Print
Discuss
Send to friend
RSS feedsThe disclosure of software vulnerabilities can have an impact as far away as Wall Street, according to a recent report by security firm McAfee.
Researcher Anthony Bettini examined the most regular of all vulnerability disclosures, Microsoft's Patch Tuesday, and found that the company's stock price is routinely lower on the days when it releases patches.
Bettini credited much of this impact on stock price to the press stories and concerns which surround the disclosures.
The fluctuations in Microsoft's stock price on Patch Tuesday are relatively minor and short-lived in comparison with other market forces, but Bettini warned that a clever researcher or investor could manipulate the disclosure process to pull off significant stock fraud.
"Consider that fake vulnerability disclosures and rumours already appear today on mailing lists such as Full Disclosure or on IRC chat rooms," Bettini explained.
"It is possible that events could be orchestrated via social engineering to manipulate the market and its participants."
The McAfee report was written weeks ago for inclusion in the company's security journal, but its release comes just days after the SEC opened an investigation into possible stock fraud after a false report claiming that Apple chief Steve Jobs had suffered a heart attack.
David Marcus, security research and communications manager at McAfee, told vnunet.com that the similarities between the Microsoft and Apple scenarios were not lost on the company. "It was really kind of eerie, truth be told," he said.
See also:
Attack can cripple Access Control Server and security appliances 05 Sep 2008
All Hacking Tags: Mcafee, Stocks, Security, Microsoft, Patch-tuesday, Security
del.icio.us
Digg this
reddit!
