I always wondered that! I assume they had a "ground truth" financial order book somewhere (which presumably was held to much higher standards of correctness) and that the support staff manually verified their balance.
But ... that logic doesn't work if you chase down the implications. And sadly I was both too shocked and too young to press my coworker for details. (He was a cool older fellow who seemed as amused with the craziness.)
Eventually I became a pentester at Matasano. During my one-year stint, I was parachuted into around 70 codebases. I got to see first-hand that Scottrade wasn't an outlier; they were the average. Most companies have similar WTFs, and the codebases are just as onerous.
The world is held together with duct-tape. That's why pentesting is so crucial.
But ... that logic doesn't work if you chase down the implications. And sadly I was both too shocked and too young to press my coworker for details. (He was a cool older fellow who seemed as amused with the craziness.)
Eventually I became a pentester at Matasano. During my one-year stint, I was parachuted into around 70 codebases. I got to see first-hand that Scottrade wasn't an outlier; they were the average. Most companies have similar WTFs, and the codebases are just as onerous.
The world is held together with duct-tape. That's why pentesting is so crucial.