23 August 2017
Visit http://response.ncr.com

FIX applications open to attack - report

10 July 2007  |  5100 views  |  0 Security/Risk

Security vulnerabilities in the Financial Information Exchange (FIX) protocol have left many automated trading applications at banks open to hack attacks, according to New York-based Matasano Security.

Since its establishment in 1992 as a communications framework for equity trading between Fidelity Investments and Salomon Brothers, FIX has become the messaging standard for pre-trade and trade communication globally within the equity markets.

But in an article on security Web site Dark Reading, Matasano CEO David Goldsmith argues that the FIX standard wasn't built for security and applications supporting the protocol can be affected by electronic eavesdropping as well as denial-of-service, session hijacking and man-in-the middle attacks.

Goldsmith says the FIX has no session-layer encryption built into it, which makes it difficult to encrypt sessions, so most companies use external devices like VPNs with an SSL overlay, or SSH tunnels over ther Internet.

Goldsmith points out that many FIX-enabled financial systems don't use passwords because they were originally built for use internally rather than over the Internet and the applications are mostly written in C and C++ code that isn't always well audited. Furthermore, he argues, the protocol hasn't been well served by security tools, and isn't generally supported by intrusion detection systems or vulnerability scanners

Goldsmith says companies can help protect their systems with firewalls and external session-layer encryption.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift to move SwiftNet FIX customers to third-party service

Swift to move SwiftNet FIX customers to third-party service

09 March 2007  |  6028 views  |  0 comments
FPL releases FIX 5.0

FPL releases FIX 5.0

05 January 2007  |  5176 views  |  0 comments
Support and version control key to FIX expansion

Support and version control key to FIX expansion

09 December 2005  |  9473 views  |  0 comments
FIX Protocol pulls out of Swift messaging pact

FIX Protocol pulls out of Swift messaging pact

01 December 2005  |  12887 views  |  0 comments
ICMA drafts FIX standard for fixed income new issues

ICMA drafts FIX standard for fixed income new issues

18 November 2005  |  5585 views  |  0 comments
Bear Stearns teams with Charles River to deliver FX trading via FIX

Bear Stearns teams with Charles River to deliver FX trading via FIX

25 August 2005  |  6634 views  |  0 comments
South African bond market begins shift to FIX

South African bond market begins shift to FIX

01 June 2004  |  3424 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.niceactimize.comvisit www.worldpaymentsreport.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
12795 views comments | 27 tweets | 23 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
11407 views comments | 22 tweets | 34 linkedin
Australia regulates digital currenciesAustralia regulates digital currencies
10583 views comments | 21 tweets | 35 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
10520 views comments | 10 tweets | 8 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
10467 views 0 | 6 tweets | 1 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job