Business Blog Posts

Declines in oil and metals prices are being seen by an increasing number of fund managers and strategists as a signal to get out of riskier areas of the equity market. And that means avoiding things like Chinese IPOs and sticking to the boring stuff, like utilities.

The growing concern is that stocks had priced in an overly optimistic economic path, and the recent breakdown in commodities and shift in equities to safer industries like health care suggest a reckoning in coming months.

Ken Fisher, founder of Fisher Investments which manages about $38 billion in equities. is among those concerned many investors have become overconfident.

"I think expectations for the stock market are a bit on the high side," he said.

The thesis that the economy may be slowing will be tested next week with the publication of two regional manufacturing reports from the New York and Philadelphia regions. They are a precursor to the bigger national ISM surveys published at the start of next month.

However, some say there is room for the market to move higher before taking a turn for the worse.

Bullish investors point to robust first quarter earnings. Just under three quarters of S&P 500 .SPX companies beat Wall Street's earnings estimates and investors have pointed to sturdy revenue growth. The S&P's index of retail stocks .RLX recently hit all-time highs.

Next week there will be earnings from some important retailers, including the nation's largest, Wal-Mart Stores Inc (WMT.N), home improvement companies Lowe's Companies (LOW.N) and Home Depot (HD.N), as well as teen clothing retailer Abercrombie & Fitch (ANF.N).

DEFENSIVES OUTPERFORM

Prominent strategists at Goldman Sachs and Credit Suisse foresee better results for stocks less tied to the economic cycle. Doug Cliggott, head of equity strategy at Credit Suisse, wrote: "Gone is the US equity performance profile that suggested bold optimism on growth."

Commodities have been at the forefront of the selling so far. Big rallies in hard assets such as gold, silver and oil ended in an ugly slump last week. Silver crashed 30 percent in its worst fall since 1980. Oil, which was until recently worrying investors with its sharp ascent, fell around 15 percent.

There are two schools of thought as to why commodities are slumping. One is that the Federal Reserve's $600 billion program to buy Treasury debt has helped investors divert funds to commodities and equities, creating a bubble in those assets, which is now starting to burst.

"Investors and market observers are divided over whether this is a big deal or not," wrote Cliggott, who wrote CS is "in the 'it's a big deal' camp."

The other is that it is a sign of impending weakness in the economy. Copper, known as the "metal with a PhD" for its ability to act as a predictor for the economy given its wide-scale industrial applications, has hit a five-month low.

The reduced appetite for speculative investments has shown in the outperformance of defensive stocks, whose fortunes are less tied to the rise and fall of the economy.

The S&P 500's healthcare .GSPA and utilities .GSPU sectors were the performance leaders over the last month, rising 2.9 percent and 2.6 percent, respectively. That's despite a 1.5 percent fall in year-over-year earnings growth in utilities in the first quarter, worst of the S&P's 10 sectors.

Healthcare, long a go-nowhere sector, has had a whopping rally. The sector has gained for seven straight weeks, and is up 14.9 percent this year, best of the 10 S&P sectors.

Energy .GSPE, down 7.8 percent in the last seven weeks, is the worst performer in that time.

Goldman Sachs says it has become "much less confident in the near-term equity picture," exiting what it called its "top trade" in U.S. banks, and doing the same with a trade that was long industrial shares relative to consumer staples.

Cliggott sees a 10 percent decline at the end of the Fed's so-called QE2 stimulus program -- which is what happened at the end of the first round of Fed buying -- as the "base case" scenario. The firm continues to recommend a short financial/long health care trade, as well as a long consumer staples/short consumer discretionary trade.

EPFR Global, which tracks fund flows, said Friday that global equity funds experienced their first outflow since mid-March.

SMALL CAPS AND IPOS

Small and mid-cap stocks, which typically lead a strong market, have started to see their relative outperformance to large caps wane. Meanwhile, momentum indicators show the strength in S&P 500 is starting to decline as well.

There are also signs of fatigue in the IPO market after a flood of Chinese IPOs and leveraged buyouts at the start of the year.

Shares of Chinese dating website Jiayuan.com (DATE.O) fell in their Nasdaq debut, while social networking site Renren (RENN.N), dubbed China's Facebook, reversed all its gains on its market debut and traded below its offer price.

Goldman argues stocks have been driven further than economic fundamentals justify by heightened risk appetite. Sentiment indicators are elevated but off highs earlier in the year, while the CBOE Volatility Index, or Vix .VIX ,is at pre-financial crisis levels, signs investors may be getting complacent.

Peter Lee, a technical analyst at UBS, is expecting the S&P 500 to run to 1,400-1,450 in the summer before topping out.

Fisher believes elevated expectations will mean the market struggles through the rest of the year. He expects a sideways movement at current levels.

David Joy, chief market strategist of Columbia Management Investment Advisers, one of the largest U.S. fund managers with over $350 billion under management, has been cutting equity exposure over the past three months.

Joy said he started the year with a modest overweight in equities, but has cut that to neutral. That was partly a response to the impending end of the Fed's stimulus program, and partly due to the potential for disruption in the energy markets, he said.

How the markets will react to the end of the Federal Reserve's massive $600 billion stimulus at the close at the end of June is a wild card.

"As we get a little closer to the end I think you could start to see the equity market's volatility start to increase," Joy said.

(Reporting by Edward Krudy and Rodrigo Campos; Editing by Andrew Hay)

The expert found a handful of security flaws in Sony's networks while remotely studying its systems via the Internet to see how difficult it would be to penetrate the electronics giant's systems in the wake of the attacks.

Security researcher John Bumgarner discovered a potential bonanza for hackers by using little more than a web browser, Google's search engine and a basic understanding of Internet security systems.

"Sony still has several external security issues that need to be addressed," said Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a research group funded by government and private sector grants that monitors Internet threats.

Bumgarner, a well-regarded Internet security researcher and U.S. military special operations veteran, identified a handful of flaws that would be easy for a hacker to identify and potentially exploit.

Sony did not respond directly to Reuters on the security lapses that Bumgarner said he had uncovered, but three of five flaws that Reuters pointed out to the company on Thursday were fixed later in the day.

"The first and most important thing to note is that protecting our customers data is a company-wide commitment that we take very seriously," a Sony spokesman said in an email on Thursday. Sony officials did not return calls seeking further comment on Friday.

It was not immediately clear if the identified security gaps allowed for access to active or defunct systems.

Several flaws remain, according to Bumgarner, who said he had viewed only parts of Sony's network that were visible over the Internet and did not attempt to break in to password-protected sites or exploit any vulnerabilities.

He found no evidence of breaches beyond the two Sony has disclosed. But he said he was able to find gateways to internal systems and locate data that would be useful to hackers by using simple techniques that he shared with Reuters.

SONY SANTA

The techniques uncovered a number of security gaps.

Through a series of Google searches, Bumgarner was able to find a software program that Sony developed in 2001 to run a SonyStyle.com Christmas gift registry and sweepstakes program called Sony Santa.

That program gathered users' names, addresses and ages. The names and partial addresses of some 2,500 of those sweepstakes contestants were posted on a website.

Sony said on Thursday that it learned of the error on May 5. The site has been taken down and Sony is working to remove any residual links to the list, a spokesman said.

Bumgarner also found an access point to a server running an identity management system that he said controls access to logins and passwords for employees throughout Sony Pictures Entertainment. He located that system by conducting a Google search using the terms "site:.Sony.com identity."

Most companies attempt to hide these servers from the prying eyes of potential hackers because these systems are linked to sensitive employee account data, he said.

In a file on Sony's website that alerts search-engine crawlers to which sections of the site that Sony wants a search engine to avoid cataloging, the company provided a link to an internal password-protected software application.

Bumgarner said the domain on Sony Corporation of America's network where the application was located was carefully hidden from view, so a web crawler or casual surfer would not have located it. But putting the URL in the file effectively served as a red flag to potential hackers who might see it as a potential weak spot in Sony's armor, Bumgarner said.

On May 4, Bumgarner located a server in the Sony network that disclosed the names, Facebook IDs and IP addresses of Sony customers who were playing online games through Facebook.

IP addresses allow somebody to track the general location of a player. He Tweeted his discovery on May 4 and Sony plugged the leak two days later.

The company installed a security management system from Riverbed Technology on the server that leaked the Facebook data. Bumgarner was able to view an access screen to the Riverbed system that had the login field filled with a user ID through May 10.

"No one should be able to point a web browser at Sony and see a security management console or find their identity management system that has been indexed by Google," he said.

Sony has fixed some of the flaws after Reuters detailed them in an email. They include removing the file from its website that tells search-engine crawlers which sections of the site to avoid cataloging. Sony disabled access to the password-protected application that the file originally pointed to and eliminated access to the Riverbed security system.

WIDESPREAD PROBLEMS

Bumgarner's research showed that the problems with Sony's systems are more widespread than the company has acknowledged. Sony has said that only its PlayStation Network and Sony Online Entertainment systems were hacked.

Most of the flaws that Bumgarner discovered were in other Sony networks -- that of the Sony Corporation of America, Sony Pictures Entertainment and Sony Electronics Corp.

Security experts say companies need to be discerning when deciding which servers to expose to the Internet.

Many of the flaws that Bumgarner discovered were identified with a tactic known among hackers and security experts as "Google hacking" -- using the search engine's advanced features to find information that would be of use to hackers.

He found the Sony Santa program by searching for items on Sony's network written in Microsoft Excel format (site:.sony.com filetype:xls).

Mikko Hypponen, chief research officer at computer security firm F-Secure, said Sony should have been more careful.

"They've been running in circles for the past three weeks," Hypponen said.

"The first thing a consultant group or an Internet response group would do is run a basic vulnerability scan and that's what they would find," he said, referring to the lapses found by Bumgarner.

Security experts have said they believe the hackers initially gained access to Sony's network through a "spear-phishing" attack that targeted a systems administrator who had broad privileges to access data on Sony's networks.

In "spear-phishing" campaigns, hackers craft e-mails with personalized messages so that the recipients let their guard down and click on links or download attachments that launch malicious software programs that take over their computers.

Once one PC is corrupted, hackers can use that machine as a base from which to launch sophisticated operations, such as the attacks on Sony's networks.

Bumgarner found a page on Sony's website that lists the names, e-mail addresses and phone numbers of IT managers that he said the hackers could have used to launch a spear phishing attack. He found that information through Google searches.

(Additional reporting by Liana B. Baker; Editing by Ken Li and Ted Kerr.)

The Labor Department said on Friday its Consumer Price Index increased 0.4 percent after rising 0.5 percent in March. The increase was in line with economists' expectations.

Core CPI -- excluding food and energy - gained 0.2 percent after edging up 0.1 percent in March and also in line with economists' expectations.

The monthly increase in core CPI has been bouncing around 0.1 percent and 0.2 percent since November. The core reading is closely watched by the U.S. central bank as a guide to monetary policy.

In the 12 months to April, core CPI was up 1.3 percent, the biggest rise since February 2010, after increasing 1.2 percent in March. Fed officials, however, would like to see that closer to 2 percent.

"This is not enough to prompt an immediate response from the Federal Reserve but they're certainly watching this. It is still our view that when QE2 ends in June the next move from the Fed will be a tightening move," said Dana Saporta, an economist at Credit Suisse in New York.

Saporta was referring to the Fed's $600 billion government bond purchasing program, also known as quantitative easing, aimed at stimulating the economy through low interest rates.

Fed officials believe high commodity prices, which undercut economic growth in the first quarter, will not have a lasting effect on inflation.

U.S. government debt prices and stock index futures edged higher on the data.

Gasoline prices accounted for almost half of the rise in overall consumer inflation last month, advancing 3.3 percent.

The pace of increase, however, slowed from March's 5.6 percent rise and further declines are likely after U.S. gasoline futures registered their sharpest daily drop since September 2008 on Wednesday and slipped further on Thursday.

Last month, food prices rose 0.4 percent after increasing 0.8 percent in March.

High gasoline prices are squeezing consumers, whose incomes are not keeping up with inflation. Average weekly earnings, adjusted for inflation, fell 0.3 percent in April after declining 0.4 percent in March, the Labor Department said.

Rising costs for housing, new vehicles, used trucks and medical costs bumped up core inflation last month. Shelter costs, which account for about 40 percent of core CPI, rose 0.1 percent, rising by the same margin for a seventh straight month.

Prices for new vehicles rose 0.7 percent last month, likely reflecting tight inventories as a shortage of parts in the wake of the devastating earthquake and tsunami in Japan disrupts production. They increased by a similar margin in March.

Apparel prices rebounded 0.2 percent from a 0.5 percent fall in March.

Overall consumer prices rose 3.2 percent year-on-year, the most since October 2008, after rising 2.7 percent in March.

(Additional reporting by Emily Flitter in New York; Editing by Andrea Ricci)