12 December 2017
visit www.solutions.lexisnexis.com

FIX applications open to attack - report

10 July 2007  |  5174 views  |  0 Security/Risk

Security vulnerabilities in the Financial Information Exchange (FIX) protocol have left many automated trading applications at banks open to hack attacks, according to New York-based Matasano Security.

Since its establishment in 1992 as a communications framework for equity trading between Fidelity Investments and Salomon Brothers, FIX has become the messaging standard for pre-trade and trade communication globally within the equity markets.

But in an article on security Web site Dark Reading, Matasano CEO David Goldsmith argues that the FIX standard wasn't built for security and applications supporting the protocol can be affected by electronic eavesdropping as well as denial-of-service, session hijacking and man-in-the middle attacks.

Goldsmith says the FIX has no session-layer encryption built into it, which makes it difficult to encrypt sessions, so most companies use external devices like VPNs with an SSL overlay, or SSH tunnels over ther Internet.

Goldsmith points out that many FIX-enabled financial systems don't use passwords because they were originally built for use internally rather than over the Internet and the applications are mostly written in C and C++ code that isn't always well audited. Furthermore, he argues, the protocol hasn't been well served by security tools, and isn't generally supported by intrusion detection systems or vulnerability scanners

Goldsmith says companies can help protect their systems with firewalls and external session-layer encryption.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift to move SwiftNet FIX customers to third-party service

Swift to move SwiftNet FIX customers to third-party service

09 March 2007  |  6109 views  |  0 comments
FPL releases FIX 5.0

FPL releases FIX 5.0

05 January 2007  |  5230 views  |  0 comments
Support and version control key to FIX expansion

Support and version control key to FIX expansion

09 December 2005  |  9558 views  |  0 comments
FIX Protocol pulls out of Swift messaging pact

FIX Protocol pulls out of Swift messaging pact

01 December 2005  |  12947 views  |  0 comments
ICMA drafts FIX standard for fixed income new issues

ICMA drafts FIX standard for fixed income new issues

18 November 2005  |  5648 views  |  0 comments
Bear Stearns teams with Charles River to deliver FX trading via FIX

Bear Stearns teams with Charles River to deliver FX trading via FIX

25 August 2005  |  6688 views  |  0 comments
South African bond market begins shift to FIX

South African bond market begins shift to FIX

01 June 2004  |  3470 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.response.ncr.comvisit www.atos.netvisit www.aciworldwide.com

Who is commenting?

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18668 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11583 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
8110 views comments | 15 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6869 views comments | 8 tweets | 17 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
6244 views comments | 19 tweets | 10 linkedin

Featured job

Competitive
Germany, Austria or Switzerland

Find your next job