Fannie Mae Logic Bomb Would Have Caused Weeklong Shutdown (opens in new tab)

(blog.wired.com)

28 pointsalbertni17y ago22 comments

22 comments

13 comments · 6 top-level

sh1mmer17y ago· 2 in thread

I'm curious if Wired's account is to be taken as the literal truth (I know, bear with me). Why is someone being fired for a single scripting error? What the hell is QA for?

More-over how stupid does Fanny Mae management be to fire someone who can write and deploy logic bomb that meticulous in half a day? Let alone let any of their staff have that level of data center access.

I'm sure we aren't seeing the full picture here.

rbanffy17y ago

"More-over how stupid does Fanny Mae management be to fire someone who can write and deploy logic bomb that meticulous in half a day? Let alone let any of their staff have that level of data center access."

Among their lack of oversight problems, this seems to be one of the smallest.

sh1mmer17y ago

Or management oversights is symptomatic of Fanny Mae generally.

rudyfink17y ago· 2 in thread

In a bit of a shadow of Office Space, the alleged bomb planter's employer was named OmniTech.

anonemouse17y ago

I wonder if the reporter meant OmniTI, http://omniti.com/.

ngvrnd17y ago

Damn. You beat me to it.

mixmax17y ago· 2 in thread

This shows how fragile large systems really are.

palish17y ago

If a grumpy Google engineer managed to cause their Chubby service (synchronized file write service) to start corrupting random files, then that might have a big impact on the integrity of end-user data.

My point is, even a well-designed system is vulnerable when someone has access to its internals. Give me a system and a day, and I could probably think of a few subtle (or not-so-subtle) ways to break it for the purpose of inflicting damage.

dasil00317y ago

And as long as you don't rely on security-by-pageful-of-blank-lines, you just may get away with it too!

1 more reply

johns17y ago· 1 in thread

"Despite Makwana's termination, Makwana's computer access was not immediately terminated"

Wow.

ramchip17y ago

I don't find it that surprising... usually you'd hire people you can trust in the first place. And the guy might want to pick up his stray files before leaving. It sounds harsh to me to cut off everything before even talking to the guy.

metaguri17y ago

This is why when an investment bank fires a trader, the security guard is there to pick him up after the meeting with his boss ends.

They mail you the stuff from your desk in boxes.

tptacek17y ago

You know, the really nasty attackers aren't going to waste time overwriting data with zeroes.

j / k navigate · click thread line to collapse