rcd@opus.UUCP (05/05/84)
One of the reasons I'm down on leaning hard on people who crack insecure
computer systems relates to an incident many years back at CU:
A friend was working under a work-study program with a research group. He
had to turn in time cards each week or so. Noticing that the card was
punched, and having just learned about punched-card interpreters (see, I
told you it was long ago), he reproduced the card and interpreted it. He
found his hourly wage punched in the card. He thought about it a bit and
got curious - why was the data there? He took a piece of chad and used it
to fill in the digit in the $.01 position, then punched a new hole so as to
indicate a wage of $.01/hour more, and turned in the card.
He was paid at the higher rate - but imagine his surprise when he found
that the next time card issued to him was at the increased wage! After he
found this, he REPORTED it to the payroll folk. Result: he was out of work
study for a while, eventually ended back but in a different organization.
And, you guessed it, the payroll system stayed as it was.
Now, to my mind, his offense amounts to stealing an amount of money equal
to $.01 x (hours worked after "raise") - probably less than $1. On the
other hand, the moron(s) who did the payroll system committed the offense
of allowing the potential of stealing large sums of money from the
work/study program - roughly equivalent to going home from work at night
leaving the front door unlocked and the safe open.
--
...Relax...don't worry...have a homebrew. Dick Dunn
{hao,ucbvax,allegra}!nbires!rcd (303) 444-5710 x3086