The more they happen, the more they remain the same.

UBS reported a rogue trader attack and informed losses to the extent of over USD 2.3 Billion.

 

Links to the story can be found at

http://www.ft.com/intl/cms/s/0/d5547ba0-e05b-11e0-ba12-00144feabdc0.html#axzz1ZhGoMU1H
http://www.ubs.com/1/e/media_overview/media_global/releases.html?newsId=195150

As is customary nowadays, any incident is reported as effect of rogue trade. Banks in a momentary lapse of concentration fail to dwell on how a back office trader can run losses of over USD 2 billion, which in effect means unauthorised trades of many more billions.

Coming closely on the heels of the Socgen rogue trade, there is not much information yet on the modus operandi for the UBS scandal, but initial reports suggest a very similar methodology between Socgen and UBS such as dealing in complex financial instruments, exceeding authorisations and so on.

The initial disclosure by UBS indicates that the “positions had been offset in our systems with fictitious, forward-settling, cash ETF positions, allegedly executed by the trader”, which means that there was an individual who had complete access to the back office as well as the dealing room, or can only be attributed to a complete . This would mean that the fundamentals of investment banking which requires that back office be as distinct from front office and mid office was by passed. It is early days yet and only a full investigation will reveal the whole truth.

Till then do we blame the rogue trader or the Frankenstien that created the rogue trader.

The new Common Weakness Scoring System – CWSS

When a security analysis of a software application is performed, such as when using an automated code auditing tool, developers often face hundreds or thousands of individual bug reports for weaknesses that are discovered in their code. In certain circumstances, a software weakness can lead to an exploitable vulnerability. For example, a buffer overflow vulnerability might arise from a weakness in which the programmer does not properly validate the length of an input buffer. This weakness only contributes to a vulnerability if the input can be influenced by a malicious party, and if that malicious input can copied to an output buffer that is smaller than the input.

 

Continue reading “The new Common Weakness Scoring System – CWSS”