You might like

12 Responses to Dozing bank clerk turns €64 into €22 million - and teaches us all a security lesson!

  1. I always use a different browser for my banking than the one I use for games, etc. For banking, I start that browser, log in, do whatever transaction I have in mind, then log out and close that browser that is set to delete cookies on exit. I simply feel safer that way!

    • Paul Ducklin · 467 days ago

      Just don't forget to keep both browsers up-to-date :-)

      FWIW, I do much the same as you, for the same reason. If the only cookies/web storage objects in the browser are the ones set by the website you're transacting with, then...as you say...you simply feel safer that way!

      I also ensure that Flash is *off* in any browser I use for online transactions, so that I don't have to worry about Flash "cookies", either, which are managed separately from the other cookies in the browser...and I don't have Java in any browser...I simply feel safer that way!

      • Spryte · 467 days ago

        If your browser does not delete Flash cookies there is a third party application that does.
        Also for Windows users, do not forget to delete Silverlight cookies if you have it installed (similar to Flash cookies).
        You have to do it from All Programs > Silverlight.

    • Anonymous · 466 days ago

      Yes, and don't forget that you can use the new feature of private session in the latest version of the browsers, such as InPrivate Browsing on IE, Incognito mode on Chrome, etc, or IE with no add-ons.

  2. Akumetsu · 467 days ago

    On the "I'm tired = keypress" thing, I can actually kind of relate. When I'm feeling knackered and I'm using the mouse, my rifght hand ringfinger will pack it in, inadvertently executing a right-click. In fact, if I'm really tired, it will happen to the point I'm actually cursing my hand, so there's that.

    Decimal points. I worked at a place that had spreadsheet software to ease the end of day cash close. It was programmed to put a decimal before the last two digits of any figure ONLY. The rest of the sum would have the comma where it should go in each case, so that's a matter of software programming, really.

    • Paul Ducklin · 467 days ago

      But...what happened to the six and the four?

      I took into account that the software might require entry in cents, dividing by 100 later one. But did your spreadsheet bump out the most significant digits when the field got full? Or did it simply stop accepting more input?

      • Tobias H. · 467 days ago

        In german news the number mentioned actually is EUR 222,222,222.22 so it's even more likely that all available fields in the form just got filled with 2's and the existing numbers got pushed out or were overwritten.

        Apparently the dozing clerk wasn't even in charge of checking the amount of the transaction so it's strange that he had editing permission for that field in the first place.

        Just glad that at least someone felt responsible to check a 222 million transfer again the next day.

      • Machin Shin · 467 days ago

        Would be really kind of strange and sloppy for bank software, but I could easily see a large number like say 64 followed by three hundred 2s getting pruned by the software. This would mean in this case though that the software could only handle a transaction up to 99,999,999.99.

  3. I've certainly done the nodded off and had the key auto repeat on me, but I've always noticed it immediately afterwards.

  4. "Apparently, the clerk was typing in an amount of 64 Euros and 20 cents" is just an interpretation of someone trying to explain the event, so you don't have to debunk that (the 64,222,222,222 argument).

    There's several other possible reasons: a crumb fell into the keyboard and temporary made the key stick, a book or stack of papers was moved and its corner landed on the keyboard for a moment, etc. Those could explain the keyboard buffer not filling to capacity.

    • Paul Ducklin · 467 days ago

      Just to clarify, the claims that he was entering a figure of EUR64.20, and that it ended up as 22,222,222.22 because he "nodded off", are specific details in the London Standard piece. And it's partly the curious detail in that particular version of the story that this article is about :-)

      • Hugo Köncke · 467 days ago

        Yes, I agree with Paul. What happened to the six and the four? Were they left-shifted until they "fell from the entry field"?? If this was so, it shows a damn-too-poor banking software.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog