May 11th, 2007
by Tim Cull
I recently read an article about how hackers from the Russian mob methodically staked out a Marshals, hacked into their weakly protected wifi network, and once in wandered into the corporate mothership network and stole at least 45 million credit card numbers. They were helped largely because:
–the wifi network was only lightly encrypted
–user names and passwords were being passed around in plain text over the network
–the credit cards were stored un-encrypted
–file transfers were done in the clear
–there was no dmz between the remote department stores and the corporate network
I remember a couple of years ago when my employer went through a dramatic tighening of security–mandating that all file transfers inside the company be done over SCP instead of FTP, all shell access over SSH instead of telnet, all passwords stored in encrypted files. We all gripped and grumbled because it made life harder. After all, if someone’s in our network we’ve got bigger troubles, right?
This story is a good reminder why it’s worth the effort. You really can’t rely on just one layer of protection when it comes to security.
Posted in Technology, Uncategorized | Comments Off
May 11th, 2007
by Tim Cull
I’ve worked in the financial sector for most of my career, but I’ve never really worked on a fixed income system till the project I’m on now. Neither had most of the other developers on our team, so our business analyst bought a bunch of books for us to learn, one of which was The Bond Book.
For someone who knows very little about fixed income, The Bond Book is a fantastic introduction. It’s neither too basic nor too technical. It tells you about all the mechanics of treasuries, corporate bonds, and mortgages. It introduces all the basic terminology and explains the basic problems a fixed income investor is trying to solve. My biggest takeaway was that the biggest risk in bonds isn’t the risk of default by the issuer, but rather dramatic changes in interest rates.
My one complaint was that it’s written for the individual investor and I want to understand the market from the point of a big institutional investor like my employer. But now that I’ve read The Bond Book, I can more easily move on to more technical books.
Posted in Book Review | Comments Off