News Web Server Security Phishing Database Security Application Server Security Library Vulnerability Archive Secure Development Web Services Pen Test AJAX Application Firewalls
Main -> Internet Security News
TOPIC'S
Advertising
Old News
About
Resume
Contact
FAQ
Irc
Links
Articles
Translate
Interviews
Commentary
Books
Demos
Papers
Downloads
Advisories
Contributions
Security Services
Submit News
Syndicated News


Hosting generously provided by
www.mv.com




Pick Your Language


Hacking Capitalism: electronic financial trading
Posted 07/9/07 by Robert

"You'd think electronic financial trading would be extra secure, but not so much: One of the most popular application-layer protocols in the financial industry leaves these money applications wide open to attack, according to researchers.

The application-layer FIX (financial information exchange) protocol is used by financial services firms, stock exchanges, and investment banks for automated financial trading. But apps written to the protocol can be vulnerable to denial-of-service, session hijacking, and man-in-the middle attacks over the Internet, as well as an attacker actually able to "watch" the transactions, says David Goldsmith, CEO of Matasano Security, who will present the firm's new research on FIX at the upcoming Black Hat USA briefings later this month.

Goldsmith says he can't divulge details on the specific vulnerabilities Matasano found in applications deploying FIX, as well as other financial industry-specific protocols, but the bottom line is that these protocols weren't built with security in mind. "For the most part, when you look under the hood of these protocols, we find almost no means of security," he says. The FIX spec, for instance, barely touches on how to secure data as it travels over the Internet. "

Article Link: http://www.darkreading.com/document.asp?doc_id=128474
Link to this Story: Hacking Capitalism: electronic financial trading
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed
Discuss this article    Find Related Stories



External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000.
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
Website Security Web Application Security solid state drives ebay cd players camera lens deals buy macbook air not work safe software security canon camera deals


Popular Links By Subject

Sponsored Link (Advertise)


Subscribe to CGISecurity.com



The Web Security Mailing List
  • Re: [WEB SECURITY] Paper draft: Enough With Default Allow in Web Applications!
  • Re: [WEB SECURITY] Nice little XSS trick
  • [WEB SECURITY] Security Vacation Guide
  • [WEB SECURITY] Lateral SQL Injection Revisited - No Special Privs Required
  • Re: [WEB SECURITY] ActivePerl
  • [WEB SECURITY] cross site trace
  • [WEB SECURITY] Web Application Security Professionals Survey (July 2008)
  • Re: [WEB SECURITY] cross site trace
  • Re: [WEB SECURITY] cross site trace
  • Re: [WEB SECURITY] cross site trace

    • Contact us
    Post News, get linkage!

    Name

    Email or Homepage:

    Subject

    Finish the word below: deadb33f

    Body