Bruce Schneier has some interesting books/articles

QuoteOriginally posted by: ErrrbQuoteOriginally posted by: jawabeanQuoteOriginally posted by: ErrrbAre there any experts on encryption in this forum? I assume standard linux gpg utility can be easily craked by United States goverment a.k.a Goldman. assumptions is unfounded. nobody can break pgpOn the other hand PGP can not be exported by US law to other countries. Thought that this was no longer the case.

QuoteOriginally posted by: rmaxQuoteOriginally posted by: ErrrbQuoteOriginally posted by: jawabeanQuoteOriginally posted by: ErrrbAre there any experts on encryption in this forum? I assume standard linux gpg utility can be easily craked by United States goverment a.k.a Goldman. assumptions is unfounded. nobody can break pgpOn the other hand PGP can not be exported by US law to other countries. Thought that this was no longer the case.I'm in the UK and my work laptop's hard disk is all encrypted with PGP. Even the pagefile

Exactly I thought the history went something like this:US tries to ban RSA from leaving country but saying the RSA cryptography algorithm is the same as exporting weapons from the USGuy that came up with PGP takes a book with the RSA algorithm and PGP outside the US as books are outside the lawUS tries to extradite him / send him to Guatmo, CIA try to take him out etc (ok perhaps a bit extreme but you get the gist).US then decide the limit the key length to 48 bitsUS still get no joy and in the end throw in the towel (or the NSA have cracked it in secret)

The Real Story of Trading Software Espionage32MB of code......

QuoteOriginally posted by: rmaxExactly I thought the history went something like this:US tries to ban RSA from leaving country but saying the RSA cryptography algorithm is the same as exporting weapons from the USGuy that came up with PGP takes a book with the RSA algorithm and PGP outside the US as books are outside the lawUS tries to extradite him / send him to Guatmo, CIA try to take him out etc (ok perhaps a bit extreme but you get the gist).US then decide the limit the key length to 48 bitsUS still get no joy and in the end throw in the towel (or the NSA have cracked it in secret)I would doubt the NSA have cracked it if it's still used by the US government.Whatever, there are far easier ways of getting passwords than breaking the encryption/protocol.

QuoteOriginally posted by: dirtydroog2QuoteOriginally posted by: rmaxExactly I thought the history went something like this:US tries to ban RSA from leaving country but saying the RSA cryptography algorithm is the same as exporting weapons from the USGuy that came up with PGP takes a book with the RSA algorithm and PGP outside the US as books are outside the lawUS tries to extradite him / send him to Guatmo, CIA try to take him out etc (ok perhaps a bit extreme but you get the gist).US then decide the limit the key length to 48 bitsUS still get no joy and in the end throw in the towel (or the NSA have cracked it in secret)I would doubt the NSA have cracked it if it's still used by the US government.Whatever, there are far easier ways of getting passwords than breaking the encryption/protocol.I was being fanciful on the NSA cracking it.However if there are far easier ways of cracking codes by stealing passwords/keys etc then it makes one wonder why the NSA need nearly 4bn USD to fund them and a team of highly train mathematicans that didn't get sucked into Wall Street.

QuoteOriginally posted by: rmaxHowever if there are far easier ways of cracking codes by stealing passwords/keys etc then it makes one wonder why the NSA need nearly 4bn USD to fund them and a team of highly train mathematicans that didn't get sucked into Wall Street.I know Errrb said cryptography was introduced to this thread simply to keep the ball rolling, but I'm assuming nobody here thinks that better encryption would have prevented GS code being stolen?In which case, would anyone like to put forward any solutions to help keep data safe?Right now, I imagine that GS IT security will be checking the whole teams emails and personal files, and possibly this will become a regular control/ audit requirement. But other than that the only thing I can think of is to sandbox the network of PCs used by the algo team, disable drives and internet/ network access. Or perhaps a thin client network for development work, (and probably a network PC sitting next to it for regular communications, internet access etc).

Disconnect all USB ports with wire cutters

Goldman has all USB ports disconnected. That's why this guy did what he did. I was told also that this guy from IT had access to the code which has strategy logic. The part which handles efficient order management and market data on collocated machines (handled by IT) is less intresting, it's easier to figure out how to do it properly. My understanding is that because he took the part with the strategy itself, it made Goldman to go wild. The best way to keep this safe is to pay well to people who have access to the code and to make sure that the access to the code repository is controled by good dogs

True - USB ports are disabled as a standard part of the build process in most banks now - It's annoying, but it's stories like this that remind you why. I also worked for a hedge fund administrator where PCs were all located in the server room, (not quite thin-client, but close enough from a practical point of view). Again, annoying if your PC crashed and you needed to physically restart it.

Aren't the USBs disconnected in the OS not physically. If you have admin right I would guess you can get round it. Don't know as it is a long long time since I had admin rights on any machine than my one at home.

Sorry RMax - Build process = Term used to describe installing the OS, defining it as a network PC and installing any standard organisation applications rather than actually physically building the PC. You're right ofcourse, with admin rights you could reactivate it. Infact I'm sure there are lots of ways to remove data from the actual machine if you really wanted to. If necessary, you could even remove the harddrive completely, take it home with you to get the data and bring it back the next day! Not as subtle as a flash pen of course.....

QuoteOriginally posted by: hayesSorry RMax - Build process = Term used to describe installing the OS, defining it as a network PC and installing any standard organisation applications rather than actually physically building the PC. You're right ofcourse, with admin rights you could reactivate it. Infact I'm sure there are lots of ways to remove data from the actual machine if you really wanted to. If necessary, you could even remove the harddrive completely, take it home with you to get the data and bring it back the next day! Not as subtle as a flash pen of course.....Exactly my point. You said that the build process disconnects the USB port, and unless this is done physically anyone with admin rights can get round it. Developers need admin right to their machine - once you have done that then the only physical way to stop them doing anything is use wire cutters.Futhermore I know some places the conigurations don't allow flash devices but still connect an iPOD and transfer data that way.

Encryption, sandboxing or any other restriction is going to be overcome if you're determined enough.But I wonder if Sergey Aleynikov (alledgedly) did it because it was easy, or was he more determined and would have done it regardless?It would be strange to think that a 2 buck pair of wire cutters could've saved Goldman's all of this trouble and potentially millions of dollars to boot. The Fraud Triangle