning hard on people who crack insecure computer systems relates to an incident many years back at CU: A friend was working under a work-study program with a research group. He had to turn in time cards each week or so. Noticing that the card was punched, and having just learned about punched-card interpreters (see, I told you it was long ago), he reproduced the card and interpreted it. He found his hourly wage punched in the card. He thought about it a bit and got curious - why was the data there? He took a piece of chad and used it to fill in the digit in the $.01 position, then punched a new hole so as to indicate a wage of $.01/hour more, and turned in the card. He was paid at the higher rate - but imagine his surprise when he found that the next time card issued to him was at the increased wage! After he found this, he REPORTED it to the payroll folk. Result: he was out of work study for a while, eventually ended back but in a different organization. And, you guessed it, the payroll system stayed as it was. Now, to my mind, his offense amounts to stealing an amount of money equal to $.01 x (hours worked after "raise") - probably less than $1. On the other hand, the moron(s) who did the payroll system committed the offense of allowing the potential of stealing large sums of money from the work/study program - roughly equivalent to going home from work at night leaving the front door unlocked and the safe open. -- ...Relax...don't worry...have a homebrew. Dick Dunn {hao,ucbvax,allegra}!nbires!rcd (303) 444-5710 x3086