Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

[Cyber-Security Awareness Series] The Fault In Our Code


Today was no different. Malvika got up in the morning, as usual, took a bath, got ready for office, packed her lunch and stepped out. However, Malvika had never imagined that her life would completely change when she stepped out from her home today. 

Malvika was a regular employee in the firm “ILoveITSoultions” with around 5+ years of experience. In fact, even though her experience was quite less in comparison to other developers, yet she was the go-getter which everyone went to for solutions. Having done her bachelors in engineering in the field of computers from a well-known college, Malvika had joined the firm in 2013 and had been the star performer ever since. Her claim to fame was around 2 years back when “ILoveITSoultions” bagged the prestigious multi-million-dollar project of digitizing the “BankWithUs” bank. 

The project was a difficult one from the start. “BankWithUs” wanted to get digitized in an extremely short period of time of around 4 months. It had legacy systems which had to be migrated to the latest web components. While everyone claimed this to be an impossible feat, Malvika stepped forward to lead the project. Her confidence was appreciated and responsibility for the project handed over.

While Malvika knew the enormity of the project, she realized it when she started working on that. The coding involved complex functions and modules to be developed. While other components were taken care of, the issue of multi-platform concurrency and transactional integrity was a pain point for everyone. In simpler terms, if a person conducts multiple transactions at the same time on an ATM, phone as well as online through net banking, integrity needs to be maintained so that a person cannot dupe the bank by withdrawing more than the amount present.

Other developers declared it impossible at that time, but Malvika came up with a solution to solve the issue at hand in the shortest time after 2 days. No one ever understood as to how Malvika did it, but guess the time had come for this mystery was about to unfold.


The Chaos

It was utter chaos when Malvika reached the office that day. “BankWithUs” officials had threatened legal action against the company. “The fault is in your code” claimed the Bank Officials. Everyone looked at Malvika for answers as she had designed the final piece of that Code. Malvika tried to pacify them and tried to understand the problem which the bank officials were facing. The bank claimed that there when a person logged through multiple platforms at the same time, a suspense account was automatically created by the software and a sum of 1024$ got deposited in that account. The sudden withdrawal of a total of million dollars from multiple such suspense accounts alerted the bank officials to this anomaly today.

Malvika’s worst fears had been realized. She understood what would have happened but still could not answer a single query. The fact was that she had not written that code. It was someone else's code.

Coding Ninja

Around 2 years back, when Malvika had given up the hope of solving the final piece of code related to the concurrency problem, she got an idea. “CodesForAll” was a budding social platform where coders from around gathered and solved problems together. You write your problem and people would give solutions to solve the issue at hand. Malvika decided to post the problem on the platform that day. While she gave up as no one responded to her till late evening, her hopes grew once again when an expert called “Coding Ninja” “poked” her. You see, “poking” her meant, sending a private message. Some coders like to be discreet. Malvika explained her the problem in detail.
“Coding Ninja” accepted the challenge and promised to send the code the next day. Malvika had solved the problem at last, though not in the right way.

“Coding Ninja”, however, did not keep his promise. He poked Malvika again and explained to her that problem was unsolvable. However, he could it a second try, if he had the complete code at his disposal. With timelines and deadlines racing, Malvika decided to take the plunge. She had not imagined that this plunge would drown her 2 years later.

Coding Ninja gave the code to Malvika the next day which Malvika had flaunted in her office. She did not know that the coder had coded the solution in such a way that every time such a concurrency issue was faced by the software, a new suspense account would be created. The amount of 1024 dollars was a mirage created as the equivalent of 1MB or 1024 bits to avoid detection by testing tools.

The End

Malvika was relieved of her duties immediately and a legal action was taken by both the firms. “ILoveITSoultions” was sued for the same million dollars as there was a fault in their code.

What should we do?

There are multiple forums which we utilize today to solve our coding problems. We Google up our problems to find an easy or already created code for the problem at hand. It may seem easy to copy, but you end like Malvika. It is always advisable not to share original code/client code on such platforms. Copying codes directly from such platforms and pasting in your applications should also be avoided.

What are your thoughts on this? Have you come across such situations?



This post first appeared on Learning Security With Mayur, please read the originial post: here

Share the post

[Cyber-Security Awareness Series] The Fault In Our Code

×

Subscribe to Learning Security With Mayur

Get updates delivered right to your inbox!

Thank you for your subscription

×