From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: In the beginning: The making of the Mac Newsgroups: alt.folklore.computers Date: Mon, 19 Jan 2009 17:19:17 -0500re:
The Mac at 25: Successes, regrets, Apple's had a few
http://www.computerworld.com.au/article/273417/mac_25_successes_regrets_apple_had_few
from above:
The Human Interface Guidelines
MacPaint/MacWrite
The all-in-one design
Nailing the hardware and software transitions
The iPod , the iPhone and the iTunes Store
... and
The Apple III
The Perfomas -- oh God, the Performas
The cloning vats
Not the best .edu sales structures
Clunky and weird online strategies
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Are Both The U.S. & UK on the brink of debt disaster? Date: Jan 20, 2009 Blog: Equity MarketsThe Man Who Beat The Shorts
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Not so much debt itself ... but securitization (along with the rating agencies giving triple-A ratings to toxic CDOs) resulted in huge amount of money being pumped into the lending market ... with nobody caring how it was being used (people lending the money could immediately unload as a toxic CDO ... so regardless of what happened later, every loan made, was profit).
No documentation, no-down-payment, 1% introductory rate ARMs with interest-only payments, became extremely attractive for speculators, since the carrying cost was significantly less than the home appreciation in numerous markets (planning on flipping before the rate reset). the large amount of speculation, in turn, significantly increased the inflation in the market. eventually the bubble bursts, but while it lasted ... lots of people were raking in the money.
The congressional hearings last fall highlighted that both the rating agencies and the toxic CDO issuers/sellers knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers/sellers were paying for the triple-A ratings. This significantly increased the institutions that would deal in the toxic CDOs and correspondingly significantly increased the amount of money available for lending.
A combination of deregulation and not enforcing regulations resulted in numerous greed/corruption hot-spots to combine together into an economic firestorm.
Last spring there was business school article about the effects of
securitization (this was before the congressional hearings about
rating agencies knew that the toxic CDOs weren't worth triple-A
ratings) and estimated that possibly 1000 executives are responsible
for 80% of the current mess (and it would go a long way to fixing
the situation if the gov. could figure out how they could loose
their jobs)
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
and related discussions:
Lets play Blame Game...?
http://www.linkedin.com/answers/finance-accounting/economics/FIN_ECO/388807-23540637
answer also archive here
https://www.garlic.com/~lynn/2009.html#42
Are reckless risks a natural fallout of "excessive" executive
compensation ?
http://www.linkedin.com/answers/hiring-human-resources/compensation-benefits/HRH_CMP/402114-25283493
answer also archived here
https://www.garlic.com/~lynn/2009.html#80
what was the idea behind Citigroup's splitting up into two different
divisions? what does this do for citigroup? thanks.
http://www.linkedin.com/answers/financial-markets/equity-markets/MKT_EQU/401959-32651588
answer also archived here:
https://www.garlic.com/~lynn/2009.html#84
this decade-old, long-winded post mentions needing accurate/trusted
valuation of securitized instruments as well as ARM mortgages nearly
took citi down two decades ago during S&L crisis
https://www.garlic.com/~lynn/aepay3.htm#riskm
update with a couple recent items
Roubini Predicts U.S. Losses May Reach $3.6 Trillion
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=aS0yBnMR3USk&refer=home
from above:
U.S. financial losses from the credit crisis may reach $3.6 trillion,
suggesting the banking system is "effectively insolvent," said New
York University Professor Nouriel Roubini, who predicted last year's
economic crisis.
... snip ...
A $17 Trillion Alliance Can Save World Economie
http://www.bloomberg.com/apps/news?pid=20601080
http://www.bloomberg.com/apps/news?pid=20601039&sid=atocjtEAf..Y&refer=home
Investors pull record $155B out of hedge funds
http://money.cnn.com/2009/01/21/markets/hedge_fund_flows.reut/index.htm?postversion=2009012114
misc. past posts mentioning the forbes article
https://www.garlic.com/~lynn/2008q.html#68 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2008q.html#69 if you are an powerful financial regulator , how would you have stopped the credit crunch?
https://www.garlic.com/~lynn/2008r.html#36 Blinkenlights
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008r.html#67 What is securitization and why are people wary of it ?
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#18 What next? from where would the Banks be hit?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
https://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The 25 Most Dangerous Programming Errors Date: Jan 20, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
and some fall-out regarding the original article:
List creates software security squabble
http://gcn.com/articles/2009/01/19/list-creates-software-security-squabble.aspx
from above:
The release earlier this month of a consensus list of the most serious
programming errors to be avoided has garnered quite a bit of
attention, some of it predictably negative. Bloggers who are amusing
themselves by dissing the effort seem to be missing the forest for the
trees.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Slow down to go faster! Date: Jan 20, 2009 Blog: Payment Systems Networkre:
... and competition can attempt to disrupt "observe" and/or "orientate" that, in turn, degrades the quality of decide and act. disrupting observe/orientate can be things besides forcing time .... quality/experience can provide a time advantage ... vis-a-vis the competition (iterating OODA-loop faster than the competition).
Boyd had a stories about taking part in some after action reviews of war games. One of his observation was about cases where the staff would practice in the war room all year, while the generals and admirals were out playing golf. When it came time for the actual war games ... the lack of generals/admirals practice and familiarity in the war room, degraded the tempo and effectiveness.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Possibility of malicious CPUs Newsgroups: comp.security.unix Date: Tue, 20 Jan 2009 10:54:07 -0500nmm1 writes:
some Keykos info
http://www.cap-lore.com/CapTheory/KK/
EROS used a lot of Keykos in the implementation
http://www.eros-os.org/
continued as CapRos
http://www.capros.org/
and Coyotos
http://coyotos.org/
from above:
Coyotos is being developed on AMD-64 and Pentium platforms. A port is
also underway to recent Coldfire processors. Once we have a baseline
kernel working, we would welcome help getting it running on PowerPC and
ARM processors as well.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Possibility of malicious CPUs Newsgroups: comp.security.unix Date: Tue, 20 Jan 2009 12:53:09 -0500Chris Mattern <syscjm@sumire.gwu.edu> writes:
however, there is the potential of introducing copy-chips ... or using the EC mechanism to introduce similar compromises.
"security processors" are typically transported by armored vehicle from the FAB to personalization center ... both because they are worth a lot as well as potential treat of copy-chip introduction/compromise.
one of the things we looked at for AADS ... was part of the design to significantly mitigate the risk ... and even had discussions about applying the technique to common chips used in personal computers.
misc AADS references
https://www.garlic.com/~lynn/x959.html#aads
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: US credit card payment house breached by sniffing malware Date: Jan 20, 2009 Blog: Financial Crime Risk, Fraud and SecurityUS credit card payment house breached by sniffing malware
and a couple more ...
Debit-card processor claims data breach part of bigger fraud
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126345&intsrc=hm_topic
Debit-card processor claims data breach part of global fraud operation
http://www.networkworld.com/news/2009/012009-massive-theft-of-credit-card.html
Lots of past posts discussing data breaches, sniffing, evesdropping,
harvesting
https://www.garlic.com/~lynn/subintegrity.html#harvest
and mention of X9.59 financial standard protocol
https://www.garlic.com/~lynn/x959.html#x959
as countermeasure.
and a little more:
Largest Data Breach in History Tries to Hide Behind Inauguration
http://www.darkreading.com/blog/archives/2009/01/largest_data_br.html
from above:
Heartland Payment Systems, a credit card processor out of Princeton,
New Jersey that mostly supports small and medium businesses, announced
today, during the Presidential Inauguration, that it is the victim of
a massive data breach that could include over 100 Million
credit card numbers.
... and
The breach is likely so massive that Heartland set up a special
website at http://www.2008breach.com, which by nature of sounding
like last year's news, also seems like a convenient attempt to
additionally obfuscate the seriousness of the situation
... snip ...
Largest Data Breach Disclosed During Inauguration
http://it.slashdot.org/article.pl?sid=09/01/20/1930252
Heartland data breach could be bigger than TJX's
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126379
Heartland data breach could be bigger than TJX's
http://www.infoworld.com/article/09/01/21/Heartland_data_breach_could_be_bigger_than_TJXs_1.html
Credit-Card Processor Heartland Reports a Massive Data Breach
http://online.wsj.com/article/SB123249174099899837.html
US payment processor Heartland reports massive data breach
http://www.finextra.com/fullstory.asp?id=19542
Millions of Credit Cards Exposed in Data Breach
http://www.consumeraffairs.com/news04/2009/01/heartland_breach.html
Payment Processor Breach May Be Largest Ever
http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html?hpid=topnews
It's a good day to disclose the largest credit card data breach ever
http://blogs.zdnet.com/security/?p=2406
Payment processor warns of network breach
http://www.securityfocus.com/brief/889
Heartland Payment Systems Uncovers Malicious Software In Its
Processing System
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212901488
Heartland Payment Systems Hit By Data Security Breach
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=213000512
Payment Processor Heartland Reveals Massive Data Breach
http://www.crn.com/security/212901576
Hackers breach Heartland Payment credit card system
http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm?csp=34
Payments processor discloses massive data breach
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1345521,00.html
Heartland Payment Systems Reports Breach
http://www.eweek.com/c/a/Security/Heartland-Payment-Systems-Reports-Breach/?kc=rss
Heartland Payment Systems Discovers Data Breach
http://www.bankinfosecurity.com/articles.php?art_id=1168&rf=012109eb
Malware caused 'biggest ever' data breach
http://security.cbronline.com/news/malware_caused_biggest_ever_data_breach_210109
Massive Theft of Credit Card Numbers Reported
http://www.networkworld.com/news/2009/012309-downadup-conflicker-worm.html
Cyber Thieves Hit Payment Processor Heartland
http://www.internetnews.com/security/article.php/3797551/Cyber+Thieves+Hit+Payment+Processor+Heartland.htm
PCI's Shield Suffers Another Blow As Heartland Reports a Hack
http://www.digitaltransactions.net/newsstory.cfm?newsid=2063
Heartland Payment Systems hacked. 100mln credit and debit card
accounts affected
http://www.ecommerce-journal.com/news/12559_heartland_payment_systems_hacked_100mln_credit_and_debit_card_accounts_affected
Heartland Payment Systems hacked
http://www.msnbc.msn.com/id/28758856/
Heartland has No Heart for Violated Customers
http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html
Hackers breach Heartland Payment credit card system
http://abcnews.go.com/Business/PersonalFinance/story?id=6695611&page=1
Largest Data Breach Disclosed During Inauguration
http://it.slashdot.org/article.pl?sid=09%2F01%2F20%2F1930252&from=rss
Heartland data security breach - Security Wire Weekly
http://securitywireweekly.blogs.techtarget.com/2009/01/21/heartland-data-security-breach/
Heartland reveals huge credit card scam
http://www.vnunet.com/vnunet/news/2234680/heartland-reveal-massive-credit
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Superworm seizes 9m PCs, 'stunned' researchers say Date: Jan 20, 2009 Blog: Financial Crime Risk, Fraud and SecuritySuperworm seizes 9m PCs, 'stunned' researchers say
from above:
They show 6.5 million new infections in the past four days, bringing
the total number of machines it has compromised to almost 9 million
... snip ...
... and recent update
Clock ticking on worm attack code
http://news.bbc.co.uk/2/hi/technology/7832652.stm
from above:
Experts are warning that hackers have yet to activate the payload of
the Conficker virus. The worm is spreading through low security
networks, memory sticks, and PCs without current security updates
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Do emperors from the banks have new clothes? Date: Jan 21, 2009 Blog: Equity Marketssome from this discussion:
Accounting Standards Wilt Under Pressure
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/26/AR2008122601715.html
from above:
In October, largely hidden from public view, the International
Accounting Standards Board changed the rules so European banks could
make their balance sheets look better. The action let the banks
rewrite history, picking and choosing among their problem investments
to essentially claim that some had been on a different set of books
before the financial crisis started.
... snip ...
... slightly related to accounting with things carried off-balance:
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
A year ago there was betting that citi was going to "win" the bank
"write-down" sweepstakes (i.e. declare the largest losses). This
refers to even after citi had won the "write-down" sweepstakes for
assets on their books ... citi still had $1.1T of toxic assets carried
off-balance.
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
and
http://www.nakedcapitalism.com/2008/07/wither-citigroups-11-trillion-of-off.html?showComment=1216055460000
and would eventually have to come back on the balance sheet (and the associated losses declared).
slightly related discussion in "Boyd" group mentioning Trust, but
Verify ... of course in the case of the triple-A ratings for toxic
CDOs ... there is also requirement to trust the verifying agencies.
https://www.garlic.com/~lynn/2009.html#57
https://www.garlic.com/~lynn/2009.html#71
update with a couple addition items:
Roubini Predicts U.S. Losses May Reach $3.6 Trillion
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=aS0yBnMR3USk&refer=home
from above:
U.S. financial losses from the credit crisis may reach $3.6 trillion,
suggesting the banking system is "effectively insolvent," said New
York University Professor Nouriel Roubini, who predicted last year's
economic crisis.
... snip ...
A $17 Trillion Alliance Can Save World Economie
http://www.bloomberg.com/apps/news?pid=20601080
http://www.bloomberg.com/apps/news?pid=20601039&sid=atocjtEAf..Y&refer=home
Investors pull record $155B out of hedge funds
http://money.cnn.com/2009/01/21/markets/hedge_fund_flows.reut/index.htm?postversion=2009012114
... and of course, i've been using the Emperor's new clothes parable
for some time.
https://www.garlic.com/~lynn/2008j.html#40 dollar coins
https://www.garlic.com/~lynn/2008j.html#60 dollar coins
https://www.garlic.com/~lynn/2008j.html#69 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008k.html#27 dollar coins
https://www.garlic.com/~lynn/2008l.html#42 dollar coins
https://www.garlic.com/~lynn/2008m.html#12 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008q.html#58 Obama, ACORN, subprimes (Re: Spiders)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: New Research Reveals 45% of Card Breach Victims Lose Confidence in Their Financial Accounts Date: Jan 21, 2009 Blog: Payment Systems NetworkNew Research Reveals 45% of Card Breach Victims Lose Confidence in Their Financial Accounts
and a new comment here on
Breach Notification Laws
http://www.schneier.com/blog/archives/2009/01/state_data_brea.html
that may be related to this study ... which came on the same day of
the inauguration and the possible 100m account breach ... reference to
lots of ongoing news articles archived here:
https://www.garlic.com/~lynn/2009b.html#6
We were tangentially involved in the cal. state data breach notification legislation. We had been brought in to help word-smith the electronic signature legislation and several of the parties were also heavily involved in privacy issues. They had done, detailed, in-depth consumer privacy studies which found that the number one issue was "identity theft" ... a major component was financial transaction and account record breaches, where the attacker could use the information for fraudulent financial transactions. It appeared little or nothing was being done about the situation and it seemed that they felt that the publicity would help motivate countermeasures.
a couple archived answers in other recent discussions where this has
come up:
https://www.garlic.com/~lynn/2009.html#29
https://www.garlic.com/~lynn/2009.html#58
As noted, several other jurisdictions have since passed legislation similar to Cal's. There have also been bills introduced at the federal level that have tended to fall into two categories, breach notification legislation that require notification and breach notification legislation that would eliminate the requirement for notification.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Superworm seizes 9m PCs, 'stunned' researchers say Date: Jan 21, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
There were articles in the late 80s & early 90s that part of moving computing out of the dataprocessing center to desktops ... was that it turned everybody into a sysadmin .... which doesn't show up as a separate expense item (allowing reducing number of dataprocessing professional sysadmins ... which does show up as a separate corporate expense item).
Current scenario is somewhat analogous to requiring people to do all of their own automobile maintenance. The maintenance articles did point out requiring trained professionals would have severely limited the PC market growth (since there was no way to produce the number of trained professionals needed). The auto industry has somewhat responded (to the problem) by significantly reducing the amount of maintenance that has been required (compared to 50yrs ago).
With regard to size of the infection, some stories have raised the issue whether the counter actually represents 9million unique PCs ... or whether the unique IP-address from packet sampling (that some organizations have been doing) showing only a couple million ... is closer to the truth ... so best guess is somewhat bounded on the low-side of a couple million from packet sampling ... and on the high-side based on the counter value. Note that infections have continued since the original articles/estimates.
a couple more articles from today ...
Six Percent Of Computers Scanned By Panda Security Infected With
Conficker Worm; Infections detected in more than 80 countries; United
States, Taiwan and Brazil are among the most affected regions
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212901754
Downadup Worm Invading 1 Million PCs Per Day, Disables Agent-Based
Security Solutions
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212901724
Users blame IT managers for Conficker; Microsoft also criticized for
security hole
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=12877
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Amid Economic Turbulence, Mainframes Counter IT Cost-Cutting Trend Newsgroups: bit.listserv.ibm-main To: <ibm-main@bama.ua.edu> Date: Wed, 21 Jan 2009 16:16:58 -0500joarmc@SWBELL.NET (John McKown) writes:
Corporate Fraud and Misconduct Risks Driven by Pressure to do
'Whatever It Takes'; Fewer episodes reported by companies with ethics
and compliance programs
http://www.informationweek.com/financialservices/news/showArticle.jhtml?articleID=215801487
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said
they had personally observed misconduct within their organizations
during the prior 12 months, unchanged from the level reported by KPMG
survey respondents in 2005. Roughly half (46 percent) of respondents
reported that what they observed "could cause a significant loss of
public trust if discovered," a figure that rises to 60 percent among
employees working in the banking and finance industry.
... snip ...
misc. past posts mentioning the above article:
https://www.garlic.com/~lynn/2008s.html#27 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#29 Let IT run the company!
https://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#36 What is the top security threat prediction of 2009?
https://www.garlic.com/~lynn/2008s.html#47 Executive pay: time for a trim?
then this article from last spring that estimated 1000 executives are
responsible for 80% of the current crisis and that it would go a long
way towards fixing the situation if the gov. could figure out how they
loose their jobs.
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
misc. past posts mentioning the above article:
https://www.garlic.com/~lynn/2008g.html#32 independent appraisers
https://www.garlic.com/~lynn/2008g.html#44 Fixing finance
https://www.garlic.com/~lynn/2008g.html#52 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008i.html#4 A Merit based system of reward -Does anybody (or any executive) really want to be judged on merit?
https://www.garlic.com/~lynn/2008i.html#67 Do you have other examples of how people evade taking resp. for risk
https://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
https://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
https://www.garlic.com/~lynn/2008n.html#95 Blinkylights
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008q.html#16 realtors (and GM, too!)
https://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
https://www.garlic.com/~lynn/2008q.html#51 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2008r.html#10 Blinkylights
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
https://www.garlic.com/~lynn/2009.html#50 Greed Is
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#77 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#79 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#85 Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Amid Economic Turbulence, Mainframes Counter IT Cost-Cutting Trend Newsgroups: bit.listserv.ibm-main Date: Wed, 21 Jan 2009 17:25:22 -0500antonbritz@GMAIL.COM (Anton Britz) writes:
you mean:
GAO Reports Bailout and Tech Firms Love Tax Havens
http://news.slashdot.org/article.pl?sid=09/01/17/1815221
Bailed-Out Firms Have Tax Havens, GAO Finds
http://www.washingtonpost.com/wp-dyn/content/story/2009/01/16/ST2009011603928.html
International Taxation: Large U.S. Corporations and Federal Contractors
with Subsidiaries in Jurisdictions Listed as Tax Havens or Financial
Privacy Jurisdictions
http://www.gao.gov/products/GAO-09-157
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: US credit card payment house breaches by sniffing malware Date: Jan 21, 2009 Blog: Payment Systems Networkadditional news item URLs found here:
we've tried using a number of different metaphors to highlight the situation. one is the security proportional to risk metaphor.
The value of the information to a merchant is the profit on the purchase (possibly a few dollars per account)... the value of the information to the processor is profit on the processing (possibly a few cents per account).
The value of the information to the attacker ... is the balance/credit limit of each account ... say $500/account. The issue in the current paradigm, is the attacker may be able to outspend the defender (merchant or processor) by a factor 2-3 orders of magnitude
one of the issues in the x9.59 financial transaction standard was to slightly tweak the paradigm so the information is useless to the attacker. X9.59 didn't do anything to prevent skimming, sniffing, evesdropping, harvesting, data breaches, etc ... it just made the information useless for the purpose of performing fraudulent financial transactions (removed the financial motivation to the crooks/attackers)
Related news item from today ... also archived here:
https://www.garlic.com/~lynn/2009b.html#9
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: question about ssh-keygen with empty passphrase. Newsgroups: comp.security.ssh Date: Thu, 22 Jan 2009 09:23:41 -0500Chris Mattern <syscjm@sumire.gwu.edu> writes:
normal security recommendations are that a unique shared-secret is required for each unique security domain (in part as countermeasure to x-domain attacks). 40 yrs ago ... with one or two domains ... shared-secret, something you know authentication wasn't too onerous task to remember ... roll forward 40 yrs, and a person may be dealing with large scores of unique security domains, each requiring their own unique shared-secrets ... resulting in enormous human factors problems (having to remember large scores of pin/passwords). For instance, one study found that 1/3rd of pin-debit magstripe cards ... had the pin written on the card.
"private" key normally has a business process where the key is kept confidential and never divulged. in theory, this would allow the same public/private key pair to be used for a large number of different security domains (since problem with x-domain attacks has been eliminated).
public/private key could also help with phishing and social engineering attacks. there are numerous scenarios where people are conditioned to provide shared-secret something you know authentiation ... which attackers can leverage. conditioning the public that the "private" key is never divulged ... would make them more resistent to lots of the phishing and social engneering attacks.
public/private key infrastructure can be further strengthened by embedding the private key in some hardware token ... where the private key is never even divulged to the owner. there are still social engineering attacks trying to convince the owner to use the token (for some operation benefitting the attacker), but large number of common exploits, where an attacker acquires a shared-secret, would be eliminated.
A recent example of shared-secret vulnerability is the recent
breach announced on tuesday ... recent post
https://www.garlic.com/~lynn/2009b.html#6 US credit card payment house breached by sniffing malware
a countermeasure is the x9.59 financial standard protocol
https://www.garlic.com/~lynn/x959.html#x959
which can use digital signature (public/private key) to provide end-to-end integrity for financial transactions. x9.59 standard doesn't do anything to eliminate evesdropping, skimming, sniffing, harvesting, data breaches, etc ... it just eliminates the ability of the attacker to use the information for performing fraudulent transactions (since they would still not have the required private key).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: It's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct Date: Jan 22, 2009 Blog: identitymanagementIt's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct
from above:
This month I'd like to explore the concepts of identity,
authentication, and authorization, to help you understand their
important distinctions, and to help guard you against the increasingly
common tendency to combine the first two.
... snip ...
also pointed to by:
Identity, Authentication, and Authorization
http://www.schneier.com/blog/archives/2009/01/identity_authen.html
related to dual-use vulnerabiltiy metaphor ... some recent references:
https://www.garlic.com/~lynn/2009.html#60
https://www.garlic.com/~lynn/2009.html#66
https://www.garlic.com/~lynn/2009.html#69
https://www.garlic.com/~lynn/2009.html#72
recent post in ssh newsgroup
https://www.garlic.com/~lynn/2009b.html#14
and similar thread from earlier part of the decade:
https://www.garlic.com/~lynn/aepay11.htm#66 Confusing Authentication and Identiification?
https://www.garlic.com/~lynn/aepay11.htm#72 Account Numbers. Was: Confusing Authentication and Identiification? (addenda)
https://www.garlic.com/~lynn/aepay11.htm#73 Account Numbers. Was: Confusing Authentication and Identiification? (addenda)
https://www.garlic.com/~lynn/aepay12.htm#1 Confusing business process, payment, authentication and identification
https://www.garlic.com/~lynn/aepay12.htm#2 Confusing business process, payment, authentication and identification
https://www.garlic.com/~lynn/aepay12.htm#3 Confusing business process, payment, authentication and identification
https://www.garlic.com/~lynn/aepay12.htm#4 Confusing business process, payment, authentication and identification
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: It's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct Date: Jan 22, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
oh, and there is a different kind of dual-use vulnerability involving the use of digital signatures.
we had been called in to help word-smith the cal. electronic signature
legislation. at the time there seemed to be an enormous number of
people who confused digital signature and human signature
... possibly because of confusion over the two terms both containing
the word signature ... lots of past posts
https://www.garlic.com/~lynn/subpubkey.html#signature
it is possible to use a digital signature in a business process that would meet the requirements for a human signature ... however it is the business process that provides the equivalence ... not the digital signature.
there is also a dual-use vulnerability if a digital signature is used as representing the human signature business process (as indication of read, understood, approves, authorizes, agrees) and if the same "private key" was also used for authentication purposes ... which frequently consists of server sending some random data (as countermeasure to replay attack) to be digitally signed.
past thread/posts discussing this other kind of dual-use vulnerability
https://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#0 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#4 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#6 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#12 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#13 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#17 should you trust CAs? (Re: dual-use digital signature vulnerability)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Fraud -- how can you stay one step ahead? Date: Jan 22, 2009 Blog: Financial Crime Risk, Fraud and Securityrecent article:
Corporate Fraud and Misconduct Risks Driven by Pressure to do
'Whatever It Takes'; Fewer episodes reported by companies with ethics
and compliance programs
http://www.informationweek.com/financialservices/news/showArticle.jhtml?articleID=215801487
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said
they had personally observed misconduct within their organizations
during the prior 12 months, unchanged from the level reported by KPMG
survey respondents in 2005. Roughly half (46 percent) of respondents
reported that what they observed "could cause a significant loss of
public trust if discovered," a figure that rises to 60 percent among
employees working in the banking and finance industry.
... snip ...
misc. past posts/discussions mentioning above:
https://www.garlic.com/~lynn/2008s.html#27 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#29 Let IT run the company!
https://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#36 What is the top security threat prediction of 2009?
https://www.garlic.com/~lynn/2008s.html#47 Executive pay: time for a trim?
https://www.garlic.com/~lynn/2009b.html#11 Amid Economic Turbulence, Mainframes Counter IT Cost-Cutting Trend
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Barbless Newsgroups: alt.folklore.computers Date: Thu, 22 Jan 2009 14:22:43 -0500krw <krw@att.zzzzzzzzz> writes:
Roubini Predicts U.S. Losses May Reach $3.6 Trillion
http://www.bloomberg.com/apps/news?pid=20601087&sid=aS0yBnMR3USk&refer=home
from above:
U.S. financial losses from the credit crisis may reach $3.6 trillion,
suggesting the banking system is "effectively insolvent," said New
York University Professor Nouriel Roubini, who predicted last year's
economic crisis.
... snip ...
couple recent posts mentioning above:
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
and old article from last spring that estimated that 1000 executives are
responsible for 80% of the problem and it would go a long way to
correcting the problems if the gov. could figure out how they loose
their jobs:
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: US credit card payment house breached by sniffing malware Date: Jan 23, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
Banks' Card Reissuance Indicates Probable Scope of Heartland Breach
http://www.digitaltransactions.net/newsstory.cfm?newsid=2066
from above ...
.... evidence is building that banks and credit unions around the
country are reissuing cards on a mass scale as a likely result of the
breach. That could give credence to early speculation that Heartland's
will go down as a huge data breach--one of the largest, if not the
largest
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup? Date: Jan 23, 2009 Blog: Equity Marketsre:
part of citi's problems appears to be trying to decide when/how to bring the $1.1T in toxic assets back on to the balance sheet (and how to value them for declaring the associated losses) ... recent somewhat related article:
Roubini Predicts U.S. Losses May Reach $3.6 Trillion
http://www.bloomberg.com/apps/news?pid=20601087&sid=aS0yBnMR3USk&refer=home
from above:
U.S. financial losses from the credit crisis may reach $3.6 trillion,
suggesting the banking system is "effectively insolvent," said New
York University Professor Nouriel Roubini, who predicted last year's
economic crisis.
... snip ...
couple recent posts mentioning above:
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: ICSF and VISA/MasterCard?amex reference list Newsgroups: bit.listserv.ibm-main Date: Fri, 23 Jan 2009 16:25:00 -0500jayarelim@HOTMAIL.COM (J R) writes:
remember the "DES cracking" machine (I've a souvenir chip from the
machine in a box someplace)
https://en.wikipedia.org/wiki/EFF_DES_cracker
maybe 15-20 yrs ago ... a mainframe connected (internal financial/banking) desktop was compromised ... so that it would perform brute force attacks on PIN numbers ... effectively sending large number of "PINed" zero transactions to the mainframe ... until it found the correct values. 4 digit PINs ... 10k possible values ... on the avg, brute force finds the correct value after half the search space ... i.e. 5k attempts. High-performance mainframe becames a super PIN cracking machine.
PIN'ed operations have some easier attacks:
• a lot of debit cards now can be used in either PIN-debit mode or signature-debit mode ... attacker skims the magstripe information and creates counterfeit card for use in "signature-debit" mode (basically the same as credit card)
• multi-factor authentication is nominal considered more secure
assuming that the different factors have independent vulnerabilities
... aka PIN something you know authentication is considered
countermeasure for lost/stolen (something you have) card. lots
of past posts mentioning 3-factor authentication paradigm
https://www.garlic.com/~lynn/subintegrity.html#3factor
Possibly two decades ago, slightly more sophisticated skimming technology started being used to record both the magstripe and the PIN ... at the same time; which invalidaties the assumption about independent vulnerabilities. Note that even with such vulnerabilities, signature-debit fraud numbers are 15 times higher than PIN-debit. part of this can be a lot of fraud is happening as a result of data breaches ... where only the magstripe information is readily available.
some recent posts mentioning the breach hitting the news on tuesday
... and is shaping up to be the largest to-date:
https://www.garlic.com/~lynn/2009b.html#6 US credit card payment house breached by sniffing malware
https://www.garlic.com/~lynn/2009b.html#13 US credit card payment house breached by sniffing malware
https://www.garlic.com/~lynn/2009b.html#19 US credit card payment house breached by sniffing malware
• PINs are a form of shared-secret something you have authentication
... lots of past posts about shared-secret authentication
https://www.garlic.com/~lynn/subintegrity.html#secret
recent post comparing shared-secret and "public-key"
https://www.garlic.com/~lynn/2009b.html#14 question about ssh-keygen with empty passphrase
nominal security procedure for shared-secrets is to have a unique shared-secret for every unique security domain (in part as a countermeasure to x-domain attacks). 40yrs ago with only a couple such shared-secrets, it was relatively easy paradigm to deal with. roll forward 40 yrs ... and now it isn't unusual to have several scores of unique shared-secrets. Because of the human factors dealing with such large number of shared-secrets, some studies have found that 1/3rd of debit cards have the PIN written on them.
The shared-secret paradigm for something you know authentication is not the only kind that is vulnerable to skimming, evesdropping, havesting, sniffing, and/or data breaches ... as already mentioned the information from "magstripes" (something you have authentication) is also vulnerable ... and can be used to create counterfeit cards.
There is a case where a presumably well-designed chip-card was trivially
vulnerable to similar (magstripe) skimming attack. The chip would
present "static data" and then strong cryptography was used to verify
that the information was valid. However, since the information was
"static" ... it was trivial to skim the "valid data" and place it in a
counterfeit chip-card. POS terminals would ask a (valid) chip-card
three questions (after performing crypto validation of the static data):
1) was the correct PIN entered, 2) should the transaction be done
offline, and 3) is the transaction within the account credit limit. The
counterfeit chip-cards got the nickname YES CARDS ... since they would
always answer YES to all three questions. reference to presentation on
yes cards at cartes2002:
https://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html
and misc. past posts mentioning yes cards:
https://www.garlic.com/~lynn/subintegrity.html#yescard
note that a valid chip-card required the correct PIN to be entered before performing a valid transaction. However, it wasn't necessary to even skim the PIN ... since a counterfeit yes card, would always claim that the correct PIN was entered ... regardless of what was entered. there were sarcastic comments from some members of the industry that billions of dollars were spent to prove that chipcards are less secure than magstripe cards.
there were some large scale deployments in the period ... that seem to just evaporate.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Evil weather Newsgroups: alt.folklore.computers Date: Fri, 23 Jan 2009 19:09:34 -0500Morten Reistad <first@last.name> writes:
4331 (30jan79-18nov81)
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP4331.html
4341 (30jan79-11feb86)
https://web.archive.org/web/20190105032753/https://www.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP4341.html
4361 (4331 follow-on, 15sep83-17feb87)
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP4361.html
4381 (4341 follow-on, 15sep83-19aug92)
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP4381.html
4381 was originally going to be a risc/801 based processor; Iliad,
running "microcode" implementing 370. this was part of corporate-wide
effort to move the large number of different internal microprocessors to
risc/801 ... including, originally as/400. risc/801 effort was suspended
and both 4381 and as/400 moved to their own cisc processor. misc. past
posts mentioning 801, romp, rios, iliad
https://www.garlic.com/~lynn/subtopic.html#801
corporation also had a field maintenance/service process that included a "bootstrap" process that started out with "scoping" faulty components. beginning with 3081 ... components were so highly integrated that it was no longer feasable to "scope" faulty components ... and so a "service processor" was introduced ... that had connections to muliple parts of the mainframe ... built during manufacturing (service processor was simple enough that it could be "scoped" as part of bootstraped diagnoses, and then the service processor could be used to analyse the rest of the machine).
because of growing sophisitication required of service processor ... it
was decided to move to vm370 running on 4331 as the "serivce processor"
for the 3090 (3081 follow-on ... with most of the "service" screens
implemented in cms IOS3270) ... since the 4331 could be "scoped". Before
3090 shipped, it was decided to move to a pair of 4361 processors (and
instead of having to diagnose a faulty 4361 processor ... switch to the
redundant 4361; treat the service processor as redundant FRU) ... see
mention of "3092" processor controller:
https://web.archive.org/web/20230719145910/https://www.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP3090.html
here is JR&D article "Electronic Pakaging Evolution in IBM" up to 4300 &
3081
http://domino.research.ibm.com/tchjr/journalindex.nsf/4ac37cf0bdc4dd6a85256547004d47e1/9915bfd45fd3cd0685256bfa0067f4e1?OpenDocument
same from same issue: Semiconductor Manufacturing in IBM, 1957 to the
Present: A Perspective
http://domino.research.ibm.com/tchjr/journalindex.nsf/4ac37cf0bdc4dd6a85256547004d47e1/d7a98629df33acbc85256bfa0067f4e3?OpenDocument
and MLC used in 4300 and 3081
http://domino.research.ibm.com/tchjr/journalindex.nsf/a3807c5b4823c53f85256561006324be/94bc3bbb7b2d2a4d85256bfa0067f566?OpenDocument
and for something a little different ... paper about using 4341 as
tester in 3081 TCM manufacturing:
http://www.research.ibm.com/journal/rd/271/ibmrd2701G.pdf
from this article:
http://domino.research.ibm.com/tchjr/journalindex.nsf/4ac37cf0bdc4dd6a85256547004d47e1/088481b78493524885256bfa0067f569?OpenDocument
for other historical references ... this is a trip report of several
locations ... doesn't actually talk about 4341 ... but does mention
watching 3081s being built:
http://www.chilton-computing.org.uk/acd/literature/reports/p014.htm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: BarCampBank - informal finance rantathon in London Date: Jan 23, 2009 Blog: Financial Cryptographyre:
this is long-winded, decade old post discussing some of the issues
... including discussion of citi nearly went under two decades ago
because of ARMs and not adequately understanding what happens when
interest rates adjust.
https://www.garlic.com/~lynn/aepay3.htm#riskm
I believe that some of the people involved in that analysis were part of forming a leading risk analysis (software) company in 1990.
Playing long/short mismatch has been known for centuries to bring down
institutions. They (and others) have commented that Bear-Stearns and
Lehman had marginal chance of surviving playing long/short mismatch
(buying triple-A rated toxic CDOs) ... this discusses
long/short mismatch and some number of other related issues:
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
Playing long/short mismatch was independent of heavy leveraging, SIVs, and whether or not the (subprime) toxic CDOs deserved their triple-A ratings.
a couple recent, related archived (linkedin) discussions:
https://www.garlic.com/~lynn/2009.html#79 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#80 Are reckless risks a natural fallout of "excessive" executive compensation?
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Researchers wait for Downadup worm's second act Date: Jan 24, 2009 Blog: Financial Crime Risk, Fraud and SecurityResearchers wait for Downadup worm's second act; The 'well-engineered' worm was written by hackers who know their stuff
from above:
Downadup, also called "Conficker," has infected an estimated 6% of PCs
worldwide. The worm spreads by exploiting a four-month-old
vulnerability in Windows, by brute-force password attacks and by
hitchhiking on USB devices like flash drives.
... snip ...
its getting lots of play:
Downadup/Conflicker worm: When will the next shoe fall?
http://www.networkworld.com/news/2009/012309-downadup-conflicker-worm.html
from above:
"It has the potential to infect about 30% of Windows systems online, a
potential 300 to 350 million PCs," says Don Jackson, director of
threat intelligence in the counter threat unit at SecureWorks
... snip ...
others:
Conficker Hitting Hardest in Asia, Latin America
http://tech.yahoo.com/news/pcworld/20090124/tc_pcworld/confickerhittinghardestinasialatinamerica
Conficker Worm Spreads Fast, Infects Millions
http://www.crn.com/security/212902319
Downadup: The Web's Next Big Threat?
http://itmanagement.earthweb.com/secu/article.php/3798281/Downadup-The-Webs-Next-Big-Threat.htm
past references:
https://www.garlic.com/~lynn/2009b.html#7 Superworm seizes 9m PCs, 'stunned' researchers say
https://www.garlic.com/~lynn/2009b.html#10 Superworm seizes 9m PCs, 'stunned' researchers say
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick. Date: Jan 24, 2009 Blog: Regulation and ComplianceThere was a study last year that the ratio of executive compensation to worker compensation had exploded to 400:1, after being 20:1 for a long time, and 10:1 in most of the rest of the world.
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... from a couple weeks ago
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
GAO has started doing a database of increasing number of cases involving executives fiddling public company financial reports (in spite of SOX). The executives get a boost in compensation based on the fiddled numbers. Later the financials may be restated ... but the compensation not forfeited. One example was in 2004 Freddie was fined $400m for $10b fiddling of financials and the CEO replaced ... but allowed to keep tens of millions (hundred?).
GAO references:
http://www.gao.gov/products/GAO-03-138
http://www.gao.gov/products/GAO-06-678
http://www.gao.gov/products/GAO-06-1053R
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
Part of the issue is that there may be extreme downside to the business operation ... but it appears that the executives still believe that they will come out ahead.
There was a study last fall of 270 companies that had redone their executive compensation plans to reduce the motivation for fiddling
Corporate Fraud and Misconduct Risks Driven by Pressure to do
'Whatever It Takes'; Fewer episodes reported by companies with ethics
and compliance programs
http://www.informationweek.com/financialservices/news/showArticle.jhtml?articleID=215801487
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said
they had personally observed misconduct within their organizations
during the prior 12 months, unchanged from the level reported by KPMG
survey respondents in 2005. Roughly half (46 percent) of respondents
reported that what they observed "could cause a significant loss of
public trust if discovered," a figure that rises to 60 percent among
employees working in the banking and finance industry.
... snip ...
If the overall avg. is 46percent and the financial industry is 60 percent, then the non-financial avg may be as low as 30percent ... making the financial industry twice as bad as other industries.
Last spring there was business school article about the effects of
securitization (this was even before the congressional hearings about
the rating agencies knowing that the toxic CDOs weren't worth
triple-A ratings) and estimated that possibly 1000 executives are
responsible for 80% of the current mess (and it would go a long way to
fixing the situation if the gov. could figure out how they could loose
their jobs)
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
of course then there is Boyd's advice:
"There are two career paths in front of you, and you have to choose
which path you will follow. One path leads to promotions, titles, and
positions of distinction.... The other path leads to doing things that
are truly significant for the Air Force, but the rewards will quite
often be a kick in the stomach because you may have to cross swords
with the party line on occasion. You can't go down both paths, you
have to choose. Do you want to be a man of distinction or do you want
to do things that really influence the shape of the Air Force? To be
or to do, that is the question." Colonel John R. Boyd, USAF 1927-1997
From the dedication of Boyd Hall, United States Air Force Weapons
School, Nellis Air Force Base, Nevada. 17 September 1999
... snip ...
I had quoted in post from 2000:
https://www.garlic.com/~lynn/2000e.html#35 War, Chaos & Business
and lots of other past references to John Boyd
https://www.garlic.com/~lynn/subboyd.html
past posts mentioning the The Fed's Too Easy on Wall Street article:
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#42 The Return of Ada
https://www.garlic.com/~lynn/2008n.html#52 Technology and the current crisis
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#31 The human plague
https://www.garlic.com/~lynn/2008o.html#32 How much is 700 Billion Dollars??
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008r.html#61 The vanishing CEO bonus
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008s.html#32 How Should The Government Spend The $700 Billion?
https://www.garlic.com/~lynn/2008s.html#33 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#41 Executive pay: time for a trim?
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#80 Are reckless risks a natural fallout of "excessive" executive compensation ?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: A question about arp tables... Newsgroups: comp.protocols.tcp-ip Date: Sun, 25 Jan 2009 14:54:30 -0500vjs@calcite.rhyolite.com (Vernon Schryver) writes:
We had found a bug in the tahoe IP code calling ARP ... when we were
doing our HA/CMP product ... misc. past posts
https://www.garlic.com/~lynn/subtopic.html#hacmp
The ip-routine would save the last returned (MAC) value from the ARP routine. In the "fall-over" case ... we would perform IP-address take-over. Nominally, ARP is suppose to "time-out" the values in the tables ... which would allow IP-address take-over to work (i.e. same ip-address with different MAC address).
The ip "fastpath" (saving of last returned MAC response for IP-address ... and continuing to use that response as long as the IP-address hasn't change) ... would never time-out.
lots of the environments being dealt with were "strongly" client/server (nearly all client activity was with the same server for extended periods of time). Not being able to source update most of the platforms ... a hack was to have the server(s) keep a list of known client IP-address ... and in the case of (fall-over and) ip-address take-over ... "hit" each one of the clients with packet using a different ip-address (force clients to process a different IP-address and a real call to the ARP routine).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: ACM fellow for reinventing virtual machines Newsgroups: alt.folklore.computers Date: Sun, 25 Jan 2009 14:57:21 -0500and somebody named ACM fellow for reinventing virtual machines:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Online-Banking Authentication Date: Jan 25, 2009 Blog: identitymanagementOne of the things I did as part of AADS chip strawman was make random (public) key (pair) generation part of the chip manufacturing and test process ... where it was leveraged to also reduce chip verification costs in the fab ... as well as eliminate lots of post-FAB processing steps and costs. I had joked in the mid-90s that I was looking at taking a $500 milspec part and cost reducing it by 2-3 orders of magnitude while increasing the integrity.
There are lots of scenarios where any kind of "static data" is skimmed
(for impersonation and/or fraudulent purposes) and it is likely that
it should be made part of authentication history ... recent post in
mainframe thread discussing some of the aspects:
https://www.garlic.com/~lynn/2009b.html#21 ICSF
Long ago and far away, we had been called in to consult with small client/server startup that wanted to do payment transactions on their server ... and they had this technology they had invented called SSL they wanted to use (frequently now referred to as electronic commerce) ... as part of that effort we had to do lots of end-to-end audits of various parts of the business processes ... as well as suggest some number of compensating processes for some.
Then in the mid-90s we were asked to participate in the x9a10
financial standard working group ... which had been given the
requirement to preserve the integrity of the financial infrastructure
for all retail payments (POS, internet, face-to-face, unattended,
debit, credit, stored-value, ach, contact, contactless, wireless,
giftcard, etc ... i.e. ALL). Part of the effort was doing in-depth,
end-to-end threat & vulnerability studies of the various
environments. The result was the x9.59 financial standard
https://www.garlic.com/~lynn/x959.html#x959
X9.59 did nothing to prevent evesdropping, skimming, harvesting, phishing, and/or data breaches. However, x9.59 slightly tweaked the paradigm so that such information was no longer useful to the attackers for the purpose of performing fraudulent transactions ... i.e. it eliminated the need to hide the "transactions". Now the major use of SSL in the world today is this earlier thing we worked on called electronic commerce ... for the purpose of hiding the transaction. No longer needing to hide the transaction ... then also eliminates the major purpose for SSL.
for related topic drift ... recent article:
Banks urged to change security policies
http://www.securecomputing.net.au/News/135149,banks-urged-to-change-security-policies.aspx
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: is privacy a security attribute(component or ?). If yes, why? If no why not? Date: Jan 25, 2009 Blog: Information Securityhere is the security acronym: PAIN
P ... privacy A ... authentication I ... integrity N ... non-repudiation
we had been tangentially involved with the cal. breach notification legislation. we had been called in to help word-smith the electronic signature act and several of the parties were also heavily involved in privacy issues. the had done detailed, in-depth consumer privacy studies ... and the number one consumer privacy issue was "identity theft" ... a lot of which involved crooks using harvested financial information from breaches to perform fraudulent transactions ... which there was little or nothing being done about. They seemed to believe that the publicity from breach notifications would motivate countermeasures.
Later we were invited to co-author the x9 financial x9.99 privacy
standard .... which required taking into account things like GLBA,
HIPAA, and EU-DPD. For that effort, i did a privacy subset of the
merged security taxonomy & glossary ... reference here
https://www.garlic.com/~lynn/index.html#glosnote
in the past, there have been some assertions that it was necessary to increase strength of privacy, integrity, and authentication measures equally (to avoid falling prey to attacks on the weakest link) ... however, it is also possible to approach it from a different view point.
Long ago and far away, we had been called in to consult with small client/server startup that wanted to do payment transactions on their server ... and they had this technology they had invented called SSL they wanted to use (frequently now referred to as electronic commerce) ... as part of that effort we had to do lots of end-to-end audits of various parts of the business processes ... as well as suggest some number of compensating processes for some.
Then in the mid-90s we were asked to participate in the x9a10
financial standard working group ... which had been given the
requirement to preserve the integrity of the financial infrastructure
for all retail payments (POS, internet, face-to-face, unattended,
debit, credit, stored-value, ach, contact, contactless, wireless,
giftcard, etc ... i.e. ALL). Part of the effort was doing in-depth,
end-to-end threat & vulnerability studies of the various
environments. The result was the x9.59 financial standard
https://www.garlic.com/~lynn/x959.html#x959
X9.59 did nothing to prevent evesdropping, skimming, harvesting, phishing, and/or data breaches. However, x9.59 slightly tweaked the paradigm so that such information was no longer useful to the attackers for the purpose of performing fraudulent transactions ... i.e. it eliminated the need to hide the "transactions".
Now, the major use of SSL in the world today is this early thing we worked on called electronic commerce for the purpose of hiding the transaction. No longer needing to hide the transaction ... then also eliminates the major purpose for SSL.
i.e. X9.59 changed the paradigm so it was no longer necessary to use privacy as countermeasure to fraudulent transactions ... strong integrity and strong authentication was used instead
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick. Date: Jan 24, 2009 Blog: Regulation and Compliancere:
tv business news show just now was debunking the recent excuses about the excesses; one excuse was the remodeling excesses was done during a completely different environment ... comment was that it was done a year ago ... when the economic environment was akin to Dresden bombing (i.e. economic firestorm) ... before the Lehman bankruptcy ... which then took it more akin to Hiroshima level.
for a little topic drift ... misc. past posts using the economic firestorm analogy:
https://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008o.html#82 Greenspan testimony and securization
https://www.garlic.com/~lynn/2008p.html#60 Did sub-prime cause the financial mess we are in?
https://www.garlic.com/~lynn/2008q.html#20 How is Subprime crisis impacting other Industries?
https://www.garlic.com/~lynn/2008s.html#57 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#62 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
https://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: alt.folklore.computers Date: Mon, 26 Jan 2009 13:06:06 -0500hcb@fki030.fki.uu.se (Hans-Christian Becker) writes:
boyd made some analogous comments about early heads-up displays done for
the f16 ... scrolling digital values ... requiring the pilot to perform
lots of (distracting) calculations in their heads ... significantly
less efficient and slower than other kinds of (analog) presentations;
past post
https://www.garlic.com/~lynn/2006g.html#1 The Pankian Metaphor
misc. past boyd (&/or OODA-loop) references
https://www.garlic.com/~lynn/subboyd.html#boyd
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Heartland Says Entire Industry Should Revamp Security Date: Jan 26, 2009 Blog: Financial Crime Risk, Fraud and SecurityHeartland Says Entire Industry Should Revamp Security
from above:
According to a spokesman, Heartland would like to see the recent
breach incident used to help the industry find ways to better protect
data by having payments processors work more closely together,
possibly with law enforcement, to share information about attacks.
... snip ...
Recent post in a linkedin privacy discussion:
http://www.linkedin.com/answers/technology/information-technology/information-security/TCH_ITS_ISC/61597-3683456
also archived here:
https://www.garlic.com/~lynn/2009b.html#29
and archived post in linkedin identitymanagement group discussion:
Online-Banking Authentication
https://www.garlic.com/~lynn/2009b.html#28
other recent posts regarding the Heartland breach:
https://www.garlic.com/~lynn/2009b.html#6
https://www.garlic.com/~lynn/2009b.html#13
https://www.garlic.com/~lynn/2009b.html#19
a couple more ...
Heartland tries to rally industry in wake of data breach
http://www.networkworld.com/news/2009/022709-visa-new-payment-processor-data-breach.html
Heartland's Carr Calls for End-to-End Encryption To Stop Breaches
http://www.digitaltransactions.net/newsstory.cfm?newsid=2068
as referenced in other posts ... x9.59 financial standard provided for
end-to-end integrity and strong authentication .....
https://www.garlic.com/~lynn/x959.html#x959
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Phish-Pharming: Using social engineering to hijack domains at the source Date: Jan 26, 2009 Blog: Financial Crime Risk, Fraud and SecurityDomain name hijacking has been known for a long time.
Part of SSL was motivated by domain name infrastructure related to IP-address hijacking. However, the Certification Authorities still had a business process that would verify that the SSL domain name digital certificate applicant matched the "official" domain name owner, on file, with the official agency responsible for domain name owners. This was a time-consuming and expensive "identification" process ... in addition to being vulnerable to domain name hijacking (i.e. an attacker doing a domain name hijack could apply for and receive a perfectly valid SSL domain name certificate).
We had been called in to consult with a small client/server startup
that wanted to do payment transactions on their server ... and they
had invented this technology called SSL they wanted to use. As part of
the payment transaction effort, we had to do some end-to-end business
process reviews ... including these new things calling themselves
certification authorities and issuing SSL domain name digital
certificates. As part of that, we asked for some compensating
processes as well as mentioning the domain name hijacking
vulnerability (since the certification authorities were dependent on
the domain name infrastructure as to the "owner" of a domain
name). Lots of past posts mentioning ssl domain name digital
certificates
https://www.garlic.com/~lynn/subpubkey.html#sslcert
there are a number of technologies that would improve the integrity of
the domain name infrastructure as well as address many of the domain
name hijacking scenarios ... however since a large part of the
motivation for SSL was based on perceived weaknesses in the domain
name infrastructure ... improving the domain name infrastructure has
the downside of reducing the motivation for SSL ... several related
past posts
https://www.garlic.com/~lynn/subpubkey.html#catch22
a few older posts mentioning domain name hijacking:
https://www.garlic.com/~lynn/aadsmore.htm#client1 Client-side revocation checking capability
https://www.garlic.com/~lynn/aadsmore.htm#client3 Client-side revocation checking capability
https://www.garlic.com/~lynn/aadsmore.htm#client4 Client-side revocation checking capability
https://www.garlic.com/~lynn/aadsmore.htm#pkiart Public Key Infrastructure: An Artifact...
https://www.garlic.com/~lynn/aadsmore.htm#pkiart2 Public Key Infrastructure: An Artifact...
https://www.garlic.com/~lynn/aepay4.htm#dnsinteg2 Domain Name integrity problem
https://www.garlic.com/~lynn/aadsm4.htm#3 Public Key Infrastructure: An Artifact...
https://www.garlic.com/~lynn/aadsm8.htm#softpki2 Software for PKI
https://www.garlic.com/~lynn/aadsm8.htm#softpki16 DNSSEC (RE: Software for PKI)
https://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Will the recession drive consumers away from credit cards towards prepaid cards / debit cards? Date: Jan 26, 2009 Blog: Payment Systems NetworkA couple old articles:
Debit Card Volume Passes Credit Card (or did it?)
http://www.netbanker.com/2005/11/debit_card_volume_passes_credi.html
Debit Volume Exceeds Credit, Visa Says
http://www.banktech.com/news/showArticle.jhtml?articleID=167100397
in this post from fall of 2007:
https://www.garlic.com/~lynn/2007r.html#40 Is the media letting banks off the hook on payment card security
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick. Date: Jan 24, 2009 Blog: Regulation and Compliancere:
Researchers find lack of trust in leaders, institutions is major
factor in US economic crisis
http://www.eurekalert.org/pub_releases/2009-01/msl-rfl012709.php
A Trust Crisis
http://www.financialtrustindex.org/
from above:
What happened to the U.S. economy? Two years ago, we were in the
middle of an economic boom. Banks were eager to lend even at the cost
of forgoing important covenants, and corporate America (and the entire
world) was producing at full steam, so much so that commodities prices
were rising in anticipation of a future scarcity.
... snip ...
... and with respect to Dresden reference, I was in Dresden a few yrs
ago to visit a security chip fab in the area ... looking at wringing
more pennies out of the process; part of aads chip strawman ... some
references
https://www.garlic.com/~lynn/x959.html#aads
.... was aggressive cost reduction ... while improving
security/integrity; part of it could be view from trying to get the
chip on the RFID cost curve (the EPC/UPC kind that are suppose to
replace barcodes on products at supermarket checkout) ... w/o
sacrificing security ... some recent posts/references
https://www.garlic.com/~lynn/2009.html#72 Double authentication for internet payment
https://www.garlic.com/~lynn/2009b.html#28 Online-Banking Authentication
AADS chip strawman was somewhat related to the work on the x9.59
financial standard ... some references
https://www.garlic.com/~lynn/x959.html#x959
and during the period (more than decade ago) we were also asked to
come in to talk to NSCC (since then merged with DTC for DTCC)
... looking at doing something analogous for trades (that we had been
doing for payment operations) ... recent NSCC/DTCC reference:
https://www.garlic.com/~lynn/2008s.html#63 Garbage in, garbage out trampled by Moore's law
After some amount of work ... we ran into traders' cultural orientation for ambiguity in trades (a lot of which would have been eliminated with strong authentication on every operation). Significantly improvement in transparency was something that was felt couldn't be done at the time.
Note that a lot of what has gone on during this decade has happened under a shroud of obfuscation and ambiguity ... so there now may be some appetite for increased transparency in market operation.
... in fact, I heard somebody this morning on tv business news show
use the line trust, but verify ... some recent posts where i
used that line:
https://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut" Date: Jan 28, 2009 Blog: Business Intelligencethen there is this recent study
Is technology producing a decline in critical thinking and analysis?
http://www.eurekalert.org/pub_releases/2009-01/uoc--itp012709.php
Is Technology Producing A Decline In Critical Thinking And Analysis?
http://www.sciencedaily.com/releases/2009/01/090128092341.htm
... from above ...
Learners have changed as a result of their exposure to technology,
says Greenfield, who analyzed more than 50 studies on learning and
technology, including research on multi-tasking and the use of
computers, the Internet and video games.
.... snip ...
Much of the current economic crisis has to do with deregulation and/or
failing to enforce regulation .... resulting in being able to
manipulate all sorts of things. Related discussions ... Trust, but
verify ... some recent posts
https://www.garlic.com/~lynn/2009b.html#11
https://www.garlic.com/~lynn/2009b.html#12
https://www.garlic.com/~lynn/2009b.html#35
Corporate Fraud and Misconduct Risks Driven by Pressure to do
'Whatever It Takes'; Fewer episodes reported by companies with ethics
and compliance programs
http://www.informationweek.com/financialservices/news/showArticle.jhtml?articleID=215801487
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said
they had personally observed misconduct within their organizations
during the prior 12 months, unchanged from the level reported by KPMG
survey respondents in 2005. Roughly half (46 percent) of respondents
reported that what they observed "could cause a significant loss of
public trust if discovered," a figure that rises to 60 percent among
employees working in the banking and finance industry.
... snip ...
then this article from last spring that estimated 1000 executives are
responsible for 80% of the current crisis and that it would go a long
way towards fixing the situation if the gov. could figure out how they
loose their jobs.
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
Researchers find lack of trust in leaders, institutions is major
factor in US economic crisis
http://www.eurekalert.org/pub_releases/2009-01/msl-rfl012709.php
A Trust Crisis
http://www.financialtrustindex.org/
from above:
What happened to the U.S. economy? Two years ago, we were in the
middle of an economic boom. Banks were eager to lend even at the cost
of forgoing important covenants, and corporate America (and the entire
world) was producing at full steam, so much so that commodities prices
were rising in anticipation of a future scarcity.
... snip ...
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
And even with SOX ... it doesn't seem to have reduced such activity
... pbs program discussing some of the deregulation, enron, worldcom,
etc
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
so it seemed like it may have motivated GAO to start doing database
(even if regulations weren't being enforced)
http://www.gao.gov/products/GAO-03-138
http://www.gao.gov/products/GAO-06-678
http://www.gao.gov/products/GAO-06-1053R
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut" Date: Jan 28, 2009 Blog: Business Intelligencere:
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
The congressional hearings last fall highlighted that both the rating agencies and the toxic CDO issuers/sellers knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers/sellers were paying for the triple-A ratings. This significantly increased the institutions that would deal in the toxic CDOs and correspondingly significantly increased the amount of money available for lending. Part of the testimony was that the rating agencies' business process became misaligned in the early 70s when they switched from the buyers paying for the rating to the issuers/sellers paying for the ratings (opening the opportunity for conflict of interest).
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty years of
financial deregulation. Now we are seeing chickens coming home to
roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
... snip ...
With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
long winded, decade old post discussing some of the current issues
https://www.garlic.com/~lynn/aepay3.htm#riskm
Some number of the institutions buying triple-A rated toxic CDOs were
playing long/short mismatch ... even tho that has been known for
centuries to take down institutions. Comment was that Bear-Stearn and
Lehman had marginal chance surviving (playing long/short mismatch,
independent of the heavy leveraging and whether or not the toxic CDOs
deserved triple-A ratings)
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
The recent washington post series about CDS ... basically talked about
CDS being sold on instruments that were totally unrelated to the
original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html
recent archived responses in related discussions
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#15 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#32 What are the challenges in risk analytics post financial crisis?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut" Date: Jan 28, 2009 Blog: Business Intelligencere:
Here are recent posts mentioning IDC buying "pricing services"
division from one of the rating agencies in 1972 ... and there was TV
business news show earlier this month mentioning that IDC was helping
price the toxic assets that gov. was looking at buying:
https://www.garlic.com/~lynn/2009.html#21
https://www.garlic.com/~lynn/2009.html#31
https://www.garlic.com/~lynn/2009.html#32
'72 was in the period that the congressional hearings mentioned that the rating agencies' business process became misaligned (switching from the buyers paying for ratings to the sellers/issuers paying for the ratings, and increasing the potential for conflict of interest).
disclaimer: i interviewed with IDC in '69 ... but didn't join the organization ... although I continued to have contact with several of the people.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: "Larrabee" GPU design question. Newsgroups: comp.arch Date: Wed, 28 Jan 2009 14:22:45 -0500EricP <ThatWouldBeTelling@thevillage.com> writes:
old email mentioning VMS finally announcing symmetrical multiprocessing
support for VMS release 5
https://www.garlic.com/~lynn/2007.html#email880324
https://www.garlic.com/~lynn/2007.html#email880329
in this post
https://www.garlic.com/~lynn/2007.html#46 How many 36-bit Unix ports in the old days?
of course just announcing support for symmetrical multiprocessing doesn't mean that the kernel was multi-threaded. there were some number of symmetrical multiprocessing implementations in the 60s & 70s that used a single global kernel "spin-lock".
for other drift ... compare&swap was invented by Charlie (CAS was
chosen because they are his initials) at the science center
https://www.garlic.com/~lynn/subtopic.html#545tech
when he was working on fine-grain SMP kernel locking for cp67. misc.
past posts mentioning smp &/or compare&swap
https://www.garlic.com/~lynn/subtopic.html#smp
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: "Larrabee" GPU design question. Newsgroups: comp.arch Date: Wed, 28 Jan 2009 14:32:54 -0500EricP <ThatWouldBeTelling@thevillage.com> writes:
we talked to was some of the relational dbms vendors that had vax/cluster implementations. part of what they gave us were the ten problems/shortcomings in the vms DLM. So, although we had worked on distributed, cluster, &/or loosely-coupled implementations going back to early 70s ... part of the ha/cmp DLM was to make sure that it addressed their listed "shortcomings".
talking to some of the vax/cluster people in the 90s ... they would point out that I had an advantage of being able to start from scratch with the ha/cmp Distributed Lock Manager ... and didn't have to worry about all the baggage that the vms DLM had to carry with it from its early days (although I had to support some amount of vms DLM api semantics to simplify ports from vax/cluster).
for other drift some posts mentioning the original relational/sql
implementation
https://www.garlic.com/~lynn/submain.html#systemr
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The subject is authoritarian tendencies in corporate management, and how they are related to political culture. Date: Jan 28, 2009 Blog: Business Intelligencere:
John Boyd had a comment about it during his briefings in the 80s
... lots of past posts mentioning John Boyd
https://www.garlic.com/~lynn/subboyd.html
basically going into ww2, the army needed to deploy large numbers that had little or no training or skills. As a result they created a heavy-weight, rigid, top/down bureaucratic organization (in order to leverage the scarce skilled resources). Starting a couple decades later, the commercial world was starting to see the effects from the training the young officers got in how to run large bureaucracies (basically only the people at the very top know what they are doing).
this explanation has been used to explain a report from last year that the ratio of executive compensation to worker compensation has recently exploded to 400:1 after having been 20:1 for a long time ... and 10:1 in most of the rest of the world (i.e. top executives justify the huge compensation explosion because they are the only ones in the organization that know what they are doing).
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... from a couple weeks ago
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut" Date: Jan 28, 2009 Blog: Business Intelligencere:
Original Basel2 draft had a new qualitative section ... but during the review process, nearly all of the qualitative section was eliminated. This led some number to sarcastically comment that it isn't really necessary to understand what you are doing ... just so long as you are able to match up the numbers.
wiki basel2 page
https://en.wikipedia.org/wiki/Basel_II
BIS web page:
http://www.bis.org/
recent basel2 activity
http://www.bis.org/publ/bcbs/basel2enh0901.htm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: "Larrabee" GPU design question. Newsgroups: comp.arch Date: Wed, 28 Jan 2009 17:17:15 -0500re:
HA/CMP was being done on rs/6000.
https://www.garlic.com/~lynn/subtopic.html#hacmp
part of that required first getting standard RDBMSes up and running on AIX. RS/6000 didn't have SMP support and/or instruction similar to compare&swap.
In the interim (after Charlie had invented compare&swap instruction), a lot of DBMS & services implementations had started using compare&swap, for multithreaded operations (even when running in single processor environments).
the initial attempt to justify compare&swap instruction for 370 was
rebuffed ... claiming that test&set instruction was deemed sufficient
for multiprocessor operation (used on 360s). the challenge was that in order to justify
compare&swap instruction for 370, non-smp specific uses had
to be invented. thus was invented the descriptions ... substantially
similar descriptions (to the original) still are in current day
principles of operation ... slightly earlier version available in
html:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/A.6
slightly more recent PDF version
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/download/DZ9ZR006.pdf
rs/6000 w/o multiprocessor and/or compare&swap instruction support, and application multi-threaded use of compare&swap semantics required "atomic" operation ... and/or at the appearance of non-interruptable. The approach was to provide a compare&swap "fast" svc ... with an interrupt into the kernel svc interrupt handler ... which had "fastpath" implementing compare&swap semantics ... executing disabled for interrupts ... and then immediately returning to the application (i.e. atomic/serialized on single processor machine)
from long ago and far away ...
Date: Tue, 17 Apr 90 17:15:08 PDT
From: wheeler
Subject: compare&swap
There wasn't any "easy" way of doing test/set from user space. The
lockl/unlockl were internal kernel functions. A fast compare&swap svc
simulation showed up sometime by 9013. It isn't in the 9005 low.s
source that I just checked. W/o the fastsvc compare&swap there is no
way of serializing user code w/o using something like file lock
primitive.
... snip ... top of post, old email index
misc. past posts mentioning SMP and/or compare&swap instruction
https://www.garlic.com/~lynn/subtopic.html#smp
I had done the initial prototype for VAXcluster DLM API, and little
later that year ...
Date: 7 November 1990, 08:22:28 PDT
From: wheeler
Subject: RFT/LCMP (RS/6000 fault tolerant / loosely-coupled multiprocessor)
we have a cluster manager and a global lock manager with a "NFS" api
operational ... and will be installing that plus a demo port of the
Ingres "VAXcluster" implementation.
We just about have the VAXcluster global lock manager API implemented,
although we still have some details to work out like the deadlock
detection/recovery graph (which some applications that run on
VAXcluster are dependent on). That should make porting of distributed
apps. from the VAXcluster environment easier.
... snip ... top of post, old email index
for some other topic drift, RDBMS Customer survey from Oct90:
Product Comparisons
Scale of 1 to 10 (Poor to Excellent)
Last year's ratings in parentheses
| Rdb | SQL/DS | DB2 | Oracle | Ingres |
-------------+-------------------------------------------|
Ease of | 8.2 | 7.2 | 6.65 | 7.06 | 8.00 |
Installation | | (6.69) | (6.00) | (7.94) | (8.54) |
| | | | | |
Ease of Use | 7.6 | 7.8 | 6.65 | 7.75 | 7.94 |
| | (6.42) | (6.07) | (8.33) | (8.62) |
| | | | | |
Documentation| 7.5 | 7.8 | 6.49 | 5.92 | 6.53 |
| | (6.33) | (6.20) | (7.11) | (6.62) |
| | | | | |
Vendor | | | | | |
Maintenance | 7.9 | 7.7 | 6.92 | 7.49 | 7.21 |
| | (6.69) | (6.87) | (7.72) | (8.00) |
| | | | | |
Overall | | | | | |
Satisfaction | 7.9 | 8.2 | 6.84 | 7.89 | 8.00 |
| | (6.55) | (6.73) | (8.67) | (8.39) |
---------------------------------------------------------------
Rdb - 31 respondents
SQL/DS - 10 respondents (6 VSE/SP, 3 VM/SP, 1 VM/CMS-HPO)
DB2 - 37 respondents
Oracle - 36 respondents (21 VAX/VMS, 6 MVS/XA, 6 VM,
2 PC w/MS-DOS, 3 UNIX)
Ingres - 16 respondents (14 VAX/VMS, most also had UNIX/ULTRIX systems)
... snip ...
System/R (original relational/sql) work was done on vm/370 in the 70s
https://www.garlic.com/~lynn/submain.html#systemr
and then there was technology transfer to Endicott for SQL/DS.
This post describes a ha/cmp jan92 meeting
https://www.garlic.com/~lynn/95.html#13
and one of the people in the above meeting claimed to have handled much of the technology transfer from Endicott (SQL/DS) to STL for DB2.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Cybercrime cost $1 trillion last year, study Date: Jan 29, 2009 Blog: Financial Crime Risk, Fraud and SecurityCybercrime cost $1 trillion last year, study
from above
Data theft and breaches from cybercrime may have cost businesses as
much as $1 trillion globally in lost intellectual property and
expenditures for repairing the damage last year, according to a new
study from McAfee.
... snip ...
also ...
Cybercrime cost firms $1 trillion globally, McAfee study says
http://news.cnet.com/8301-1009_3-10152246-83.html?tag=newsLatestHeadlinesArea.0
Cybercrime costing firms $1trillion a year: McAfee
http://security.cbronline.com/news/cybercrime_costing_firms_1trillion_a_year_mcafee_29010
Data breaches cost business GBP700bn in 2008
http://www.computerweekly.com/Articles/2009/01/29/234483/data-breaches-cost-business-700bn-in-2008.htm
a couple of yrs ago ... there was some discussion about news item regarding whether cybercrime exceeded illegal drugs:
Cybercrime surpasses illegal drug trade and we still don't think its a
big deal
http://blogs.csoonline.com/cybercrime_surpasses_illegal_drug_trade_and_we_still_don_t_think_it_s_
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick. Date: Jan 24, 2009 Blog: Regulation and Compliancere:
recent update on earlier mentioned articles:
Obama Calls Bonuses 'Shameful' as Dodd Vows to Reclaim Money
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=anzJooSeABDM
Obama: Big Wall Street Bonuses 'Shameful'
http://voices.washingtonpost.com/economy-watch/2009/01/obama_big_wall_street_bonuses.html
i.e.
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
and a punch line from the article last spring
The Fed should insist on its prerogative to strictly regulate
financial institutions in boom times, not just to bail them out when
it all goes bad
and some more ...
Barack Obama calls $18bn Wall Street bonuses 'shameful'
http://www.telegraph.co.uk/news/worldnews/northamerica/usa/barackobama/4391484/Barack-Obama-calls-18bn-Wall-Street-bonuses-shameful.html
Obama Calls Wall Street Bonuses "Shameful"
http://www.cbsnews.com/blogs/2009/01/29/politics/politicalhotsheet/entry4762719.shtml
Obama: Wall Street bonuses shameful, irresponsible
http://www.reuters.com/article/governmentFilingsNews/idUSWBT01053320090129
Obama calls Wall Street bonuses 'shameful'
http://content.usatoday.com/communities/theoval/post/2009/01/62115204/1
Obama Harshly Criticizes Wall St. Bonuses
http://www.nytimes.com/2009/01/30/business/30obama.html
Obama slams Wall Street on bonuses
http://www.msnbc.msn.com/id/28916936/
What Red Ink? Wall St. Paid Fat Bonuses
http://www.nytimes.com/2009/01/29/business/29bonus.html
The Bonuses Keep Coming
http://www.washingtonpost.com/wp-dyn/content/story/2008/01/29/ST2008012900465.html
Obama calls Wall Street bonuses 'shameful'
http://www.iht.com/articles/2009/01/30/business/30obama.php
Obama Blasts Wall Street Bonuses
http://www.businessweek.com/bwdaily/dnflash/content/mar2008/db2008035_449458.htm?chan=globalbiz_europe+index+page_finance%2C+markets+%2Bamp%3B+investing
Obama, Biden 'outraged' by Wall Street bonuses
http://www.boston.com/news/politics/politicalintelligence/2009/01/obama_biden_out.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Z11 - Water cooling? Newsgroups: bit.listserv.ibm-main Date: Fri, 30 Jan 2009 07:14:21 -0500David.Jousma@53.COM (Jousma, David) writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: How to defeat new telemarketing tactic Newsgroups: alt.folklore.computers Date: Fri, 30 Jan 2009 07:10:56 -0500jmfbahciv <jmfbahciv@aol> writes:
A few yrs ago, I was at a privacy conference that had a panel discussion with a couple of the FTC commissioners. In the Q&A, somebody from the audience asked about enforcing "opt-out" ... who said they worked on implementations for major insurance companies ... and claimed that the people answering 1-800 "opt-out" calls had no capability to take-down (or record) any information given on the call ... and wanted to know if the FTC had any interest in enforcing the legislation.
a past post mentioning do-not-call list (and apparently elected
gov. officials can use the do-not-call list for a "call list")
https://www.garlic.com/~lynn/2008m.html#73 Blinkylights
misc. past references to opt-in/out-out
https://www.garlic.com/~lynn/aepay11.htm#31 Privacy again a hot-button issue for legistlators
https://www.garlic.com/~lynn/aadsm14.htm#21 Financial Privacy To Take The Floor
https://www.garlic.com/~lynn/aadsm26.htm#54 What to do about responsible disclosure?
https://www.garlic.com/~lynn/aadsm28.htm#50 Liability for breaches: do we need new laws?
https://www.garlic.com/~lynn/2006e.html#44 Does the Data Protection Act of 2005 Make Sense
https://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007s.html#55 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007t.html#6 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2008m.html#66 With all the highly publicised data breeches and losses, are we all wasting our time?
https://www.garlic.com/~lynn/2008m.html#70 Why SSNs Are Not Appropriate for Authentication and when, where and why should you offer/use it?
https://www.garlic.com/~lynn/2008m.html#71 TJ Maxx - why are they still in business?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The blame game is on : A blow to the Audit/Accounting Industry or a lesson learned ??? Date: Jan 30, 2009 Blog: Auditing, Accountingin the wake of enron & worldcom ... supposedly sox was going to correct things ... pbs program discussing enron/worldcom (also repeal of Glass-Steagall):
however, GAO found that the incidents appeared to be increasing
... reference to database GAO started
http://www.gao.gov/products/GAO-03-138
http://www.gao.gov/products/GAO-06-678
http://www.gao.gov/products/GAO-06-1053R
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
other recent references to GAO database:
https://www.garlic.com/~lynn/2009b.html#25 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#36 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
OTS Says IndyMac, 4 Thrifts Allowed to Restate Capital Levels
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=as3m2L6vrKUQ&refer=home
from above:
The agency let IndyMac backdate a capital injection that helped the
lender avoid regulatory restrictions, and also found four other cases
where lenders failed to follow reporting policies
... snip ...
Accounting Standards Wilt Under Pressure
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/26/AR2008122601715.html
from above:
In October, largely hidden from public view, the International
Accounting Standards Board changed the rules so European banks could
make their balance sheets look better. The action let the banks
rewrite history, picking and choosing among their problem investments
to essentially claim that some had been on a different set of books
before the financial crisis started.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: US disaster, debts and bad financial management Date: Jan 30, 2009 Blog: Government Policyarticle from last spring
The Fed's Too Easy on Wall Street; The Fed should insist on its
prerogative to strictly regulate financial institutions in boom times,
not just to bail them out when it all goes bad
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... from a couple weeks ago
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
and a couple from yesterday
Obama Calls Bonuses 'Shameful' as Dodd Vows to Reclaim Money
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=anzJooSeABDM
Obama: Big Wall Street Bonuses 'Shameful'
http://voices.washingtonpost.com/economy-watch/2009/01/obama_big_wall_street_bonuses.html
in the wake of enron & worldcom ... supposedly sox was going to
correct things ... pbs program discussing enron/worldcom (also repeal
of Glass-Steagall):
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
however, GAO found that the incidents appeared to be increasing
... reference to database GAO started
http://www.gao.gov/products/GAO-03-138
http://www.gao.gov/products/GAO-06-678
http://www.gao.gov/products/GAO-06-1053R
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
also from last spring, there was business school article about the
effects of securitization (this was before the congressional hearings
about rating agencies knew that the toxic CDOs weren't worth triple-A
ratings) and estimated that possibly 1000 executives are responsible
for 80% of the current mess (and it would go a long way to fixing the
situation if the gov. could figure out how they could loose their
jobs)
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
In the congressional hearings last fall, there was repeated mention that the rating agencies knew that the toxic CDOs weren't worth triple-A ratings, but were being payed to give them triple-A ratings anyway. There was discussion that in the early 70s, the rating agencies changed their business model from the buyers paying for the ratings to the issuers/sellers paying for the ratings ... which mis-aligned their business model and opened things up for conflict of interest.
Here are recent posts mentioning IDC buying "pricing services"
division from one of the rating agencies in 1972 ... and there was TV
business news show earlier this month mentioning that IDC was helping
price the toxic assets that gov. was looking at buying:
https://www.garlic.com/~lynn/2009.html#21
https://www.garlic.com/~lynn/2009.html#31
https://www.garlic.com/~lynn/2009.html#32
'72 was in the period that the congressional hearings mentioned that the rating agencies' business process became misaligned (switching from the buyers paying for ratings to the sellers/issuers paying for the ratings, and increasing the potential for conflict of interest).
disclaimer: i interviewed with IDC in '69 ... but didn't join the organization ... although I continued to have contact with several of the people.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Cellphones as Credit Cards? Americans Must Wait Date: Jan 30, 2009 Blog: Credit Card ProfessionalsWe had been called in to consult with a small client/server startup that wanted to do payment transactions on their server ... and had this technology called SSL they wanted to use; the result is now frequently referred to as electronic commerce.
then in the mid-90s we were asked to participate in the x9a10
financial standard working group which had been given the requirement
to preserve the integrity of the financial infrastructure for all
retail payments (i.e. POS, internet, unattended, face-to-face,
contact, contactless, wireless, debit, credit, stored-value, ACH, etc
... i.e. *ALL*). Part of this effort included doing detailed
end-to-end threat and vulnerability studies. The result was the x9.59
financial transaction standard ... some past posts
https://www.garlic.com/~lynn/x959.html#x959
Part of x9.59 was to slightly tweak the paradigm to eliminate the threat from skimming, harvesting, phishing, evesdropping and/or data breaches. x9.59 didn't eliminate those activities ... but eliminate the ability of the crooks to use the information for fraudulent financial transactions (the ability of the crooks to do data breaches wasn't eliminated ... however the financial incentive to perform breaches was eliminated).
Then a little later in the 90s, we looked at doing the AADS chip
strawman ... in support of x9.59 transactions ... which included being
physical format agnostic (it didn't make any difference whether the
transaction was from a "card" or a "cellphone"), and allowed
deployment as "stand-alone" something you have authentication ... or
as part of some other something you have component. In addition it
had to be able to support multi-factor authentication ... and allowed
switching number of authentication factors ... potentially based on
the environment and/or value of the transaction. Misc. past AADS
references
https://www.garlic.com/~lynn/x959.html#aads
including reference to AADS NACHA RFI and trials.
in the mid-90s, there was some number of telcos getting involved in payment operations. there was growing opinion that their significantly more efficient transaction infrastructure (for call-records) would allow them to leverage getting into micro-payments ... and then they would leverage those volumes to take-over the rest of the payment industry. some number of their efforts appeared and then seem to disappear. the issue appeared to be that while they could efficiently handle enormous number of transactions ... they weren't setup to handle the financial risk and fraud.
since that period, some number of the payment operations have picked up technologies that the telcos had been using for call record transactions (looking at increasing the volumes of their processing)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Will the Draft Bill floated in Congress yesterday to restrict trading of naked Credit Default Swaps help or aggravate? Date: Jan 31, 2009 Blog: Derivatives MarketsNormally insurance is written on things that have risk analysis and probability of pay-out done ... adjusting the premiums accordingly.
The recent washington post article on CDS described a scenario where detailed risk analysis was done before setting up a business unit ... and then the business unit started selling CDS on things for which they had done little or no risk analysis ... basically treating things as if there would never be a pay-out and the premiums were all profit.
Things were further compounded by a lot of the CDS were for triple-A rated toxic CDOs. In the congressional hearings last fall, it was stated that both the rating agencies and the toxic CDO sellers/issuers knew that the toxic CDOs weren't worth the triple-A rating, but the toxic CDO issuers/sellers were paying for the triple-A rating. Comments were made that the rating agencies' business model had become mis-aligned in the early 70s when they switched from the buyers paying for the ratings to the issuers/sellers paying for the ratings (increasing the potential for conflict of interest).
The result is a lot of FUD (fear, uncertainty & doubt) ... writing
insurance w/o knowing the risk (and therefor no idea about expected
payouts and no idea how to set the premiums) ... and/or superficial
risk assessment based on the triple-A ratings. Which somewhat brings
up the trust, but verify theme .. recent linkedin post
https://www.garlic.com/~lynn/2009b.html#8
And a recent post (in a linkedin business intelligence discussion)
about IDC buying the "pricing serves" division from one of the rating
agencies in 1972 (i.e. period that congressional testimony about their
business processes becoming mis-aligned) ... and a tv business news
show earlier this month saying IDC was brought in to help the
gov. price the toxic assets it was considering buying
https://www.garlic.com/~lynn/2009b.html#38
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What has the Global Financial Crisis taught the Nations, it's Governments and Decision Makers, and how should they apply that knowledge to manage risks differently in the future? Date: Jan 31, 2009 Blog: Risk ManagementThe recent washington post article on CDS described a scenario where detailed risk analysis was done before setting up a business unit ... and then the business unit started selling CDS on things for which they had done little or no risk analysis ... basically treating things as if there would never be a pay-out and the premiums were all profit.
Things were further compounded by a lot of the CDS were for triple-A rated toxic CDOs. In the congressional hearings last fall, it was stated that both the rating agencies and the toxic CDO sellers/issuers knew that the toxic CDOs weren't worth the triple-A rating, but the toxic CDO issuers/sellers were paying for the triple-A rating. Comments were made that the rating agencies' business model had become mis-aligned in the early 70s when they switched from the buyers paying for the ratings to the issuers/sellers paying for the ratings (increasing the potential for conflict of interest).
Recent post (in a linkedin business intelligence discussion) about IDC
buying the "pricing serves" division from one of the rating agencies
in 1972 (i.e. period that congressional testimony about their business
processes becoming mis-aligned) ... and a tv business news show
earlier this month saying IDC was brought in to help the gov. price
the toxic assets it was considering buying
https://www.garlic.com/~lynn/2009b.html#38
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Lenders were able to make no-documentation, no-down payment, 1% interest-only ARMs to all comers, and package and unload them as triple-A rated toxic CDOs (every loan made was profit). Speculators found them extremely attractive since home appreciation in many markets was much larger than the 1% carrying cost (speculation further increased inflation). The triple-A rating significantly increased the institutions willing to deal in the toxic CDOs and significantly increased the amount of money available to the (frequently unregulated) lenders.
supposedly, in the wake of enron & worldcom ... SOX was going to
correct things ... pbs program discussing enron/worldcom (also repeal
of Glass-Steagall):
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
however, GAO found that the incidents actually increasing
... reference to GAO database:
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
Many of the institutions buying the toxic CDOs were playing long/short
mismatch ... which has been known for centuries to take down
institutions. The comment was that Bear-Stearns and Lehman had
marginal chance of surviving playing long/short mismatch (independent
of the heavy leveraging and whether or not the toxic CDOs were worth
triple-A rating) ... past discussion of long/short mismatch:
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
and decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Credit & Risk Management ... go Simple ? Date: Jan 31, 2009 Blog: Financial RegulationHow Wall Street Lied to Its Computers
And even with SOX ... it doesn't seem to have reduced such activity
... pbs program discussing some of the deregulation, enron, worldcom,
repeal of Glass-Steagall, etc
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
GAO numbers seemed to show activity is increasing (in spite of SOX)
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty years of
financial deregulation. Now we are seeing chickens coming home to
roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
... snip ...
Corporate Fraud and Misconduct Risks Driven by Pressure to do
'Whatever It Takes'; Fewer episodes reported by companies with ethics
and compliance programs
http://www.informationweek.com/financialservices/news/showArticle.jhtml?articleID=215801487
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said
they had personally observed misconduct within their organizations
during the prior 12 months, unchanged from the level reported by KPMG
survey respondents in 2005. Roughly half (46 percent) of respondents
reported that what they observed "could cause a significant loss of
public trust if discovered," a figure that rises to 60 percent among
employees working in the banking and finance industry.
... snip ...
If the overall avg. is 46percent and the financial industry is 60 percent, then the non-financial avg may be as low as 30percent ... making the financial industry twice as bad as other industries.
The congressional hearings last fall highlighted that both the rating agencies and the toxic CDO issuers/sellers knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers/sellers were paying for the triple-A ratings. This significantly increased the institutions that would deal in the toxic CDOs and correspondingly significantly increased the amount of money available for lending. In the hearings they noted that in the early 70s, the rating agencies switched from buyers paying for the rating to the sellers/issuers ... resulting in misaligned business process and opening the way for conflict of interest.
A combination of deregulation and not enforcing regulations resulted in numerous greed/corruption hot-spots to combine together into an economic firestorm.
Many of the institutions buying the toxic CDOs were playing long/short
mismatch ... which has been known for centuries to take down
institutions. The comment was that Bear-Stearns and Lehman had
marginal chance of surviving playing long/short mismatch (independent
of the heavy leveraging and whether or not the toxic CDOs were worth
triple-A rating) ...
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
and decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
A couple recent posts mentioning IDC buying "pricing services"
division from one of the rating agencies in 1972 ... and there was TV
business news show earlier this month mentioning that IDC was helping
price the toxic assets that gov. was looking at buying:
https://www.garlic.com/~lynn/2009.html#21
https://www.garlic.com/~lynn/2009.html#31
https://www.garlic.com/~lynn/2009.html#32
'72 was in the period that the congressional hearings mentioned that the rating agencies' business process became misaligned (switching from the buyers paying for ratings to the sellers/issuers paying for the ratings, and increasing the potential for conflict of interest).
disclaimer: i interviewed with IDC in '69 ... but didn't join the organization ... although I continued to have contact with several of the people.
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Not so much debt itself ... but securitization (along with the rating agencies giving triple-A ratings to toxic CDOs) resulted in huge amount of money being pumped into the lending market ... with nobody caring how it was being used (people lending the money could immediately unload as a toxic CDO ... so regardless of what happened later, every loan made was profit).
No documentation, no-down-payment, 1% introductory rate ARMs with interest-only payments, became extremely attractive for speculators since the carrying cost was significantly less than the home appreciation in numerous markets (planning on flipping before the rate reset). the large amount of speculation, in turn, significantly increased the inflation in the market. eventually the bubble bursts but while it lasted ... lots of people were raking in the money (in some sense, the 1% funds were allowing speculators to treat the home market like the 1920s unregulated stock market)
Last spring there was business school article about the effects of
securitization (this was before the congressional hearings about
rating agencies knew that the toxic CDOs weren't worth triple-A
ratings) and estimated that possibly 1000 executives are responsible
for 80% of the current mess (and it would go a long way to fixing the
situation if the gov. could figure out how they could loose their
jobs)
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
and decade old, long winded post discussing some of the current issues
https://www.garlic.com/~lynn/aepay3.htm#riskm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: In your opinion, which facts caused the global crise situation? Date: Jan 31, 2009 Blog: Government PolicyLast spring there was business school article about the effects of securitization (this was before the congressional hearings about rating agencies knew that the toxic CDOs weren't worth triple-A ratings) and estimated that possibly 1000 executives are responsible for 80% of the current mess (and it would go a long way to fixing the situation if the gov. could figure out how they could loose their jobs)
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Not so much debt itself ... but securitization (along with the rating agencies giving triple-A ratings to toxic CDOs) resulted in huge amount of money being pumped into the lending market ... with nobody caring how it was being used (people lending the money could immediately unload as a toxic CDO ... so regardless of what happened later, every loan made was profit).
No documentation, no-down-payment, 1% introductory rate ARMs with interest-only payments, became extremely attractive for speculators since the carrying cost was significantly less than the home appreciation in numerous markets (planning on flipping before the rate reset). the large amount of speculation, in turn, significantly increased the inflation in the market. eventually the bubble bursts but while it lasted ... lots of people were raking in the money (in some sense, the 1% funds were allowing speculators to treat the home market like the 1920s unregulated stock market)
Then, many of the institutions buying the toxic CDOs were playing
long/short mismatch ... which has been known for centuries to take
down institutions. The comment was that Bear-Stearns and Lehman had
marginal chance of surviving playing long/short mismatch (independent
of the heavy leveraging and whether or not the toxic CDOs were worth
triple-A rating) ...
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
and decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty years of
financial deregulation. Now we are seeing chickens coming home to
roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
... snip ...
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
And even with SOX ... it doesn't seem to have reduced such activity
... pbs program discussing some of the deregulation, enron, worldcom,
repeal of Glass-Steagall, etc
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
GAO started doing database about increasing problems (even after SOX)
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
There was somebody on CSPAN that commented during the congressional session that repealed Glass-Steagall, the financial industry made $250m in congressional contributions and in the most recent session that passed $700B bail-out, the financial industry made $2B in congressional contributions.
Supposedly SOX also had something being done about rating agencies ... but there doesn't seem to have been anything except this Jan2003 report:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
misc. past posts mentioning that with securitization, lenders
no longer have to care about loan quality:
https://www.garlic.com/~lynn/2008g.html#32 independent appraisers
https://www.garlic.com/~lynn/2008g.html#44 Fixing finance
https://www.garlic.com/~lynn/2008g.html#52 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008i.html#4 A Merit based system of reward -Does anybody (or any executive) really want to be judged on merit?
https://www.garlic.com/~lynn/2008i.html#67 Do you have other examples of how people evade taking resp. for risk
https://www.garlic.com/~lynn/2008q.html#69 if you are an powerful financial regulator , how would you have stopped the credit crunch?
https://www.garlic.com/~lynn/2008r.html#36 Blinkenlights
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008r.html#67 What is securitization and why are people wary of it ?
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#18 What next? from where would the Banks be hit?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
https://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#77 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#79 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#85 Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#11 Amid Economic Turbulence, Mainframes Counter IT Cost-Cutting Trend
https://www.garlic.com/~lynn/2009b.html#18 Barbless
https://www.garlic.com/~lynn/2009b.html#25 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#36 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
https://www.garlic.com/~lynn/2009b.html#37 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
https://www.garlic.com/~lynn/2009b.html#49 US disaster, debts and bad financial management
https://www.garlic.com/~lynn/2009b.html#52 What has the Global Financial Crisis taught the Nations, it's Governments and Decision Makers, and how should they apply that knowledge to manage risks differently in the future?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Davos 2009 Cybercrime threat rising sharply Date: Feb 1, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
Davos 2009 Cybercrime threat rising sharply
http://news.bbc.co.uk/1/hi/business/davos/7862549.stm
from above:
The threat of cybercrime is rising sharply, experts have warned at the
World Economic Forum in Davos.
Online theft costs $1 trillion a year, the number of attacks is rising
sharply and too many people do not know how to protect themselves,
they said.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: In your opinion, which facts caused the global crise situation? Date: Feb. 1, 2009 Blog: Government Policyre:
In Dec, CSPAN had a panel from the mortgage industry. They appeared to be somewhat torn between claiming the problems are because the people in the mortgage industry are ignorant and totally incompetent vis-a-vis they just ignored all prudent business processes. They also mentioned that only about 10% of the subprime, no-documentation, no-down, 1% interest only ARM loans could be considered falling into the CRA category (large percentage picked up by speculators that could treat home market like the unregulated 1920s stock market).
These were subprime in another sense. With securitization, they could make intro 1% interest rates ARM ... totally decoupled from the FED PRIME rate. In the past, loans were by regulated financial institutions using deposits. With securitization, unregulated institutions could get into the loan business.
Do a graph of avg. home prices as well as ratio of avg. home prices to avg. salary ... plotted since 1970. The graph is reasonably well behaved until a couple yrs ago when ugly huge pimple/boil starts to spike (speculators taking advantage of 1% interest only ARMs, basically home market acting like the unregulated 1920s stock market) ... which still hasn't completely deflated (totally outside the traditional CRA market of first-time, low-income home buyers)
Long-winded, decade old post discussing some of the current issues
https://www.garlic.com/~lynn/aepay3.htm#riskm
similar discussion:
https://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#68 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#74 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#77 CROOKS and NANNIES: what would Boyd do?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Credit & Risk Management ... go Simple ? Date: Feb 1, 2009 Blog: Financial Regulationre:
Also, with regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
In Dec, CSPAN had a panel from the mortgage industry. They appeared to be somewhat torn between claiming the problems are because the people in the mortgage industry are ignorant and totally incompetent vis-a-vis they just ignored all prudent business processes. They also mentioned that only about 10% of the subprime, no-documentation, no-down, 1% interest only ARM loans could be considered falling into the CRA category (large percentage picked up by speculators that could treat home market like the unregulated 1920s stock market).
These were subprime in another sense. With securitization, they could make loans with 1% interest rates ... totally decoupled from the FED PRIME rate. In the past, loans were by regulated financial institutions using deposits. With securitization, unregulated institutions could get into the loan business.
Do a graph of avg. home prices as well as ratio of avg. home prices to avg. salary ... plotted since 1970. The graph is reasonably well behaved until a couple yrs ago when ugly huge pimple/boil starts to spike (speculators taking advantage of 1% interest only ARMs, basically home market acting like the unregulated 1920s stock market) ... which still hasn't completely deflated (totally outside the traditional CRA market of first-time, low-income home buyers)
The spike in home market somewhat corresponds with:
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
and some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... from a couple weeks ago
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
and more recent ...
Obama Calls Bonuses 'Shameful' as Dodd Vows to Reclaim Money
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=anzJooSeABDM
Obama: Big Wall Street Bonuses 'Shameful'
http://voices.washingtonpost.com/economy-watch/2009/01/obama_big_wall_street_bonuses.html
misc. past posts mentioning the The Fed's Too Easy on Wall Street
article
https://www.garlic.com/~lynn/2008f.html#76 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#52 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#42 The Return of Ada
https://www.garlic.com/~lynn/2008n.html#52 Technology and the current crisis
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#31 The human plague
https://www.garlic.com/~lynn/2008o.html#32 How much is 700 Billion Dollars??
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008r.html#61 The vanishing CEO bonus
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008s.html#32 How Should The Government Spend The $700 Billion?
https://www.garlic.com/~lynn/2008s.html#33 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#41 Executive pay: time for a trim?
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#80 Are reckless risks a natural fallout of "excessive" executive compensation ?
https://www.garlic.com/~lynn/2009b.html#25 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#41 The subject is authoritarian tendencies in corporate management, and how they are related to political culture
https://www.garlic.com/~lynn/2009b.html#45 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#49 US disaster, debts and bad financial management
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: OCR scans of old documents Newsgroups: alt.folklore.computers Date: Sun, 01 Feb 2009 11:10:05 -0500I found copy of the Glass-Steagall (Pecora) hearings on archive.org (different than archives.gov where the physical originals are). they were done at boston public library last fall. There are PDF as well as semi-decent OCR.
I'm trying to cleanup the OCR'ed copy of the hearings index file (original over 800 pages) ... so I can load it into our repository and generate HTML. While the OCR seems to have done a marvelous job ... there are still a large number of dings ... i'm maybe 10% done trying to clean the OCR'ed copy up so I can load and generate HTML.
This is somewhat analogous to the merged glossaries & taxonomies
https://www.garlic.com/~lynn/index.html#glosnote
where I've tried to organize how to think about the subject matter
... including financial
https://www.garlic.com/~lynn/financial.htm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: As bonuses...why breed greed, when others are in dire need? Date: Feb 1, 2009 Blog: Equity Marketsrelated answer in this discussion:
also archived here:
https://www.garlic.com/~lynn/2009b.html#53
https://www.garlic.com/~lynn/2009b.html#57
With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
In Dec, CSPAN had a panel from the mortgage industry. They appeared to be somewhat torn between claiming the problems are because the people in the mortgage industry are ignorant and totally incompetent vis-a-vis they just ignored all prudent business processes. They also mentioned that only about 10% of the subprime, no-documentation, no-down, 1% interest only ARM loans could be considered falling into the CRA category (large percentage picked up by speculators that could treat home market like the unregulated 1920s stock market).
These were subprime in another sense. With securitization, they could make loans with 1% interest rates ... totally decoupled from the FED PRIME rate. In the past, loans were by regulated financial institutions using deposits. With securitization, unregulated institutions could get into the loan business.
Do a graph of avg. home prices as well as ratio of avg. home prices to avg. salary ... plotted since 1970. The graph is reasonably well behaved until a couple yrs ago when ugly huge pimple/boil starts to spike (speculators taking advantage of 1% interest only ARMs, basically home market acting like the unregulated 1920s stock market) ... which still hasn't completely deflated (totally outside the traditional CRA market of first-time, low-income home buyers)
The spike in home market speculation corresponds with:
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
and some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... from a couple weeks ago
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
and more recent ...
Obama Calls Bonuses 'Shameful' as Dodd Vows to Reclaim Money
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=anzJooSeABDM
Obama: Big Wall Street Bonuses 'Shameful'
http://voices.washingtonpost.com/economy-watch/2009/01/obama_big_wall_street_bonuses.html
There seems to be some amount of similarity between the speculation in the 1920s unregulated stock market and the current (mostly) unregulated speculation in the home market ... which followed the repeal of Glass-Steagall act a decade ago (Glass-Steagall had been put in place in the aftermath of the '29 crash).
The Glass-Steagall (Pecora) hearing documents were scanned at the Boston public library last fall and put on line ... including a reasonably good OCR'd effort. I'm currently working on trying to clean up the OCR'ed hearings index (over 800 pages) ... making it loadable and also generate HTML.
This is similar to some of the stuff I do for (internet) RFC standards
https://www.garlic.com/~lynn/rfcietff.htm
and merged taxonomy and glossaries
https://www.garlic.com/~lynn/index.html#glosnote
where I try and also organize how to "think" about the subject matter
... including payments (started when working on X9.59 financial
industry transaction standard)
https://www.garlic.com/~lynn/payment.htm
security (also partially in support of X9.59)
https://www.garlic.com/~lynn/secure.htm
privacy (partially done to support my work as co-author of X9.99
financial industry Privacy standard)
https://www.garlic.com/~lynn/privacy.htm
financial (supporting lots of financial standards activity)
https://www.garlic.com/~lynn/financial.htm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: OCR scans of old documents Newsgroups: alt.folklore.computers Date: Mon, 02 Feb 2009 09:28:37 -0500hancock4 writes:
National Archives entry for the "physical copies" (170+ ft of shelf space):
Records Relating to the Investigation of Stock Exchange Practices, compiled
1932 - 1934, documenting the period 1929 - 1934; ARC Identifier 563053; Series
from Record Group 46: Records of the U.S. Senate, 1789 - 2006
... snip ...
The scanned PDF files (at archive.org) are about a gigabyte.
The "index" (PDF) file is over 800 pages (and 61mbytes). The OCR'd flavor is 2.7mbytes ... with several percent dings (which I'm in the process of cleaning). Maybe will have an initial "HTML'ed" version in a week or so.
PBS website discussing enron, worldcom, repeal of Glass-Steagall:
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
GLBA (Bank Modernization Act) repealed Glass-Steagall also provided
for some financial "privacy" ... notifications regarding information
sharing and "opt-out". Recent discussion of "opt-out"
https://www.garlic.com/~lynn/2009b.html#47 How to defeat new telemarketing tactic
There was a recent CSPAN program where somebody commented that in the
congressional session that repealed Glass-Steagall, the financial
industry had made $250M in contributions and in the most recent
congressional session that passed the $700B bail-out, there were $2B in
contributions. I think this lastest is the same session that there was
some note that it had the lowest attendance (& productivity) in the
history of the organization:
https://www.garlic.com/~lynn/2008o.html#12 The human plague
Recent discussion (on linkedin) about some of the issues and working
on cleaning/loading the Glass-Steagall hearings index using the same
technology I use for the (internet standards) RFC index and several
merged taxonomies and glossaries:
https://www.garlic.com/~lynn/2009b.html#59 As bonuses...why breed greed, when others are in dire need?
I was one of the co-authors of the financial privacy standard (X9.99)
and had to spend some time considering GLBA ... see reference to
merged privacy taxonomy & glossary
https://www.garlic.com/~lynn/index.html#glosnote
some number of posts (on linkedin) discussing some of the issues:
https://www.garlic.com/~lynn/2009.html#58 HONEY I LOVE YOU, but please cut the cards
https://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#77 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#79 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009.html#80 Are reckless risks a natural fallout of "excessive" executive compensation ?
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
https://www.garlic.com/~lynn/2009.html#85 Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#11 Amid Economic Turbulence, Mainframes Counter IT Cost-Cutting Trend
https://www.garlic.com/~lynn/2009b.html#25 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#36 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
https://www.garlic.com/~lynn/2009b.html#41 The subject is authoritarian tendencies in corporate management, and how they are related to political culture
https://www.garlic.com/~lynn/2009b.html#45 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#48 The blame game is on : A blow to the Audit/Accounting Industry or a lesson learned ???
https://www.garlic.com/~lynn/2009b.html#49 US disaster, debts and bad financial management
https://www.garlic.com/~lynn/2009b.html#52 What has the Global Financial Crisis taught the Nations, it's Governments and Decision Makers, and how should they apply that knowledge to manage risks differently in the future?
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
https://www.garlic.com/~lynn/2009b.html#54 In your opinion, which facts caused the global crise situation?
https://www.garlic.com/~lynn/2009b.html#57 Credit & Risk Management ... go Simple ?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Passport RFIDs cloned wholesale by $250 eBay auction spree Date: Jan 21, 2009 Blog: Smart CardsPassport RFIDs cloned wholesale by $250 eBay auction spree
from above:
The $250 proof-of-concept device - which researcher Chris Paget built
in his spare time - operates out of his vehicle and contains
everything needed to sniff and then clone RFID, or radio frequency
identification, tags. During a recent 20-minute drive in downtown San
Francisco, it successfully copied the RFID tags of two passport cards
without the knowledge of their owners.
... snip ...
This isn't new ... it has been going on for some time
German hackers clone RFID e-passports
http://www.desktops.engadget.com/2006/08/03/german-hackers-clone-rfid-e-passports/
Part of the issue is that a lot of the RFID technology was developed for EPC/UPC (barcode replacement) for things like grocery store checkout ... easily read "static data" ... if that "static data" is personal information ... rather than product identifier ... then there are all sorts of issues.
The issue of "static data" shows up as problem in nearly all
authentication schemes .... it shows up in something you know
authentication (like password or PIN) .... some past posts
https://www.garlic.com/~lynn/subintegrity.html#secrets
Another example is the yes card (payment card) compromise ... lots
of past reference
https://www.garlic.com/~lynn/subintegrity.html#yescard
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Study: Data breaches continue to get more costly for businesses Date: Feb 3, 2009 Blog: Payment Systems NetworkStudy: Data breaches continue to get more costly for businesses
from above:
Data breaches are costing companies more and more, with lost revenue
being a big factor as customers increasingly shun businesses that have
lost information, according to a new study.
Average cost of breaches hits $202 per stolen record, according to
Ponemon report
... snip ...
A few more recent, related items:
Heartland Data Breach: Nine More Institutions Linked
http://www.bankinfosecurity.com/articles.php?art_id=1187
Data Breach Costs Rose Significantly In 2008, Ponemon Study Says
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=213000466
Data-Breach Costs Rising, Study Finds
http://it.slashdot.org/article.pl?sid=09/02/02/1833219
Data Loss Costing Companies $6.6 Million Per Breach
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=216500718
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=213000512
Data Breach Costs On The Rise, Study Finds
http://www.crn.com/security/213000464
Data breach costs rise as firms brace for next loss
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1346623,00.html
with respect to financial related information that attackers can use to perform fraudulent transaction, we've used a number of metaphors attempting to characterize the threat & vulnerability.
One is the security proportional to risk metaphor.
One of the issues is the value of a repository to a merchant is the profit from the transactions ... which may amount to a few dollars per account. The value of such a repository to a processor is possibly only a few cents per account. However, the value of the repository to an attacker is the balance or credit limit per account, which can be several hundred dollars per account. As a result, an attacker may be able to outspend the defenders by 2-3 orders of magnitude (spend 100 times, or more for a data breach than merchant or processor can afford to spend defending the repository).
An alternative is to tweak the paradigm and eliminate the usefulness of the information to the crooks for performing fraudulent transactions.
In the mid-90s, the X9A10 financial standard working group was given
the requirement to preserve the integrity of the financial
infrastructure for all retail payments. Part of the effort was
detailed, end-to-end study of threats and vulnerabilities. Part of the
resulting X9.59 financial standard was to make such a "tweak"
https://www.garlic.com/~lynn/x959.html#x959
recent posts mentioning data breach:
https://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#20 Data losses set to soar
https://www.garlic.com/~lynn/2009.html#25 Wrong Instrument for Recurring Payments
https://www.garlic.com/~lynn/2009.html#29 Data losses set to soar
https://www.garlic.com/~lynn/2009.html#34 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#58 HONEY I LOVE YOU, but please cut the cards
https://www.garlic.com/~lynn/2009b.html#6 US credit card payment house breached by sniffing malware
https://www.garlic.com/~lynn/2009b.html#9 New Research Reveals 45% of Card Breach Victims Lose Confidence in Their Financial Accounts
https://www.garlic.com/~lynn/2009b.html#13 US credit card payment house breaches by sniffing malware
https://www.garlic.com/~lynn/2009b.html#19 US credit card payment house breached by sniffing malware
https://www.garlic.com/~lynn/2009b.html#21 ICSF and VISA/MasterCard?amex reference list
https://www.garlic.com/~lynn/2009b.html#28 Online-Banking Authentication
https://www.garlic.com/~lynn/2009b.html#29 is privacy a security attribute(component or ?). If yes, why? If no why not?
https://www.garlic.com/~lynn/2009b.html#32 Heartland Says Entire Industry Should Revamp Security
https://www.garlic.com/~lynn/2009b.html#44 Cybercrime cost $1 trillion last year, study
https://www.garlic.com/~lynn/2009b.html#50 Cellphones as Credit Cards? Americans Must Wait
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Study: Data breaches continue to get more costly for businesses Date: Feb 04, 2009 Blog: Payment Systems Networkre
Some other references to this report:
The un-internalised cost of your data breach
https://financialcryptography.com/mt/archives/001148.html
300 Multiple Choices
http://www.emergentchaos.com/archives/2009/02/first_impressions_of_the.html
part of the above is related to this discussion item from two weeks ago:
New Research Reveals 45% of Card Breach Victims Lose Confidence in
Their Financial Accounts
http://sev.prnewswire.com/banking-financial-services/20090120/SF6044320012009-1.html
also archived here
https://www.garlic.com/~lynn/2009b.html#9
for slightly more (metaphor) topic drift ... a couple recent
references:
https://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
https://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
https://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#67 Web Security hasn't moved since 1995
https://www.garlic.com/~lynn/2008p.html#76 Multi-Factor Authentication - Moving Beyond Passwords for Security of Online Transactions
https://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
https://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance
a few other recent posts mentioning breaches
https://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#25 Wrong Instrument for Recurring Payments
https://www.garlic.com/~lynn/2009.html#29 Data losses set to soar
https://www.garlic.com/~lynn/2009.html#34 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#56 Data losses set to soar
https://www.garlic.com/~lynn/2009.html#74 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#78 Double authentification for internet payment
https://www.garlic.com/~lynn/2009b.html#6 US credit card payment house breached by sniffing malware
https://www.garlic.com/~lynn/2009b.html#12 Amid Economic Turbulence, Mainframes Counter IT Cost-Cutting Trend
https://www.garlic.com/~lynn/2009b.html#13 US credit card payment house breaches by sniffing malware
https://www.garlic.com/~lynn/2009b.html#14 question about ssh-keygen with empty passphrase
https://www.garlic.com/~lynn/2009b.html#21 ICSF and VISA/MasterCard?amex reference list
https://www.garlic.com/~lynn/2009b.html#28 Online-Banking Authentication
https://www.garlic.com/~lynn/2009b.html#29 is privacy a security attribute(component or ?). If yes, why? If no why not?
https://www.garlic.com/~lynn/2009b.html#44 Cybercrime cost $1 trillion last year, study
https://www.garlic.com/~lynn/2009b.html#50 Cellphones as Credit Cards? Americans Must Wait
https://www.garlic.com/~lynn/2009b.html#61 Passport RFIDs cloned wholesale by $250 eBay auction spree
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: SQL attacks dominated 2008, says IBM Date: Feb 4, 2009 Blog: Financial Crime Risk, Fraud and SecuritySQL attacks dominated 2008, says IBM
from above:
"SQL injection, in particular, took off in 2008," says X-Force
researcher Tom Cross, noting that the annual trend report concludes
that 55 percent of all vulnerability disclosures made by vendors
affected web applications, a number that does not include
custom-developed web applications.
... snip ...
We had been called in to consult with small client/server startup that wanted to payment transactions on their server ... and they had this technology called SSL they wanted to use. Part of that required some detailed end-to-end threat & vulnerability studies (including these new operations calling themselves Certifications Authorities) as well as how the "servers" actually operated doing payments. The effort is now frequently referred to as "electornic commerce".
At the time, lots of these severs were moving into RDBMS as platform for their operations. One of the things found at the time was that the complexity of RDBMS operation was a source of many of the threats and vulnerabilities ... i.e. various kinds of human errors and/or mistakes ... as a result of the complexity of the operation.
For some topic drift ... past references to working on the original
relational/SQL effort
https://www.garlic.com/~lynn/submain.html#systemr
... update ... a SQL attack:
Kaspersky breach exposes sensitive database, says hacker
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
from above ...
In a posting made Saturday, the hacker claimed a simple SQL injection
gave access to a database containing "users, activation codes, lists
of bugs, admins, shop, etc." Kaspersky has declined to comment, but
two security experts who reviewed the evidence said the claims
appeared convincing.
... snip ...
related topic about threat & vulnerability studies
https://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
https://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009b.html#2 The 25 Most Dangerous Programming Errors
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What can agencies such as the SEC do to insure us that something like Madoff's Ponzi scheme will never happen again? Date: Feb 4, 2009 Blog: Equity MarketsCongressional hearing this morning on the Madoff ponzi scheme with the person that turned in documentation a decade ago to the SEC and repeatedly several times since.
Repeated theme was that crooks & fraud thrive where there is lack of visibility and transparency ... and the major recommendation is to change the culture to provide transparency in all aspects of the operations. There is need for new legislation and regulations, but they will always lag behind the crooks. Much more important is creating institutional and infrastructure transparency.
A couple other highlights
could only think of one person at SEC (in some field office, gave
their name) that had any understanding of financial transactions
... all the others at the SEC had no understanding (and were mostly
lawyers).
only 4% of fraud is turned up by audits ... over 50% from tips; tips
are 13 times more effective than audits. SEC has a 1-800 hotline for
companies to complain about too vigorous investigation. there is no
corresponding "tip" line.
The Madoff ponzi scheme isn't the only one, tomorrow morning there
will be detailed documentation turned in to the authorities about a
(different) "small" $1b ponzi scheme.
if it wasn't for the current financial crisis, the Madoff ponzi scheme
easily could have continued to $100B
None of the clients he advised, had gotten involved with Madoff
...
Long-winded decade old post mentioning some of the current issues
https://www.garlic.com/~lynn/aepay3.htm#riskm
We had been called in to consult with a small client/server startup
that wanted to do payment transactions on their server ... and they
had this technology they wanted to use called SSL. there had to be a
whole lot of work to turn technology into actual business processes to
do financial transactions (frequently now called "electronic
commerce"). then in the mid-90s, we were invited to participate in the
x9a10 financial standards working group which had been given the
requirement to preserve the integrity of the financial infrastructure for
all retail payments ... which resulted in the x9.59 financial standard
... some references
https://www.garlic.com/~lynn/x959.html#x959
Somewhat as the result of "electronic commerce" & x9.59 work, we were
asked to come in to NSCC (since combined with DTC and renamed DTCC) to
see if we could do something similar for all the operations in the
securities industry. After some amount of effort, it was eventually
suspended because a side-effect of the increased integrity would have
created significantly more transparency in all aspects of the
industry. This ran into conflict with pervasive cultural for lots of
obfuscation and lack of transparency
https://www.garlic.com/~lynn/2008s.html#63 Garbage in, garbage out trampled by Moore's law
... and in the past decade, a lot of the institution computerized
risk models were being purposefully manipulated/fiddled to permit
the desired objectives (garbage in, garbage out)
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
the term Emperor's new clothes was used in the hearings with reference to what is going on and the people at the SEC not being able to understand what is happening.
misc. past posts mentioning the Emperor's new clothes theme:
https://www.garlic.com/~lynn/2008j.html#40 dollar coins
https://www.garlic.com/~lynn/2008j.html#60 dollar coins
https://www.garlic.com/~lynn/2008j.html#69 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008k.html#27 dollar coins
https://www.garlic.com/~lynn/2008l.html#42 dollar coins
https://www.garlic.com/~lynn/2008m.html#12 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008q.html#58 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
misc. other posts in the garbage in, garbage out thread
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#24 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#27 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#28 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#33 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#57 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#59 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#60 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#62 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#70 Garbage in, garbage out trampled by Moore's law
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: 45th anniversary of the System/360 announcement Newsgroups: alt.folklore.computers Date: Thu, 05 Feb 2009 11:28:19 -0500x-over post from ibm-main:
NBoike@MSPTECHMEDIA.COM (Natalie Boike) writes:
Hello all,
I don't know if this is the appropriate forum, but IBM Systems Magazine,
Mainframe edition is collecting ³mainframe memories² in recognition of the
45th anniversary of the System/360 announcement. The magazine is hoping to
review how the mainframe has changed the industry by publishing user, client
and vendor memories in the magazine and on our Web site.
Were you one of the 100,000 businessmen who attended the announcement
meeting? Did you play a role in helping the 360 evolve over the years?
Amusing or earnest, momentous or trivial, we¹d like to hear how the IBM
mainframe has impacted your life. Share you story by e-mailing me at
nboike@msptechmedia.com before April 13.
Thanks!
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: IBM tried to kill VM? Newsgroups: alt.folklore.computers Date: Thu, 05 Feb 2009 21:31:47 -0500Chris Barts <chbarts+usenet@gmail.com> writes:
it wasn't suppose to have even gotten started ... there was some
creative financing at the science center
https://www.garlic.com/~lynn/subtopic.html#545tech
to fund the hardware modifications that added virtual memory to 360/40
... and then to replace the 360/40 with a 360/67 (when standard product
machine with virtual memory came available). the "official" time-sharing
and virtual memory system was "tss/360". lots more of this history can
be seen in Melinda's history at:
https://www.leeandmelindavarian.com/Melinda/
https://www.leeandmelindavarian.com/Melinda#VMHist
then there followed several attempts by tss/360 group to have the cp/67 effort terminated
then there was lots of effort by "os/360" group to not have a cp67->vm370 product effort (when virtual memory was added as standard feature to 370).
cp67 & vm370 weren't exactly incompatible ... since a number of customers would run standard os/360 products in virtual machines ... and the biggest customer was internal corporate development (so they were some ambivalent regarding this other operating system ... since so much of internal operation had become dependent on it).
internally, first there was a custom modification so that cp67 (running on real 360/67) would simulate the 370 architecture (which had a number of differences from 360/67 virtual memory architecture) ... for development of virtual memory support in the other operating systems (os/360, dos/360 ... for dos/vs, vs1, vs2). In addition to doing development under cp67 ... the initial prototype for vs2 involved borrowing code from cp67 for part of the actual implementation (i.e. for morph of os/360 MVT to vs2/svs). Then there was a version of cp67 modified to run on real 370 architecture (first system to run on real 370 virtual memory hardware ... in some cases, was used as early hardware regression test).
the company then went through its "Future System" period
https://www.garlic.com/~lynn/submain.html#futuresys
... when lots of work on 370 hardware & software projects went into abeyance ... since "Future System" was going to completely replace 370. After "Future System" was killed, there was a mad rush to get products back into the 370 product line. As part of the mad rush, there was crash program to breath life into a 370 following (31-bit, 370-xa). The group responsible for "mvs/xa" made the case that vm370 product needed to be killed, the vm370 product group shutdown (at the time in the old SBC bldg. in Burlington Mall), and all the people transferred to helping with mvs/xa development (if they were going to meet their schedule). Endicott eventually managed to save the vm370 product mission ... but it had to reconstitute a development group from scratch.
Some number of people from the vm370 product development decided to leave the company and stay in the boston area ... rather than move (this was 1976). There was joke that the mvs/xa decision to kill vm370 was one of the biggest contributions to vms (since some number of the people that stayed in the boston area went to DEC).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Fraud Incidents Tied to Heartland Data Breach Date: Feb 06, 2009 Blog: Payment Systems NetworkFraud Incidents Tied to Heartland Data Breach
from above:
Credit Unions Report Fraudulent Charges Against Members' Cards,
... avg nearly $700/card
... snip ...
long term studies have avg. (consumer) losses per card running @$1000.
that is separate than the institutional "costs" (per account) of breaches rising ... recent breach costs references/discussions:
https://www.garlic.com/~lynn/2009b.html#62 Study: Data breaches continue to get more costly for businesses
https://www.garlic.com/~lynn/2009b.html#63 Study: Data breaches continue to get more costly for businesses
and
https://financialcryptography.com/mt/archives/001148.html
which makes mention of the difference between the avg (rising) institutional "costs" per account and the avg consumer losses per card
then there is this:
https://www.garlic.com/~lynn/2009b.html#9 New Research Reveals 45% of Card Breach Victims Lose Confidence in Their Financial Accounts
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Intel's Future is integrated Newsgroups: alt.folklore.computers Date: Fri, 06 Feb 2009 12:56:06 -0500Intel's Future is integrated
As part of our HA/CMP project in the early 90s'
https://www.garlic.com/~lynn/subtopic.html#hacmp
we had contracted for a some amount of market research with one of the people that did a lot of work for Dataquest (since bought by Gartner).
In that period, the head of the (IBM) PC division contracted with Dataquest for extensive look at PC market and its future. The contract included several hr panel/round table discussion with a dozen of the leading PC experts in silicon valley (including video taping). I was contacted about participating ... but a combination of being vocal about PC market (internally) and an employee of the company ... I first cleared my participation with our executives (as opposed to PC division). I got approval ... but they asked that Dataquest "garble" my introduction on video tape & transcription.
One of my themes was lot higher level of functional integration as more and more capability and circuits became available.
Misc. past posts mentioning dataquest:
https://www.garlic.com/~lynn/2002k.html#55 Moore law
https://www.garlic.com/~lynn/2004.html#34 Two subjects: 64-bit OS2/eCs, Innotek Products
https://www.garlic.com/~lynn/2005t.html#21 What ever happened to Tandem and NonStop OS ?
https://www.garlic.com/~lynn/2007g.html#81 IBM to the PCM market
https://www.garlic.com/~lynn/2007h.html#0 The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2008d.html#60 more on (the new 40+ yr old) virtualization
https://www.garlic.com/~lynn/2008o.html#5 Houses
https://www.garlic.com/~lynn/2008o.html#6 Houses
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Amazon Launches Flexible Payments As a Commercial Service Date: Feb 06, 2009 Blog: Payment Systems NetworkAmazon Launches Flexible Payments As a Commercial Service
also from the article:
Pricing for the commercial product remains the same as for the beta
version. Amazon Payments transfers cost 1.5% plus a penny. ACH debits
are 2% plus a nickel, and the fee for payments backed by credit cards
is 2.9% plus 30 cents.
... snip ...
We had been called in to consult with small client/server startup that
wanted to do payments on their server ... and had this technology
called SSL they wanted to use. Part of the effort required doing some
detailed end-to-end threat & vulnerability analysis ... including
looking at the end-to-end operations of these new things calling
themselves "Certification Authorities" ... issuing SSL domain name
digital certificates ... some past posts:
https://www.garlic.com/~lynn/subpubkey.html#sslcert
The result is now frequently referred to as electronic
commerce. Part of the deployment was something called a payment
gateway ... lots of past posts
https://www.garlic.com/~lynn/subnetwork.html#gateway
One of the things the major retailers were always looking at was their fully loaded costs associated with payment transactions.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: IBM tried to kill VM? Newsgroups: alt.folklore.computers Date: Fri, 06 Feb 2009 14:43:08 -0500hancock4 writes:
my first programming job was porting 1401 MPIO to 360/30. The univ. ran 709 with 1401 for unit record front-end (card->tape & tape->printer/punch). The 360/30 had 1401 hardware emulation mode ... so it could be used w/o actually requiring MPIO port ... but possibly they felt it was an exercise in getting acquainted with 360.
It was good for me since I got to design & implement my own monitor, storage management, device drivers, multitasking, some number of other things.
The 709 ibsys monitor would process student (fortran) jobs in subsecond elapsed time (tape-to-tape).
When 360/67 (running in 360/65 mode; replace 1401/70) with os/360 MFT ... it was taking nearly a minute per student fortran jobs ... this was a lot of (serialized) unit record latency and job-scheduler in 3-step fortran compile, link/edit & go.
My student programming job grew into having repsonsibility for system programming support for os/360. I first added HASP ... which help things by eliminating the serialized unit record latency (spooling, overlapping unit record operation with program comple & execution).
However, it was still taking much longer to process student fortran workload than the 709/1401 lashup.
old post with some elapsed time numbers from presentation I gave at
fall68 SHARE meeting in Atlantic City
https://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14
Part of the numbers were thruput comparison of os/360 running in cp/67 virtual machine. However, part of the numbers are heavy optimization work that i had done on os/360 getting avg. student job elapsed time down under 13seconds ... compared to an "out-of-the-box" system that was (still) over 30 seconds (having added HASP).
Part of the difference between 709 monitor and os/360 ... was each "job step" in os/360 (3 steps in normal job) required an enormous number of (random) disk accesses. I was able to achieve significant reduction in elapsed time ... by very carefully placing required data on disk to optimize disk arm motion.
The student job problem was eventually solved when we installed Watfor from University of Waterloo ... basically a "monitor" (more analogous to 709 operation) ... which required a single "system" job step (to load watfor) and then it would serially process large number of student fortran jobs (finally processing on 360 was faster than 709).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: IBM Revamp Venerable Tivoli Storage Software Newsgroups: alt.folklore.computers Date: Fri, 06 Feb 2009 14:49:35 -0500IBM Revamp Venerable Tivoli Storage Software; Latest version tackles hot areas like dedupe while adding database integration and reporting.
I had started this long ago and far away ... when I implemented
"CMSBACK" ... various old email references
https://www.garlic.com/~lynn/lhwemail.html#cmsback
which was used internally at a number of internal datacenters and went thru 3-4 (internal) releases. then a number of client applications were written for different platforms and released as Workstation DataSave Facility. It was then transferred from the research division to the disk division and renamed ADSM. When the disk division was sold off, ADSM was transferred to Tivoli business unit and renamed TSM.
various old posts mentioning archive/backup
https://www.garlic.com/~lynn/submain.html#backup
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What can we learn from the meltdown? Date: Feb 07, 2009 Blog: Payment Systems NetworkThe Glass-Steagall hearings were scanned (OCR'ed) at the Boston Public Library last fall and put online. I've been trying to clean up some of the OCR ... (starting with the INDEX document) which are remarkable good considering the age/quality of the original documents.
OCR'ing lost the indention in the original documents ... so that, in
itself of some loss of information (how different items were
organized). For at least some of the index entries ... they would
periodically add some of the underlying information .. a couple of the
entries:
Brokers loans made by, as cause of speculative mania in years prior to
1929 in opinion of Otto H. Kahn 1010
"Uncontrolled" because even where made indirectly through banks,
reserves against such loans were not required and because completely
unregulated, said Charles H. E. Scheer 6313
... snip ...
the analogy was that securitization contributed to speculators being able to treat the home market like the unregulated stock market of the '20s.
Previously, loans were made by financial institutions from deposits. With securitization, (often unregulated) institutions could have access to funds for lending.
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
With securitization, loans could be unloaded immediately ... not caring about quality ... every loan made was a profit for them. The no-documentation, no-down, 1% introductory, interest-only, ARM became quite attractive to speculators ... since the carrying cost was significantly less than the inflation in many parts of the country (planning on flipping before the rate reset); with the speculation significantly fanning the inflation flames.
Plot the avg. home prices and the ratio of home prices to salary (since the early 70s) ... there is an ugly huge pimple/boil/bubble starting to increase the early part of this decade ... which still hasn't completely deflated.
In the congressional hearings last fall, there was repeated reference to both the toxic-CDO issuers/sellers and the rating agencies were aware that the toxic CDOs weren't worth the triple-A ratings. The explanation was that the rating agencies' business model became misaligned in the early 70s when the rating agencies switched from the buyers to the sellers paying for the ratings (and contributed to conflict of interest).
The toxic CDO triple-A ratings significantly increased the institutions that would deal in toxic CDOs and also significantly increased the amount of money available to those lending.
On the institutional side buying the triple-A rated toxic CDOs,
several were playing long/short mismatch ... which has been known for
centuries to take down institutions. The comment was that Lehman and
Bear Stearns had marginal chance of surviving long/short mismatch
(independent of heavy leveraging and whether or not the toxic CDOs
were worth triple-A rating) ... article on the subject:
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
long-winded, decade old post discussing some of the issues:
https://www.garlic.com/~lynn/aepay3.htm#riskm
PBS pages discussing Enron, Worldcom, deregulation, and repeal of
Glass-Steagall
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
Supposedly SOX had SEC doing something about the rating agencies, but not much seemed to be done except this study:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
Other evidence that SEC wasn't doing something was from the recent
Madoff hearings .... from individual turning over documents about
Madoff (starting decade ago). Recent discussion:
https://www.garlic.com/~lynn/2009b.html#65 What can agencies such as the SEC do to insure us that something like Madoff's Ponzi scheme will never happen again?
The repeated theme was that crooks & fraud thrive where there is lack of visibility and transparency ... and the major recommendation is to change the culture to provide transparency in all aspects of the operations. There is need for new legislation and regulations, but they will always lag behind the crooks. Much more important is creating institutional and infrastructure transparency.
A couple other misc. other "highlights"
could only think of one person at SEC (in some field office, gave
their name) that had any understanding of financial transactions
... all the others at the SEC had no understanding (and were mostly
lawyers).
only 4% of fraud is turned up by audits ... over 50% from tips; tips
are 13 times more effective than audits. the SEC has a 1-800 hotline
for companies to complain about too vigorous investigating, there is
no corresponding tip hotline.
The Madoff ponzi scheme isn't the only one, he will turning over
detailed documentation to the authorities about a (different) "small"
$1b ponzi scheme.
None of the clients he advised, had gotten involved with Madoff
...
Corporate Fraud and Misconduct Risks Driven by Pressure to do
'Whatever It Takes'; Fewer episodes reported by companies with ethics
and compliance programs
http://www.informationweek.com/financialservices/news/showArticle.jhtml?articleID=215801487
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said
they had personally observed misconduct within their organizations
during the prior 12 months, unchanged from the level reported by KPMG
survey respondents in 2005. Roughly half (46 percent) of respondents
reported that what they observed "could cause a significant loss of
public trust if discovered," a figure that rises to 60 percent among
employees working in the banking and finance industry.
... snip ...
If the overall avg. is 46 percent and the financial industry is 60 percent, then the non-financial avg may be as low as 30percent ... making the financial industry twice as bad as other industries.
so even so it didn't look like SEC was doing much, GAO was at least
compiling database of various misdeeds
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
misc. recent posts mentioning the pbs.org web pages:
https://www.garlic.com/~lynn/2009.html#58 HONEY I LOVE YOU, but please cut the cards
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
https://www.garlic.com/~lynn/2009b.html#36 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
https://www.garlic.com/~lynn/2009b.html#48 The blame game is on : A blow to the Audit/Accounting Industry or a lesson learned ???
https://www.garlic.com/~lynn/2009b.html#49 US disaster, debts and bad financial management
https://www.garlic.com/~lynn/2009b.html#52 What has the Global Financial Crisis taught the Nations, it's Governments and Decision Makers, and how should they apply that knowledge to manage risks differently in the future?
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: IBM tried to kill VM? Newsgroups: alt.folklore.computers Date: Sat, 07 Feb 2009 11:08:04 -0500Walter Bushell <proto@panix.com> writes:
the univesity had a 407 "plug-board" accounting program that ran daily. this morphed into a 1401 program that simulated the 407 plugboard. then this was auto-translated into 360 cobol program (still ran daily).
daily runs on 360/67 (running as 360/65 with os/360) still ended by printing out the 407 sense switch settings. one day, there was different values printed. everything was suspended while they tried to figure out what happened. after an hr or so (not being able to find anybody that understood the program) ... they decided just to rerun the application.
In the early 70s, Amdahl had a seminar at MIT (large auditorium with lots of attendance). One question was what justification did he use to get (venture) funding for his clone processor business. His reply was that customers already had a couple hundred billion invested in 360 software applications ... and even if IBM were to totally walk away from 360, there was enough applications to keep him in business until the end of the century.
misc. past posts mentioning 407 plug-board:
https://www.garlic.com/~lynn/99.html#137 Mainframe emulation
https://www.garlic.com/~lynn/2000.html#19 Computer of the century
https://www.garlic.com/~lynn/2001f.html#5 Emulation (was Re: Object code (was: Source code - couldn't resist compiling it :-))
https://www.garlic.com/~lynn/2001m.html#52 Author seeks help - net in 1981
https://www.garlic.com/~lynn/2002d.html#21 Mainframers: Take back the light (spotlight, that is)
https://www.garlic.com/~lynn/2003j.html#23 A Dark Day
https://www.garlic.com/~lynn/2003n.html#41 When nerds were nerds
https://www.garlic.com/~lynn/2004d.html#44 who were the original fortran installations?
https://www.garlic.com/~lynn/2005e.html#29 Using the Cache to Change the Width of Memory
https://www.garlic.com/~lynn/2005n.html#3 Data communications over telegraph circuits
https://www.garlic.com/~lynn/2006b.html#5 IBM 610 workstation computer
https://www.garlic.com/~lynn/2006s.html#66 Why these original FORTRAN quirks?; Now : Programming practices
https://www.garlic.com/~lynn/2008c.html#10 Usefulness of bidirectional read/write?
misc. past posts mentioning Amdahl's talk at MIT:
https://www.garlic.com/~lynn/2001j.html#23 OT - Internet Explorer V6.0
https://www.garlic.com/~lynn/2002j.html#20 MVS on Power (was Re: McKinley Cometh...)
https://www.garlic.com/~lynn/2003.html#36 mainframe
https://www.garlic.com/~lynn/2003e.html#13 unix
https://www.garlic.com/~lynn/2003e.html#15 unix
https://www.garlic.com/~lynn/2003h.html#32 IBM system 370
https://www.garlic.com/~lynn/2003i.html#3 A Dark Day
https://www.garlic.com/~lynn/2003p.html#30 Not A Survey Question
https://www.garlic.com/~lynn/2004d.html#22 System/360 40th Anniversary
https://www.garlic.com/~lynn/2004h.html#20 Vintage computers are better than modern crap !
https://www.garlic.com/~lynn/2004l.html#51 Specifying all biz rules in relational data
https://www.garlic.com/~lynn/2004m.html#53 4GHz is the glass ceiling?
https://www.garlic.com/~lynn/2004o.html#66 Integer types for 128-bit addressing
https://www.garlic.com/~lynn/2005b.html#47 The mid-seventies SHARE survey
https://www.garlic.com/~lynn/2005e.html#35 Thou shalt have no other gods before the ANSI C standard
https://www.garlic.com/~lynn/2005r.html#49 MVCIN instruction
https://www.garlic.com/~lynn/2006.html#7 EREP , sense ... manual
https://www.garlic.com/~lynn/2006c.html#18 Change in computers as a hobbiest
https://www.garlic.com/~lynn/2007f.html#61 Is computer history taught now?
https://www.garlic.com/~lynn/2007f.html#77 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007g.html#57 IBM to the PCM market(the sky is falling!!!the sky is falling!!)
https://www.garlic.com/~lynn/2007k.html#46 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007m.html#15 Patents, Copyrights, Profits, Flex and Hercules
https://www.garlic.com/~lynn/2007m.html#34 IBM 8000 ???
https://www.garlic.com/~lynn/2007p.html#9 CA to IBM product swap
https://www.garlic.com/~lynn/2007t.html#68 T3 Sues IBM To Break its Mainframe Monopoly
https://www.garlic.com/~lynn/2007v.html#101 It keeps getting uglier
https://www.garlic.com/~lynn/2008g.html#54 performance of hardware dynamic scheduling
https://www.garlic.com/~lynn/2008k.html#53 recent mentions of 40+ yr old technology
https://www.garlic.com/~lynn/2008m.html#1 Yet another squirrel question - Results (very very long post)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: OCR scans of old documents Newsgroups: alt.folklore.computers Date: Sat, 07 Feb 2009 11:13:10 -0500re:
for the fun of it ... recent post with a couple of quotes from the
hearings index:
https://www.garlic.com/~lynn/2009b.html#73 What can we learn from the meltdown?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: IBM tried to kill VM? Newsgroups: alt.folklore.computers Date: Sat, 07 Feb 2009 11:48:16 -0500Walter Bushell <proto@panix.com> writes:
I think there was an intermediate step where the 1401 program (that emulated 407 plug-board) was auto-translated to 709 cobol ... and then the 709 cobol was auto-translated to 360 cobol (and as mentioned, they couldn't find anybody still around that understood the original 407 plug-board).
recent related "re-engineering" post
https://www.garlic.com/~lynn/2009.html#87 Cleaning Up Spaghetti Code vs. Getting Rid of It
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Z11 - Water cooling? Newsgroups: bit.listserv.ibm-main,alt.folklore.computers Date: Sat, 07 Feb 2009 14:32:15 -0500R.Skorupka@BREMULTIBANK.COM.PL (R.S.) writes:
there is old folklore of the 3081 TCM modules ... with closed system liquid cooling, heat exchange, and liquid on the outboard side to handle all the heat.
one of the stories is that there was thermal sensors ... that would kill the power (to keep from melting) ... but no flow sensors on the outboard cooling side. a customer lost flow on the outboard flow side ... but by the time the thermal sensors tripped the power, it was too late ... there was so much heat on the inboard side ... that they lost the TCMs. After that, customer sites were retrofitted with flow sensors on the outboard side of the heat exchange (that would kill power, before the heat had started to build up enough to trip the thermal sensors).
some TCM URL references
http://www-03.ibm.com/ibm/history/exhibits/attic2/attic2_015.html
http://domino.watson.ibm.com/tchjr/journalindex.nsf/c469af92ea9eceac85256bd50048567c/5b94a637584c972785256bfa0067f507?OpenDocument
http://ibmcollectables.com/gallery/view_album.php?set_albumName=album122
https://en.wikipedia.org/wiki/IBM_3081
http://www.vm.ibm.com/devpages/LUNSFORD/rdl_prof.html
recent post mentioning 4341s being used to test 3081 TCMs:
https://www.garlic.com/~lynn/2009b.html#22 Evil weather
one of the issues with TCMs was that field engineers could no longer do "bootstrap" diagnostics that started with scoping. approach in 3081 was a "service processor" that had probes into all the TCMs ... and the "service processor" was "scopable" (field engineers could diagnose/replace the service processor ... and then use the service processor to diagnose the rest of the machine).
with the increase in requirements and sophistication of "service processor", for the 3090, it was initially decided to go with 4331 running a highly modified version of vm370 release 6, and all the screens/menus done in CMS IOS3270. By the time 3090 shipped, the 4331 had been replaced by a pair of 4361s (redundant machines as alternative to having to diagnose the machine in the field) ... still running highly modified version of vm370 release 6 (and all the screens done in CMS IOS3270).
misc past posts mentioning TCMs
https://www.garlic.com/~lynn/2000b.html#36 How to learn assembler language for OS/390 ?
https://www.garlic.com/~lynn/2000b.html#37 How to learn assembler language for OS/390 ?
https://www.garlic.com/~lynn/2000b.html#38 How to learn assembler language for OS/390 ?
https://www.garlic.com/~lynn/2000d.html#61 "all-out" vs less aggressive designs (was: Re: 36 to 32 bit transition)
https://www.garlic.com/~lynn/2001k.html#7 hot chips and nuclear reactors
https://www.garlic.com/~lynn/2002b.html#3 Microcode? (& index searching)
https://www.garlic.com/~lynn/2002b.html#5 Microcode? (& index searching)
https://www.garlic.com/~lynn/2002d.html#13 IBM Mainframe at home
https://www.garlic.com/~lynn/2002e.html#20 What goes into a 3090?
https://www.garlic.com/~lynn/2002l.html#10 What is microcode?
https://www.garlic.com/~lynn/2004n.html#15 360 longevity, was RISCs too close to hardware?
https://www.garlic.com/~lynn/2004n.html#22 Shipwrecks
https://www.garlic.com/~lynn/2004p.html#35 IBM 3614 and 3624 ATM's
https://www.garlic.com/~lynn/2004p.html#36 IBM 3614 and 3624 ATM's
https://www.garlic.com/~lynn/2004p.html#41 IBM 3614 and 3624 ATM's
https://www.garlic.com/~lynn/2005b.html#51 History of performance counters
https://www.garlic.com/~lynn/2005h.html#13 Today's mainframe--anything to new?
https://www.garlic.com/~lynn/2006r.html#36 REAL memory column in SDSF
https://www.garlic.com/~lynn/2007g.html#23 The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007g.html#29 The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007h.html#9 21st Century ISA goals?
https://www.garlic.com/~lynn/2007t.html#77 T3 Sues IBM To Break its Mainframe Monopoly
https://www.garlic.com/~lynn/2008d.html#52 Throwaway cores
https://www.garlic.com/~lynn/2008h.html#80 Microsoft versus Digital Equipment Corporation
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: How to defeat new telemarketing tactic Newsgroups: alt.folklore.computers Date: Sun, 08 Feb 2009 11:25:06 -0500jmfbahciv <jmfbahciv@aol> writes:
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
It wasn't that they have no metric ... it was that they no longer had to
care. Some number of institutions are in trouble because of this and
other imprudent and bad business decisions. I've mentioned past CSPAN
program with panel of representatives from mortgage industry ... and
they were somewhat torn between claiming that the industry was ignorant
and totally incompetent and just ignored all prudent business processes.
https://www.garlic.com/~lynn/2008s.html#5 Greed - If greed was the cause of the global meltdown then why does the biz community appoint those who so easily succumb to its temptations?
As a result of a period of really, really bad business practices by lots of the institutions ... their financial matters are really a mess ... the big problem is cleaning up the horrendous mess they made for themselves and getting their books back into some rational state. Several people in the past couple weeks have gone on the record that several of the major financial institutions are insolvent and should be allowed to fail and go into bankruptcy ... and not be allowed to linger on using government funds.
In congressional hearings last fall made several statements that both the rating agencies and the toxic CDO sellers/issuers knew that the toxic CDOs weren't worth triple-A rating, but the sellers/issuers were paying for triple-A rating. They further observed that in the early 70s, the rating agencies "mis-aligned" their business process by changing from buyers paying for the ratings to the sellers paying for the ratings (greatly increasing potential for conflict of interest).
A month ago there was news item mentioning IDC was helping gov. try and
price the toxic assets. Past posts mentioning IDC (early cp67
timesharing service bureau moving upstream in providing financial
information) bought "pricing services" division from one of the rating
agencies in 1972 ... period that testimony mentioned rating agency
business model became misaligned.
https://www.garlic.com/~lynn/2009.html#21 Banks to embrace virtualisation in 2009: survey
https://www.garlic.com/~lynn/2009.html#31 Banks to embrace virtualisation in 2009: survey
https://www.garlic.com/~lynn/2009.html#32 Banks to embrace virtualisation in 2009: survey
Past couple days ... there have also been several people interviewed saying that there will always be a problem trying to price some of these complex securitized instruments ... that they have to be broken down into their individual loans ... and priced like before.
There is some issue with trying to price toxic CDOs because of the
complexity of the way some have been sliced and diced and then stiched
back togther. There is also the issue (from old threads) where FUD
damaging trust in the rating agencies froze up market in more
traditional financial instruments (that don't have all the obfuscation
of toxic CDOs ... but having been paid to give triple-A ratings to toxic
CDOs ... what else might they have done) ... aka Warren Buffett stepping
in to unfreeze the muni bond market:
https://www.garlic.com/~lynn/2008j.html#20 dollar coins
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008o.html#45 The human plague
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
https://www.garlic.com/~lynn/2008p.html#60 Did sub-prime cause the financial mess we are in?
Mortgages/loans used to be by regulated institutions using deposits. Being able to unload the loans as toxic CDOs ... the (often unregulated) lenders no longer had to care about the lendee (every loan made was a profit for them, regardless of who, what, why the loan was for). The triple-A ratings significantly increased the institutions that would deal in toxic CDOs, and therefor also greatly increased the amount of money for these lenders.
No documentation, no-down-payment, 1% introductory rate ARMs with interest-only payments, became extremely attractive for speculators since the carrying cost was significantly less than the home appreciation in numerous markets (planning on flipping before the rate reset). the large amount of speculation, in turn, significantly increased the inflation in the market. eventually the bubble bursts but while it lasted ... lots of people were raking in the money.
Plot avg. home prices as well as the ratio of avg. home prices to avg. salary back to 1970 ... there is a huge, ugly pimple/boil/bubble starting the early part of this decade that has not fully deflated.
Basically, speculators were able to treat the home market like the 1920s unregulated stock market. The speculation not only fueled the ugly home market price spike ... but also created the impressison that the demand was greater than the supply. Not only is the price bubble having to deflate, but prices may reset to lower than the original point as the excess supply has to be sold off (law of supply and demand).
There shouldn't be a return to the irrational lending practices fueled by securitization and toxic CDOs. In the hot real estate markets (earlier in this decade) the combination of big spike (that has to deflate) and excess supply/overbuilding (having to be sold off) creates ambiguity about where the property values will reset to ... and contributes to downward pressure on lending.
However, there are lots of communities that never really got into the
big inflation real estate spike ... and community financial institutions
that continue to make loans like they have always done. I previously
mentioned CSPAN interview with somebody from community banking that said
they will be somewhat affected ... because the FDIC will have to
increase assessments for all banks (reducing the money they
traditionally have had to lend) ... in order to cover the take-over cost
of all the bad/failing institutions
https://www.garlic.com/~lynn/2008s.html#18 What next? from where would the Banks be hit?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: How to defeat new telemarketing tactic Newsgroups: alt.folklore.computers Date: Sun, 08 Feb 2009 14:03:53 -0500re:
with toxic CDOs/securitization, lenders could obfuscate the underlying value (going back at least two decades ago to S&L crisis)
with paying for triple-A ratings on toxic CDOs, the number of institutions that would buy them was enormously increased and the amount of money available was enormously increased.
The combination of enormous amount of money and securitizaiton (lenders not having any motivation about loan quality) was leveraged by speculators to treat the home market like the unregulated stock market of the 20s. The resulting credit crisis has some simularities with the '29 stock market crash and some differencies ... in part because of difference between stock ownership and home ownership. Crashing the home market permeates out into lots of segments of the economy.
some quotes found in the Glass-Steagall hearings ... recent post
https://www.garlic.com/~lynn/2009b.html#73 What can we learn from the meltdown?
Brokers loans made by, as cause of speculative mania in years prior to
1929 in opinion of Otto H. Kahn 1010
"Uncontrolled" because even where made indirectly through banks,
reserves against such loans were not required and because completely
unregulated, said Charles H. E. Scheer 6313
... snip ...
This is all on the lending side (frequently by unregulated institutions that didn't need or require deposits as source of funds) ... turning home market speculation into the 1920s unregulated stock market.
There was then a lot of (other) problems with the institutions buying these triple-A rated toxic CDOs (some of them traditional banks that weren't actually making the original loans ... but were now buying/investing in the triple-A rated toxc CDOs.
Part of the issue was some number of the institutions were playing
long/short mismatch, which has been known for centuries to take down
institutions. One past comment was that Lehman and Bear-Stearns had
marginal chance of surviving playing long/short mismatch (independent of
the heavy leveraging, whether or not the toxic CDOs deserved their
triple-A rating, and being carried off-balance). past post:
https://www.garlic.com/~lynn/2008o.html#37 The human plague
decade old Fed article about playing long/short mismatch
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
Also, as in the parallel with the crash of '29 ... numerous banks were
also carrying these instruments off-balance. Last year there was betting
that Citi was going to win the "write-down" sweepstakes (delaring the
largest losses). Even after Citi had won the "write-down" sweepstakes,
there was observation that Citi still was carrying $1.1T of toxic assets
off-balance (and would evenually have to bring them back onto the
books) ... recent post
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes
and some other references
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
http://www.nakedcapitalism.com/2008/07/wither-citigroups-11-trillion-of-off.html?showComment=1216055460000
Some number of financial institutions are considered insolvent because of all of these toxic assets they are carrying. This is independent of the problem with the ambiquity being able to value collaterial assets as part of lending (in a falling market). Which is also independent of loss of confidence/trust in rating agencies (because of the triple-A ratings on toxic CDOs) that had been integral to investment decisions.
This is my past comments about deregulation and lack of regulation
enforcement resulted in lots of separate hot beds of greed and
corruption to merge into an economic firestorm
https://www.garlic.com/~lynn/2008f.html#79 Bush - place in history
https://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008o.html#82 Greenspan testimony and securization
https://www.garlic.com/~lynn/2008p.html#60 Did sub-prime cause the financial mess we are in?
https://www.garlic.com/~lynn/2008q.html#20 How is Subprime crisis impacting other Industries?
https://www.garlic.com/~lynn/2008s.html#57 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#62 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#30 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: How to defeat new telemarketing tactic Newsgroups: alt.folklore.computers Date: Sun, 08 Feb 2009 14:25:23 -0500re:
... to repeat, i've made some number of references to a lot of these hot beds and greed and corruption had been around for some time ... it was, in large part deregulation and lack of regulation enforcement allowing them to combine together into an economic firestorm.
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty years of
financial deregulation. Now we are seeing chickens coming home to
roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
... snip ...
pbs web pages (previously mentioned) discussing enron, worldcom,
deregulation, repeal of Glass-Steagall
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
There was CSPAN program that mentioned during the congressional session that repealed Glass-Steagall, the financial industry contributed $250m to congress ... and in the most recent session that passed the $700b bail-out bill, there were $2b in contributions.
Enron and Worldcom had also been laid at the deregulation door. Supposedly Sarbanes-Oxley was going to correct some of it.
With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
Possibly in part because SEC didn't seem to be doing anything, GAO
started doing database of executives fiddling public company financial
reports (in spite of SOX). The executives get a boost in compensation
based on the fiddled numbers. Later the financials may be restated
... but the compensation not forfeited. One example was in 2004 Freddie
was fined $400m for $10b fiddling of financials and the CEO replaced
... but allowed to keep tens of millions (hundred?).
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
Then there congressional hearing last week into the Madoff ponzi
scheme ... which had a person that has been trying to get the
SEC to do something about it for the past decade ... recent posts
https://www.garlic.com/~lynn/2009b.html#65 What can agencies such as the SEC do to insure us that something like Madoff's Ponzi scheme will never happen again?
https://www.garlic.com/~lynn/2009b.html#73 What can we learn from the meltdown?
In his testimony, there was repeated theme that crooks & fraud thrive where there is lack of visibility and transparency ... and the major recommendation is to change the culture to provide transparency in all aspects of the operations. There is need for new legislation and regulations, but they will always lag behind the crooks. Much more important is creating institutional and infrastructure transparency.
A couple other tidbits:
could only think of one person at SEC (in some field office, gave
their name) that had any understanding of financial transactions
... all the others at the SEC had no understanding (and were mostly
lawyers).
only 4% of fraud is turned up by audits ... over 50% from tips; tips
are 13 times more effective than audits. SEC has a 1-800 hotline for
companies to complain about too vigorous investigation. there is no
corresponding "tip" line.
The Madoff ponzi scheme isn't the only one, in the process of turning
over detailed documentation to the authorities about a (different)
"small" $1b ponzi scheme.
if it wasn't for the current financial crisis, the Madoff ponzi scheme
easily could have continued to $100B
None of the clients he advised, had gotten involved with Madoff
...
Long-winded decade old post mentioning some of the current issues
https://www.garlic.com/~lynn/aepay3.htm#riskm
We had been called in to consult with a small client/server startup that
wanted to do payment transactions on their server ... and they had this
technology they wanted to use called SSL. there had to be a whole lot of
work to turn technology into actual business processes to do financial
transactions (frequently now called "electronic commerce"). then in the
mid-90s, we were invited to participate in the x9a10 financial standards
working group which had been given the requirement to preserve the
integrity of the financial infrastructure for all retail payments ... which
resulted in the x9.59 financial standard ... some references
https://www.garlic.com/~lynn/x959.html#x959
Somewhat as the result of "electronic commerce" & x9.59 work, we were
asked to come in to NSCC (since combined with DTC and renamed DTCC) to
see if we could do something similar for all the operations in the
securities industry. After some amount of effort, it was eventually
suspended because a side-effect of the increased integrity would have
created significantly more transparency in all aspects of the industry.
This ran into conflict with pervasive cultural for lots of obfuscation
and lack of transparency
https://www.garlic.com/~lynn/2008s.html#63 Garbage in, garbage out trampled by Moore's law
misc. past posts mentioning Glass-Steagall:
https://www.garlic.com/~lynn/2008b.html#12 Computer Science Education: Where Are the Software Engineers of Tomorrow?
https://www.garlic.com/~lynn/2008c.html#11 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008c.html#87 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008d.html#85 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008e.html#42 Banks failing to manage IT risk - study
https://www.garlic.com/~lynn/2008e.html#59 independent appraisers
https://www.garlic.com/~lynn/2008f.html#1 independent appraisers
https://www.garlic.com/~lynn/2008f.html#13 independent appraisers
https://www.garlic.com/~lynn/2008f.html#17 independent appraisers
https://www.garlic.com/~lynn/2008f.html#43 independent appraisers
https://www.garlic.com/~lynn/2008f.html#46 independent appraisers
https://www.garlic.com/~lynn/2008f.html#53 independent appraisers
https://www.garlic.com/~lynn/2008f.html#71 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#73 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#75 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#79 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#94 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#96 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#97 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#2 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#4 CDOs subverting Boyd's OODA-loop
https://www.garlic.com/~lynn/2008g.html#16 independent appraisers
https://www.garlic.com/~lynn/2008g.html#44 Fixing finance
https://www.garlic.com/~lynn/2008g.html#51 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#52 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#57 Credit crisis could cost nearly $1 trillion, IMF predicts
https://www.garlic.com/~lynn/2008g.html#59 Credit crisis could cost nearly $1 trillion, IMF predicts
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008g.html#67 independent appraisers
https://www.garlic.com/~lynn/2008h.html#1 subprime write-down sweepstakes
https://www.garlic.com/~lynn/2008h.html#28 subprime write-down sweepstakes
https://www.garlic.com/~lynn/2008h.html#32 subprime write-down sweepstakes
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008j.html#12 To: Graymouse -- Ireland and the EU, What in the H... is all this about?
https://www.garlic.com/~lynn/2008j.html#66 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#28 dollar coins
https://www.garlic.com/~lynn/2008k.html#36 dollar coins
https://www.garlic.com/~lynn/2008k.html#41 dollar coins
https://www.garlic.com/~lynn/2008l.html#42 dollar coins
https://www.garlic.com/~lynn/2008l.html#67 dollar coins
https://www.garlic.com/~lynn/2008l.html#70 dollar coins
https://www.garlic.com/~lynn/2008m.html#16 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008m.html#73 Blinkylights
https://www.garlic.com/~lynn/2008n.html#12 Blinkylights
https://www.garlic.com/~lynn/2008n.html#19 Blinkylights
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#78 Isn't it the Federal Reserve role to oversee the banking system??
https://www.garlic.com/~lynn/2008n.html#99 Blinkylights
https://www.garlic.com/~lynn/2008o.html#12 The human plague
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#19 What's your view of current global financial / economical situation?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#37 The human plague
https://www.garlic.com/~lynn/2008o.html#39 The human plague
https://www.garlic.com/~lynn/2008o.html#43 The human plague
https://www.garlic.com/~lynn/2008o.html#44 The human plague
https://www.garlic.com/~lynn/2008o.html#51 Why are some banks failing, and others aren't?
https://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008o.html#83 Chip-and-pin card reader supply-chain subversion 'has netted millions from British shoppers'
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008q.html#26 Blinkenlights
https://www.garlic.com/~lynn/2008q.html#66 Blinkenlights
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
https://www.garlic.com/~lynn/2009.html#58 HONEY I LOVE YOU, but please cut the cards
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
https://www.garlic.com/~lynn/2009b.html#48 The blame game is on : A blow to the Audit/Accounting Industry or a lesson learned ???
https://www.garlic.com/~lynn/2009b.html#49 US disaster, debts and bad financial management
https://www.garlic.com/~lynn/2009b.html#52 What has the Global Financial Crisis taught the Nations, it's Governments and Decision Makers, and how should they apply that knowledge to manage risks differently in the future?
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
https://www.garlic.com/~lynn/2009b.html#54 In your opinion, which facts caused the global crise situation?
https://www.garlic.com/~lynn/2009b.html#58 OCR scans of old documents
https://www.garlic.com/~lynn/2009b.html#59 As bonuses...why breed greed, when others are in dire need?
https://www.garlic.com/~lynn/2009b.html#60 OCR scans of old documents
--
40+yrs virtualization experience (since Jan68), online at home since Mar70