Slashdot Mirror
CNBC Software Flaw Worth $1 Million?
Strudelkugel writes "BusinessWeek tells the story of one obsessive fan who unraveled a software glitch worth one million dollars. Jim Kraber was a regular CNBC viewer, and when the opportunity arose he took the 'Million Dollar Portfolio Challenge' very seriously. At one point, he was spending 12 hours a day on the contest, using three computers to trade 1,600 different portfolios in a theoretical stock game. His efforts got him into the top 20 finalists, but in the last round of trading he noticed some unusual patterns. 'One trader had a stream of near-perfect picks, consistently placing huge bets on shares that soared in after-hours trading. Kraber suspected the trader and perhaps others were getting help from someone who was changing their picks after the stocks' increases — and he quickly notified CNBC ... Kraber says CNBC rebuffed him at the time, but now it looks like he may have been right.'"
He didn't go "all in" on Novell stock.
Peace sells, but who's buying?
Looks like Kraber wasted a lot of time, effort, and electricity and has nothing to show for it but 'TFA'.
I find that Marketing departments are completely unfit to provide a secure platform for fun & just competition.
It usually is a very talented guy, who however has his focus on the looks, not the engine.
I once, for curiosity's sake took part in one contest. Scoring poorly, I began to analyze the inner workings of that FLash site.
I have quickly found that the answers to the trivia question were stored in plaintext in my browser cache!
I notified the organizers, but no actions were taken, I also soon began to notice how people bagan to score more than it was possible according to the game's rules.
Eventually, they didn't change a thing, except banning people beyond certain score, in the end all my friends got the prizes, CD players, cups etc.
One year later there was a new contest, almost identical glitches, this time however I decided not to get my friends in trouble, just in case.
Capitalizing on real software glitches is something that happens frequently on more volatile markets like the foreign exchange (fully automated since for retail brokers since 2000). Once the cat gets out of the bag however, the immense loss of the brokers (who usually automatically place orders opposite the sheeple, who are expected to lose on average) causes an alert. Nobody can fool the money markets on things like this for too long.
On the other side, automated trading means that brokers can engage in dirty practices like sending incorrect data to a particular client connection to trigger a trade (they call this stop hunting). Again, this is found out when clients compare data streams from more than 1 broker.
Dangerous stuff. If you are good, try to stay invisible.
Trading is nothing but a gamble most of the time.. He gambled his time and money, and like many lost out completely. And you never know, maybe the 'other trader' found an even more Efficient Market Hypothesis.
Looks like whoever created the CNBC datapool was only faking real time stock quotes. Most likely, they didn't build the infrastructure right and so that had to cache the quotes for a little while before they were available on the site. If others had access to the tick streams before the results were available from the cache, then they would have an advantage and essentially be able to rig the game. Seems like CNBC's claims about real time data could be throwing a lot of people off in their investing.
ccalam - acoustic versions of new songs.
Seems Kraber was certainly violating the spirit of the contest, if not the letter. Relying on 1600 portfolios and the law of averages to "win"? Seems like he's pissed that somebody else found a better, easier way to cheat.
Botnets running on compromised windows machines run > $10k / hr for the larger ones.
So in a way, they can.
That's what you get in an industry built upon speculation and where fractions of a second can be the difference between loss and profit.
If it wasn't for all the interests and lobbies, we'd see a real-time system that trades for ex. once a day at market close or open. By realtime I mean the trade happens at the actual moment it's made, not just logged and then carried out en masse later on, just clearing the differences.
And I always wondered: what the hell's with shorting and margin trade. Why is this shit allowed at all. You can't do anything with such a model but speculate, taking money from people who produced it and randomly spreading it to a bunch of speculators.
More power to the guy if he can keep the $10K he won in the free and clear.
.etc).
As for me, I used to write software for a living and am now unemployed.
Past efforts to earn ANY money since then yielded little or no results.
Offering software I wrote for sale yielded miserable results.
Efforts to get a 'real' job somewhere in the retail/service industry got me nowhere....
So I've pretty much given up writing software for money and took up 'e-poker' to pass the time while reading slashdot and whatnot.
I have had enough success playing for playmoney online that I'm making a go at doing it for realmoney for a living.
Barry Greenstein, one of the best poker players around used to write software for a living back in the 1980s (remember Q & A?) and gave it up.
In an nutshell, poker is 'business' minus the 'BS' that just get in the way of the exchange of money from one party to another (mindless pushy advertising, incompetent staff, labor disputes, greedy shareholders, lawsuits, office politics, insider trading,
In poker I've found more of a challenge than I did writing software for a living--by comparison, the stuff I co-wrote ran day to day business at 2 firms I did work at. The software was constantly tweaked at a moment's notice--it was exciting as it was nerve-wracking.
By the end, the stress burned me out and gave me mild headaches.
I don't get that anymore and I feel much happier.
In 'pokerland' everybody is on the same page so I have no problems that some win a prize and others don't. Basically you make a choice and if things work out, you get rewarded (much like real life).
Shenanigans and a prize of 1 MILLION DOLLARS?
There's a Doctor Evil joke in there somewhere, but I can't figure it out.
"Imagine, right... nononono, listen, listen. Just imagine... if all this was real money!!!
This has the same kind of feel to it.
And I have to ask, if the guy's prepared to spend 12 hours a day doing this with "Monopoly money", even sacrificing his professional accreditation studies in the belief that he might end up as the best market-player in over 300,000 and win $1m... why the hell isn't he just playing the stock-market??
Meta will eat itself
From: Mark Hoffman, CNBC, Inc.
Steve Ballmer, CEO Microsoft Corp.
To: Jim Kraber
Re: Software Glitch
Dear Mr. Kraber,
I regret to inform you that, after a thorough investigation of the alleged trading irregularities by independent Microsoft software engineers, we have determined that the perceived trading irregularities were not the result of a software 'glitch' or 'bug', but were in fact security features.
We sincerely apologize for any inconvenience this may have caused.
-Mark Hoffman
Steve Ballmer
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Wow. I'm surprised this could still happen. Back in the 90s, there was a mutual fund that got ripped off by the same practice. Basically they would let you buy into the fund after the market close, and still get that day's price. Well you can guess what happened. People would watch the stocks that were in the fund and if they went up, they'd buy into the fund at the old price. Of course that ended up costing someone real money since the fund would then have to buy those stocks the next day at the higher price.
Can I get a cooky now?
This reminds me of an old email/fax scam trick. You start sending 1600 messages to people on a stock that's going to have big news the next day, either very good or very bad, no one knows. To 800 of those people, you say it will be good, and the other 800, you tell them it will be bad. The next day, you take the 800 who you predicted the right answer for, take another stock with big news coming out, and 400 of those people will end up with the right answer. Then 200, and on the 4th day, 100. Now for those 100 remaining people, you send a message saying that you've been giving valuable stock picks for the past 4 days and how much would they be willing to pay for your tips. The moral, everyone is a winner when your losers don't count. If you were hoping to find a good stock trader from this contest, this wasn't the way.
As for the bigger picture, I'm not a fan of "trading", though it does have it's place. I'd rather use the market for long term "investing" and doing something that provides value to the world with the rest of my time. But just like with power and politics, money corrupts, so we should expect that people will abuse the system and just do our best job ensuring we aren't the ones they are abusing.
QQ PVP server L2P noob.
I have collected an assortment of market links re: daytrading, financial information exchange protocols, etc.. And if we can find any better links, that would be useful- the stock markets do not need to remain hidden from our eyes.
42-years old and spending 12 hours a day playing a stock trading game. Wasn't there an MMO he could be applying himself to instead?
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Looked like it worked pretty well for the top players. Some of them may have collected 10K for the top slot on a particular week and almost ended up with a cool million. Save for the efforts of a few heads up players they might have gotten away with it.
It's also worked pretty well for the Republicans.
That doesn't make it right, but it's hard to argue with success.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Because he first has to get other people money to trade with. Else he is what is known as a day trader, a mug who bets his own money on the stock market. To see how the stock market is really run, take a look at Liars Poker.
was Re:Fantasy stock markets.
davecb5620@gmail.com
"dirty practices like sending incorrect data to a particular client connection to trigger a trade"
This *is* interesting. Do you have anymore detailed information as to how this is done. What technology is the data connection run on? How is it possible to fool.
davecb5620@gmail.com
The Higher Criticism, which started out in Germany in the 19c with the aim of establishing a definitive chronology of Biblical events, laying out exactly what the historical evidence for them was, and to data all the various books, used this as a criterion. Scholars still do.
The rule is that if some publicly dateable event is clearly forecast in a text, the text was written after it. How long after is a question. Hume made a similar point. Miracles are by definition violations of natural law. To the extent that they are miraculous, it must be more probable that the natural law held and that either experimental conditions were not correctly reported or the story is false. So they end up either not having happened, or not being miracles.
Funny to see this stuff coming up in exactly the same reasoning about stock market predictions....
Where is Intellectual Weapons when you need them!
I met someone who did very well in a "virtual stock portfolio" competition, organised I think by a major financial newspaper, and won $thousands.
In this competition, players were supposed to use the publicly-available stock price data, which is delayed by a few minutes. His trick was to use the paid-for real-time data and so was able to buy and sell in advance of price changes in the competition's official prices.
The ironic thing was that he got his subscription to the real-time data as a prize when he did well - honestly - the first year that he took part! He even told the competition organisers that this prize would help him to do even better next year, but they chose to overlook (or were too stupid to understand) the consequences of what they had given him.
So the web programmer read out the current price and stored it in the browser until the user hits 'submit' and then uses the submitted price instead of rereading it?! I wonder if he could have spoofed form variable values and got everything at $0.01? But TFA says the trader would get the stock for whatever it was at closing, so maybe the app isn't re-passing the price. Anyway, if the programmer at least had enough of his head external to his ass to record a time stamp, they should be able to nix any trades made after hours and also nix any accounts that exploited it. But then I bet if our hero from TFA was running 1600 accounts, I bet at least once he hit submit trying to squeak by right at the close but went past close by a minute or two. It'd be a shame if he wasted 12 hours a day and got dinked for accidentally exploiting the same hole as the real cheaters. Yeah, next time check the current time on submit. Lol, I'm kind of a hack web programmer, but even I know to validate forms in the client and at the server on submit.
Or, it was brilliant marketing. Anyone who competed against a person with such an advantage would most likely feel a *need* to have such an advantage themselves. If a company (say an advertiser in the publication) were selling the accounts for real time feeds, then what better way to demonstrate the usefulness of their product?
I have helped create contests that were entirely devoted to exposing a need for a product. They can be very powerful means of driving sales.
InnerWeb
Freud might say that Intelligent Design is religion's ID.
hot pics of Maria Bartiromo or it didn't happen
"Turning the software back on historical records, he found out that Hillary Clinton's astounding record of 49 of 51 profitable IPO offerings were so statistically unlikely as to justify the Wall Street Journal's characterization as 'the likes of which God has never seen' as completely accurate. Did the traders just write down for her the profitable ones at the end of the day, and eat the losing ones themselves?"
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Someone used a flaw in software and exploited it for personal gain.
Shocker.
If there's no verification or official results posted, how creditable are these games/shows--hmm that they're games & shows says something.
Keep all of your decision-making on the server where it belongs. Let the client be a view to the server, and validate input. But don't trust the client with any control of the process. It only results in problems like this.
My roomate found out at a certain sports book online they had a bet on the Kentucky Derby that paid some good odds, like 100-1 if you just clicked on the random selection button, instead of choosing horses. The trick was you just keep clicking it, sure you got some crappy horses, so he would obviously lose $20 on those cards, but just keep clicking it, eventually you would get one of the favorites, and instead of the regular 2-1 odds, you got the 100-1. So that $20 x 100, got him $2000, minus the crappy betting cards he had to get. The next race they got rid of the random betting button :)
WTF did this have to do with Microsoft? Even the article doesn't make any mention of Microsoft. Geez.. can't believe you even got modded funny for that, stupid troll
The main screwup by CNBC appears to be the issue with multiple accounts. There were at least 5-10 times the number of accounts as there were players.
One person, one account or one person, one entry are pretty common in contests like this. I stopped really trying when I saw the same person's name come up on the weekly top ten list 7 times one week.
But the data cache thing - yeah I found it out a few weeks in - it was pretty easy to figure out as well, since I was trading mostly around closing due to the time difference.(often would forget to post a trade until after hours) - and noticed a few trades were at the new price and some were at the old one. Evidently they had an enormous backlog of data cued up that would take hours each night to process and it was an obvious exploit point. That, and the data during the day was often half an hour old compared to a quick check over at eTrade or similar, which is a 3-5 minute delay.
Anyone with access to a real-time(down to the second) link with the exchange(numerous software applications - though usually quite pricey per month) who can see the market as such would be able to beat CNBC's system because of their caching/backlog, even without this exploit. Whether this is cheating or not is going to be hard to prove, though. Most companies post their returns and profits right at closing, or within a few minutes. Even the Exchange's computers run for hours with their backlogs, so CNBC should have known this was likely to happen.
Me? I'd have had a simple script that killed all net connections - with a note that the site would be back up at opening. Maybe even yank the cable from the main router itself. With a million on the line, of course people will behave badly - right down to trying to reverse engineer the code itself if you let them.(web based games are bad for this reason - you have to be very careful, say, in an online poker game, to not give out other player's data in the background, which a few sites have done in the past)
I would have thought Jim Cramer would do very well at a simulated investment strategy game. OTOH, his show is on CNBC so he's an employee, and usually employees are not allowed to participate in contests. Oh, that's NOT a typo? It really is Jim Kraber? Never mind.
...the future crusty old bastards are already drinking the Kool-Aid.
Some events are (or were) reasonably forseeable, even without appealing to miracles. And many documents may have been (re)composed from multiple sources which may or may not have included every piece.
So, for example, if you use that line of reasoning too simplistically, you end up with ridiculously late dating for much of the New Testament, such as having documents get translated almost immediately and then sent to the ends of the (then known) world.
1) What company do you work for?
2) Are you hiring?
"It's not whether you win or lose, it's how drunk you get." -- H. J. Simpson
Was this seriously a contest, or a barometer for CNBC (and any other partners) to track good traders and potentially profit from?
-50 DKP for lame post!
No wonder vista is so expensive :p!
Hey, shouldn't insider trading be a feature of the game? :-)