Security from the inside out

If you are designing a system that handles other people’s money, you should make sure it is secure from attack. Not only from the outside, but also from the inside. And, in case your security measures fail, you should have a way to audit the changes made.

Evidently, the maker’s of a Autotote, a track betting system, didn’t know this. One of their SysAdmin’s managed to make his friend’s bets worth $3 million. They are going to get away with it becaue there was no evidence. He changed their bets on the system to a winning bet before they cashed their ticket, but there is no evidence of the change, so they get to keep the cash and there will likely be no jail time.

The System Administrator lost his job, but I’m thinking he doesn’t care.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.