Chapter 3
VIGNETTE
Trading Scandal At Societe Generale
1.) Peter Gumble, European editor for Fortune
magazine, comments, "Kerviel is a stunning example of a trader breaking
the rules, but he's by no means alone. One of the dirty little secrets of
trading floors around the world is that every so often, somebody is caught
concealing a position and is quickly - and quietly - dismissed... [This] might
be shocking for people unfamiliar with the macho, high-risk, high-reward
culture of most trading floors, but consider this: the only way banks can tell
who will turn into a good trader and who even the most junior traders to take
aggressive positions. This leeway is supposed to be matched by careful
controls, but clearly they aren't foolproof." What is your reaction to
this statement by Mr. Gumble?
Ans:
Many traders severely reduce their accounts because they don't apply
discipline to their trading. If you're a novice trader, it is essential for
your survival that you focus on learning how to trade with discipline. When
first starting to trade, you need to manage risk and to trade a well defined
trading plan with clearly specified entry and exit strategies. You need a
detailed risk management plan and a detailed money management plan. No building
is built without a plan. Why would you attempt to trade without a detailed
trading plan? Often the reason is that novice traders want to believe that a
charting program or a trading program in itself will give them unlimited money.( http://mywealthyedge.com)
2.) What explanation can
there be for the failure of SocGen's internal control system to detect
Kerviel's transactions while Eurex detected many suspicious transactions?
Ans:
Jérôme
Kerviel declared that he began to take bets on the market in 2005. He used to
take genuine directional positions and created fictitious hedges, buying
securities and warrants with deferred start dates and futures with a
counterparty that did not require instant confirmation. Using other employees’
access details, he was able to later delete trades from Société Générale’s
system, leaving him with massive exposures, but fooling the monitoring tools
into thinking that his portfolio was relatively flat. An internal investigation,
the Mission Green, commissioned by the bank showed it had failed to follow up
on at least 75 warnings on Jérôme Kerviel’s positions. In November 2007 Eurex,
the derivatives exchange, stressed that Jérôme Kerviel Kerviel’s positions
showed some irregularities. The Mission Green report stated that compliance and
the trader’s managers “were satisfied, without verification, with the trader’s
explanations, in contradiction to Eurex’s assertions.”( http://www.hg.org)
Case 3: Whistle-Blower Divide IT Security
Community
1.)Do you think that Mike Lynn acted in a
responsible manner? Why or why not?
Ans:
the
motivation behind this is to expose inappropriate, unsafe, criminal or
unethical activities that are being hidden from the public. Historically, the
reasons for whistleblowing revolved around ethical foundations, but these days
there is also a lot of money involved in the process.( http://www.trilightzone.org)
2.)Do
you think that Cisco and ISS were right to pull the plug on Lynn’s presentation
at the
Black Hat conference? Why or why not?
Black Hat conference? Why or why not?
Ans:
No, because what they did is very unethical, they did not respect Lynn. They automatically
jumped into a decision w/o knowing that Lynn’s presentation might give a
big help to them.
3.) Outline a more reasonable approach toward
communicating the flaw in the Cisco routers that
would have led to the problem being promptly addressed without stirring up animosity among
the parties involved.
would have led to the problem being promptly addressed without stirring up animosity among
the parties involved.
Ans:
"(IOS) Software is vulnerable to a Denial of Service (DoS) and
potentially an arbitrary code execution attack from a specifically crafted IPv6
packet. The packet must be sent from a local network segment. Only devices that
have been explicitly configured to process IPv6 traffic are affected. Upon
successful exploitation, the device may reload or be open to further
exploitation."
Assuming these details is correct and who knows now? This is not an earth-shattering discovery. However, this may have been a sample vulnerability Mike demonstrated to explain his technique. He may have picked this vulnerability because he thought it would not affect much of the Internet, but he needed to let people know that his technique was already in use by malicious parties.
Assuming these details is correct and who knows now? This is not an earth-shattering discovery. However, this may have been a sample vulnerability Mike demonstrated to explain his technique. He may have picked this vulnerability because he thought it would not affect much of the Internet, but he needed to let people know that his technique was already in use by malicious parties.
Link:
http://taosecurity.blogspot.com/2005/07/new-cisco-advisory-and-statements-i.html
No comments:
Post a Comment