FIX attacks. As a financial firm, we are heavily reliant upon the FIX (Financial Information eXchange) protocol for buy-side trade execution. Security researchers have identified several concerns with the FIX protocol. The primary concern for my firm is trade errors and trade delays. Much of my security infrastructure relies upon data encryption, protocol filtering, and traffic isolation. All of these mechanisms come into play with the FIX network, as each connection must be isolated and each trading partner secured separately.
J Wolfgang Goerlich
http://www.darkreading.com/document.asp?doc_id=142127&page_number=5
https://www.blackhat.com/presentations/bh-usa-07/Goldsmith_and_Rauch/Presentation/bh-usa-07-goldsmith_and_rauch.pdf
(Thanks to Nathan Ouellette for the email on this issue.)
Posted by