cryptogon.com

cryptogon.com

excellent coverage from kevin over at cryptogon about jerome kerviel's bogus rogue trader status. more like rogue scapegoat.

"ignoring the real positions!?

If the people behind this had bombed the bank’s headquarters into a pile of rubble and killed all the executives, they would have done far less damage than what was accomplished with this hack. Or, this is a smoke screen being used to try to hide even more unthinkable financial horrors.

The piece also says that Kerviel, “misappropriated other people’s computer access codes.”

Two factor authentication has been standard in the finance industry for years. Simply: Two different authentication methods are required for access to critical systems. Access is only granted when a user supplies his or her credentials (username and password) ALONG WITH some other security token, usually a cryptographic security token that is displayed on a small device. (Biometrics are an option for the other factor.) The cryptographic signature changes every several seconds. It is synced with the server that is providing authentication. The token is usable only once, and within a very narrow time window.

In other words, when they’re saying that Kerviel, “misappropriated other people’s computer access codes,” did he go around and ask to borrow their one-time-pass cryptographic token generators, as well as their usernames and passwords?

I really don’t know what this situation at Societe Generale represents, but I can tell that it’s not the work of one man.

No way."

-as i stated last week, there is more than meets the eye here -st0ckman