[TUHS] Buffer overflow found/fixed in v4 tape ;)
Paul Winalski via TUHS
tuhs at tuhs.org
Tue Jan 6 04:40:59 AEST 2026
On Mon, Jan 5, 2026 at 1:14 PM Luther Johnson via TUHS <tuhs at tuhs.org>
wrote:
[regarding buffer overflow checking]
> I think in the beginning it just wasn't considered, that we had to
> protect against programs intentionally doing harm. Who would do that ?
> But now we know.
>
> With the good ole card-fed, raised floor mainframes, both the programs
being run and their inputs were generally under strict, centralized
control. Malicious code did still happen even then. Consider this story:
The audit department at one of Hartford's major insurance companies
received a phone call. It was from the head of the local BMW dealership.
He told them, "One of your IT workers just paid cash for a top-of-the-line
BMW. We thought you'd like to know that." It turns out that the IT worker
was the programmer responsible for maintaining the program that prints the
paychecks. The weekly pay calculation often yielded amounts in fractions
of pennies. These were either rounded up or down to the nearest cent. The
fractional pennies were tracked in an account called the breakage account.
This programmer had created a fake employee in the company's computer
records and had a check printed for that "person" containing the amount of
money in the breakage account. He had been doing this for some time and
had embezzled enough money to pay cash for a top-end Beemer.
Malicious programming has always been with us.
-Paul W.
More information about the TUHS
mailing list