Jump to content

Financial News


jasonxctf

Recommended Posts

QUOTE (southsider2k5 @ Sep 22, 2017 -> 09:08 AM)
This is so much bigger than the Equifax hack, but is getting so much less publicity.

 

https://www.washingtonpost.com/news/busines...m=.e0dc5d9c955b

 

Curious, why do you think it's bigger? Just undermining confidence in the integrity of the market?

 

Equifax was felt so broadly, and we know that information could end up hurting a whole bunch of people through identity theft. The tangible acts of profiting off illegal info seems like it would affect a much more narrow group.

 

Link to comment
Share on other sites

QUOTE (bmags @ Sep 22, 2017 -> 09:14 AM)
Curious, why do you think it's bigger? Just undermining confidence in the integrity of the market?

 

Equifax was felt so broadly, and we know that information could end up hurting a whole bunch of people through identity theft. The tangible acts of profiting off illegal info seems like it would affect a much more narrow group.

 

Every single confidential filing required by the SEC is literally vulnerable with this attack. This is essentially getting the private information of every corporation out there.

Link to comment
Share on other sites

QUOTE (StrangeSox @ Sep 22, 2017 -> 09:17 AM)
What sort of information would be considered "nonpublic" that they'd have been able to get a hold of? The story is kinda vague on that.

 

Material Non-Public Information is a HUGE requirement of the SEC's and could be disastrous to pretty much any industry or company in the wrong hands at the wrong time.

Link to comment
Share on other sites

QUOTE (southsider2k5 @ Sep 22, 2017 -> 09:22 AM)
Material Non-Public Information is a HUGE requirement of the SEC's and could be disastrous to pretty much any industry or company in the wrong hands at the wrong time.

 

I'm confused by this:

"The system that was breached, known as EDGAR, is a popular way for investors to access the detailed financial reports companies that sell stock to the public must periodically release. It had a “software vulnerability” that was “exploited and resulted in access to nonpublic information,” Clayton said in the statement."

 

That last sentence.

 

1) Did they access info that was TO BE RELEASED but not yet released

2) Why would they use the same system for public and non public info?

Link to comment
Share on other sites

QUOTE (bmags @ Sep 22, 2017 -> 09:46 AM)
I'm confused by this:

"The system that was breached, known as EDGAR, is a popular way for investors to access the detailed financial reports companies that sell stock to the public must periodically release. It had a "software vulnerability" that was "exploited and resulted in access to nonpublic information," Clayton said in the statement."

 

That last sentence.

 

1) Did they access info that was TO BE RELEASED but not yet released

2) Why would they use the same system for public and non public info?

 

1- Could be. Some of that information is released, some never is. Company's pretty much disclose anything and everything and then figure out later level of importance and disclosure.

 

2- Fun fact: Despite cybersecurity being a pretty regular "point of emphasis" from the SEC and FINRA, most exchanges and regulatory agencies use outdated security, infrastructure and follow few of their own directives aimed at market participants. My professional guess is that the SEC does none of the Chinese Wall and segregation procedures that they require of member firms. A great example is last I knew the consolidated stock feed in the US was run on a version of Windows that hasn't been supported by Microsoft in a decade or more.

 

Fun reading in general.

 

http://www.dell.com/learn/us/en/uscorp1/pr...arming-reliance

Link to comment
Share on other sites

Federal IT and information security is pretty hilariously bad due to and array of issues from ridiculously complex and lengthy procurement processes that leave only a handful of companies even able to offer qualifying bids (see: obamacare exchange fiasco), underfunding programs, and not being able to attract solid talent since the pay is 1/4 or less what they'd get at Google or where ever.

Link to comment
Share on other sites

QUOTE (southsider2k5 @ Sep 22, 2017 -> 09:08 AM)
This is so much bigger than the Equifax hack, but is getting so much less publicity.

 

https://www.washingtonpost.com/news/busines...m=.e0dc5d9c955b

It affects corporate profits and that's more important than the financial stability of 150 million people ;)

 

Yes, big deal, just noting your instinctive judgement about priorities.

Link to comment
Share on other sites

QUOTE (Balta1701 @ Sep 22, 2017 -> 10:00 AM)
It affects corporate profits and that's more important than the financial stability of 150 million people ;)

 

Yes, big deal, just noting your instinctive judgement about priorities.

 

On a person's personal information you can get as far as their credit score. On a companies information or even marketplace's information you control the entire market place. Which is more important?

Link to comment
Share on other sites

QUOTE (southsider2k5 @ Sep 22, 2017 -> 10:05 AM)
On a person's personal information you can get as far as their credit score. On a companies information or even marketplace's information you control the entire market place. Which is more important?

 

I thought the Equifax leak included full name, DOB, address and SSN. Everything wrapped up in a nice package to steal someone's identity and wreck their s*** by taking out loans and credit in their name. That can be a monumental pain in the ass and financially damaging to get cleared up, and it can take months or years. It can screw with your employment prospects if you need background checks, it can screw with your insurance rates and your ability to get a mortgage or even an apartment since more and more credit checks are run for those.

Edited by StrangeSox
Link to comment
Share on other sites

QUOTE (StrangeSox @ Sep 22, 2017 -> 10:08 AM)
I thought the Equifax leak included full name, DOB, address and SSN. Everything wrapped up in a nice package to steal someone's identity and wreck their s*** by taking out loans and credit in their name. That can be a monumental pain in the ass and financially damaging to get cleared up.

Yes, and your credit history too. Like, I can go be 2k5 for 6 months with that. I could do everything but show up for his job. I could file his tax return.

Link to comment
Share on other sites

QUOTE (StrangeSox @ Sep 22, 2017 -> 10:08 AM)
I thought the Equifax leak included full name, DOB, address and SSN. Everything wrapped up in a nice package to steal someone's identity and wreck their s*** by taking out loans and credit in their name. That can be a monumental pain in the ass and financially damaging to get cleared up.

 

And with that information you are going to be able to go as far as their credit score will take you. If they have a 550, all of that information is pretty worthless. If they have a 800, sure you can go a lot further. But if you own Google's MNPI how much further can you go?

Link to comment
Share on other sites

QUOTE (Balta1701 @ Sep 22, 2017 -> 10:11 AM)
Yes, and your credit history too. Like, I can go be 2k5 for 6 months with that. I could do everything but show up for his job. I could file his tax return.

 

Oh yeah that scam tax returns are a big part of that, too. As well as potentially gaining bank account information and being able to drain the funds directly via some social hacking once you know everything else about that person.

 

I think people are rightfully much more concerned about that data hack that affects an overwhelming majority of American adults that can lead to great personal financial harm and stress versus opaque corporate market manipulation potential. Doesn't mean that it isn't important, but on the individual level, I think people have their priorities right.

Link to comment
Share on other sites

QUOTE (southsider2k5 @ Sep 22, 2017 -> 10:12 AM)
And with that information you are going to be able to go as far as their credit score will take you. If they have a 550, all of that information is pretty worthless. If they have a 800, sure you can go a lot further. But if you own Google's MNPI how much further can you go?

 

You can much more easily socially engineer your way into their various accounts. You can steal tax returns. You can still take out store and other lines of credit even if you've got a bad credit score. And plenty of those 150M people have decent or good credit anyway so it seems weird to be dismissive of them. For me, if my credit were to get wrecked, it could directly impact my employment because I need to obtain and maintain clearances.

 

That affects individual people directly. I don't even know what "Google's MNPI" means, so it seems pretty obvious why more people care about their personal information being stolen and putting them personally at great risk rather than a corporation being at risk.

Link to comment
Share on other sites

QUOTE (StrangeSox @ Sep 22, 2017 -> 10:17 AM)
You can much more easily socially engineer your way into their various accounts. You can steal tax returns. You can still take out store and other lines of credit even if you've got a bad credit score. And plenty of those 150M people have decent or good credit anyway so it seems weird to be dismissive of them. For me, if my credit were to get wrecked, it could directly impact my employment because I need to obtain and maintain clearances.

 

That affects individual people directly. I don't even know what "Google's MNPI" means, so it seems pretty obvious why more people care about their personal information being stolen and putting them personally at great risk rather than a corporation being at risk.

 

Its bigger than just "a corporation". Way bigger. If you don't understand it isn't prudent to dismiss this.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...