In the last week, a high profile bug known as “Heartbleed” was revealed in the OpenSSL software widely used to encrypt secure web sessions. A fix for it was available pretty quickly, but the main cause for concern was the risk that the secret keys that underpin the SSL certificate system may have been stolen from affected sites. Rather than try and explain what heartbleed was/is I’ll point you at the clearest explanation I’ve come across here.
The LMAX Exchange trading platform was not affected by the Heartbleed bug, but along with other recent high profile attacks and vulnerabilities (for example the Apple SSL bug) it’s been a good time to take a look at LMAX Exchange’s security standards, and some ways we are continuously improving security behind the scenes.
Heartbleed was a good test of our ability to respond. Within hours of the announcement hitting the wires we were auditing our entire range of SSL-encrypted external systems. Although none of our exchange and trading systems were affected we did uncover an issue with an internal corporate mail system, which required a slightly home made patch, as we were not prepared to wait for the vendor to provide one.
So, a quick recap of recent security related changes to the platform.
Previously in the Testing@LMAX series I’ve mentioned the way we’ve provided isolation between tests, allowing us to run them in parallel. That isolation extends all the way up to supporting a multi-tenancy module called venues which allows …
Any opinions, news, research, analyses, prices or other information ("information") contained on this Blog, constitutes marketing communication and it has not been prepared in accordance with legal requirements designed to promote the independence of investment research. Further, the information contained within this Blog does not contain (and should not be construed as containing) investment advice or an investment recommendation, or an offer of, or solicitation for, a transaction in any financial instrument. LMAX Exchange has not verified the accuracy or basis-in-fact of any claim or statement made by any third parties as comments for every Blog entry.
LMAX Exchange will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information. No representation or warranty is given as to the accuracy or completeness of the above information. While the produced information was obtained from sources deemed to be reliable, LMAX Exchange does not provide any guarantees about the reliability of such sources. Consequently any person acting on it does so entirely at his or her own risk. It is not a place to slander, use unacceptable language or to promote LMAX Exchange or any other FX, Spread Betting and CFD provider and any such postings, excessive or unjust comments and attacks will not be allowed and will be removed from the site immediately.
LMAX Exchange will clearly identify and mark any content it publishes or that is approved by LMAX Exchange.
FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved. The information on this website is not directed at residents of the United States of America or any other jurisdiction where trading in CFDs and/or FX is restricted or prohibited by local laws or regulations.
LMAX Limited operates a multilateral trading facility. LMAX Limited is authorised and regulated by the Financial Conduct Authority (firm registration number 509778) and is a company registered in England and Wales (number 6505809). Our registered address is Yellow Building, 1A Nicholas Road, London, W11 4AN.