[E-Lang] Security Breach: Nominee for the Stock Exchange Prize

[Ralph Hartley]

Bill Frantz wrote:

>For better or worse, he current E comm protocol puts a strict limit on this
>delay.  If there is a message outstanding, as there is when Eve (who is
>more of an active attacker than the traditional Eve, the passive listener)
>grabs and holds the message, then the underling TCP resend, and timeout
>logic comes into play.
>
Of course you know that it is irrelevant that an attack doesn't work on 
a particular implementation.

>In highly volatile markets, the normal communication delays, even without
>Eve's interference, may make the "obsolete price information" effect strong
>enough to require a completely different approach to the application,
>although today's VatTP protocol times out sooner than the traditional "call
>your broker" information path.
>
But notice that it isn't how long the delay is that matters, it's how 
vulnerable it is to manipulation. A random delay in trading a stock will 
cause a gain about as often as it causes a loss. It's only if someone 
else, with an interest in the outcome, has some control over the 
distribution of delays or the probability of loss, that the cards can be 
stacked against me.

Of course, day traders need shorter delays than long term investors, and 
"minute traders" need very short delays. But no one wants a third party 
to be able to control it.

Ralph Hartley