VIGNETTE "Trading Scandal at Societe Generale"
Questions
To Consider:
1.
Peter Gumble, European Editor for Fortune
magazine, comments, “Kerviel is a stunning example of a trader breaking the
rules, but he’s by no means alone. One of the dirty little secrets of trading
floors around the world is that every so often, somebody is caught concealing a
position and is quickly – and quietly – dismissed… This might be shocking for
people unfamiliar with the macho, high – risk, high – reward culture of most
trading floors, but consider this: the only way banks can tell who will turn
into a good trader and who won’t is by giving every youngster it hires a chance
who show his mettle. That means allowing even the most junior traders
to take aggressive positions. This leeway is supposed to be matched by careful
controls, but clearly they aren’t foolproof.” What is your reaction to this
statement by Mr. Gumble?
Ans: I agree
about the statement of Mr. Peter Gumble, because the only way banks can tell
who will turn into a good trader and who won’t by giving every youngster it
hires a chance to show his mettle. That means allowing even the most junior
traders to take aggressive positions. That this leeway is supposed to be
matched by careful controls, but clearly they aren’t foolproof.
2.
What explanation can there be for the failure of
SocGen’s internal control system to detect Kerviel’s transactions while Eurex
detected many suspicious transactions?
Ans: For me, the failure of SocGen’s is lack of
security.
Case Study #3 (Whistle
– Blower Divides IT Security Community)
Discussion Questions:
1.
Do you think that Mike Lynn acted in a
responsible manner? Why or why not?
Ans: Yes, Mike Lynn
is a responsible because she did her best to prevent any problem not only in
our company also or our country. That’s
why Lynn informed ISS and CISCO of his intentions.
2.
Do you think that Cisco and ISS where right to
pull the plug on Lynn’s presentation at the Black Hat conference? Why or why
not?
Ans: Yes, because a black hat is a company
that provides IT security consulting, briefings, and training it means that be
aware for what could be happened. During the DEFCON conference, which followed
the Black Hat conference, hackers worked late into the night trying to find the
flaw.
3.
Outline a more reasonable approach toward
communicating the flaw in the Cisco routers that would have led to the problem
being promptly addressed without stirring up animosity among the parties
involved.
Ans: I guess we can wrap up the Cisco and ISS vs.
Mike Lynn and Black Hat saga by mentioning the new Cisco security advisory released
today: IPv6 Crafted Packet Vulnerability, which
states:
"(IOS) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation."
Assuming these details is correct and who knows now? This is not an earth-shattering discovery. However, this may have been a sample vulnerability Mike demonstrated to explain his technique. He may have picked this vulnerability because he thought it would not affect much of the Internet, but he needed to let people know that his technique was already in use by malicious parties.
Link:
http://taosecurity.blogspot.com/2005/07/new-cisco-advisory-and-statements-i.html
No comments:
Post a Comment