Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Strategies & Market Trends : The Epic American Credit and Bond Bubble Laboratory -- Ignore unavailable to you. Want to Upgrade?

To: Skywatcher who wrote (34084)	6/7/2005 2:13:12 PM
From: Knighty Tin	Read Replies (1) \| Respond to of 110194

What the hey, we're all lying to get the loans, anyway, so the data isn't any good.

To: Skywatcher who wrote (34084)	6/7/2005 3:20:20 PM
From: mishedlo	Read Replies (1) \| Respond to of 110194

When I worked at First National Bank of Chicago, Later merged with Bank One, a decision was made to outsource the entire operation to FDC. I can tell you flat out you would be amazed at the code FDC was running. A single program of 1 million lines of Cobol code ran practically their entire operation. Perhaps that has changed now but somehow I doubt it. Anway their encryption algorythms were so slow they wanted us to send the a file of accounts and unencrypted PIN numbers. We are talking 10 million plastics along with PIN numbers and other sensitive info. Bank One would not agree so it did not go out like that. But FDC F'd up one of the conversions and people got the wrong PIN numbers. I had to prove it was their fault not ours. I wrote most of our encryption code. It was a call to an IBM "black box" really with various routines such as assign a pin, change a pin, verify a pin, authorize a pin coming in over a terminal etc. I really knew how all of that worked. I had to beause I wrote it. I did not know the master codes, but at one point I had to prove the codes we had locked up in the master vault were not the correct ones! They wanted me to prove that to them on the test system. Sorry, not possible. In fact, it turned out the codes in the matser vault were the codes for the test system and not production. I forget where they found the real codes, but eventually they entered by someone into the black box (that took 3 keys I think, two to the black box itself) were stored away. There are two sets of numbers. One person enetered one set, and another person entered the second set. I genererated production PINS for people and they verified their PIN numbers so we now knew the right set was in the vault. Obviously the right set was in the black box, but they did not match what was in the safe. Given access to production (to fix problems or whatever) I could get anyone's PIN number I wanted. I could easily have written out a file for "my own purposes" of every acct/pin number combination that we had. I was a consultant. There was one person high up in the organization that kept asking about me. Wanted to know if I was fingerprinted. He did not like the fact that I was an outside conultant with all that knowlege. Actually I was the only person that I know that was in fact never fingerprinted when I was hired. How much would a file of plastics together with their PIN number for every account at Bank One be worth on the open market? My reckoning is that I would have been killed for it. Mish

To: Skywatcher who wrote (34084)	6/7/2005 4:41:02 PM
From: patron_anejo_por_favor	Read Replies (2) \| Respond to of 110194

>> didn't blame the bank or UPS...but the fact is...there are so many damn holes in the system ready to be attacked that there is little real security<< There was a guy on CNN last night (Frank Abignail, an expert in identity theft) who said much the same thing. He said the only real protection you have is to use a credit monitoring service that will notify you in real time if your credit is being accessed. He said that it's virtually impossible to defend your identity because so much of the information is in the public domain (although thefts of large amount of information, as with the Citigroup fiasco doubtless makes it much easier for the crooks).