19 October 2017

FIX applications open to attack - report

10 July 2007  |  5151 views  |  0 Security/Risk

Security vulnerabilities in the Financial Information Exchange (FIX) protocol have left many automated trading applications at banks open to hack attacks, according to New York-based Matasano Security.

Since its establishment in 1992 as a communications framework for equity trading between Fidelity Investments and Salomon Brothers, FIX has become the messaging standard for pre-trade and trade communication globally within the equity markets.

But in an article on security Web site Dark Reading, Matasano CEO David Goldsmith argues that the FIX standard wasn't built for security and applications supporting the protocol can be affected by electronic eavesdropping as well as denial-of-service, session hijacking and man-in-the middle attacks.

Goldsmith says the FIX has no session-layer encryption built into it, which makes it difficult to encrypt sessions, so most companies use external devices like VPNs with an SSL overlay, or SSH tunnels over ther Internet.

Goldsmith points out that many FIX-enabled financial systems don't use passwords because they were originally built for use internally rather than over the Internet and the applications are mostly written in C and C++ code that isn't always well audited. Furthermore, he argues, the protocol hasn't been well served by security tools, and isn't generally supported by intrusion detection systems or vulnerability scanners

Goldsmith says companies can help protect their systems with firewalls and external session-layer encryption.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift to move SwiftNet FIX customers to third-party service

Swift to move SwiftNet FIX customers to third-party service

09 March 2007  |  6077 views  |  0 comments
FPL releases FIX 5.0

FPL releases FIX 5.0

05 January 2007  |  5216 views  |  0 comments
Support and version control key to FIX expansion

Support and version control key to FIX expansion

09 December 2005  |  9537 views  |  0 comments
FIX Protocol pulls out of Swift messaging pact

FIX Protocol pulls out of Swift messaging pact

01 December 2005  |  12923 views  |  0 comments
ICMA drafts FIX standard for fixed income new issues

ICMA drafts FIX standard for fixed income new issues

18 November 2005  |  5627 views  |  0 comments
Bear Stearns teams with Charles River to deliver FX trading via FIX

Bear Stearns teams with Charles River to deliver FX trading via FIX

25 August 2005  |  6672 views  |  0 comments
South African bond market begins shift to FIX

South African bond market begins shift to FIX

01 June 2004  |  3455 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.capgemini.comvisit www.fivedegrees.nlRegister now

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15814 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8953 views comments | 16 tweets | 22 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8050 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7146 views comments | 9 tweets | 17 linkedin
Santander InnoVentures leads $6m funding round for Mexico's ePesosSantander InnoVentures leads $6m funding r...
6287 views comments | 6 tweets | 3 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job