Bank error in your favor, collect $100,000

It's the late 1980s, and this pilot fish is working as a teller at small suburban bank with a few branches.

"Automation is catching on, but slowly," says fish. "We have terminals to process deposits, withdrawals and money orders -- but at the end of the day, the branch manager still takes our totals and enters them into a handwritten ledger."

The terminals use a text-based menu for everything, but for some operations that require a manager's approval -- say, printing a cashier's check -- the manager must walk over, hold down an override key and type in a password to let the teller access the check-printing menu.

Fish notices that the console beeps now and then during the password process. But it doesn't happen every time, and there's no pattern he can detect.

So on a slow day, with no one in line, fish tries holding down the override key and pressing another key at random.

The terminal beeps.

"I go through the alphabet," fish says. "On S, it doesn't beep.

"I blink. Is the security system so brain-dead that it actually warns you when you're mistyping the override password?"

He repeats the process. On SA, SB, SC and so on through the alphabet, there are beeps. But on SU, no beeps.

Fish has a pretty good idea what the override password is. He goes to the check-printing screen, holds down the override key and types "SUPERVISOR."

No beeps -- and he's in.

Then fish feeds an ordinary piece of paper (instead of a blank check) into the printer next to his terminal, and prints out a "check" for $100,000.

He shows it to his manager. Manager just grimaces and says, "Don't do that again."

Says fish, "I worked there for two years, and that password never changed.

"When I later became a sysadmin, I instituted strict password policies back when it was still common to have your username and password be the same. Whenever I got pushback -- 'Why are you being so difficult about passwords?' — I'd tell the story of my $100,000 check, and ask how much they could afford to lose because of a lax password policy.

"That won the argument every time."

Sharky's policy is to tell the best true tales of IT life I can find. Send me yours at sharky@computerworld.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Now you can post your own stories of IT ridiculousness at Shark Bait. Join today and vent your IT frustrations to people who've been there, done that.

Copyright © 2009 IDG Communications, Inc.

8 simple ways to clean data with Excel
  
Shop Tech Products at Amazon