Page 6 of 10

Re: SysKoll's First Law

PostPosted: Wed Aug 09, 2006 6:16 pm
by A_Guest

SysKoll's First Law (apologies to Clarke): "Any sufficiently retarded stupidity is indistinguishable from evil."

I LOVE this!! Would it be okay with you for me to use it in my email sig?

PostPosted: Thu Aug 10, 2006 12:23 am
by SysKoll
Feel free! I write open source code, the least I could do is open-source my cynical one-liners.

PostPosted: Thu Aug 10, 2006 7:40 pm
by A_Guest
Thanks! You wouldn't happen to have a second law and a third law lying around somewhere, would you? I'm always up for a good piece of snark.

To include something almost on topic, I did get one phishing email sent to the exclusive sg email address I used when I ordered something from Unfortunately I didn't realize that you guys were collecting this sort of information, and I trashed it after complaining to the company about it. Their response was to provide me with a generic link explaining how one's email address could end up in a phisher's hands, and I let the whole thing drop. That was about a year ago, and no more unwanted emails have been sent to that address since then.

PostPosted: Fri Aug 11, 2006 1:55 pm
by SysKoll
According to Netcraft, runs on Windows2000:

OS: Windows 2000 Web server: Microsoft-IIS/5.0 IP:

See ...

Now, it's not too much a stretch to imagine that their IIS (or any other Windows service) has been compromised and that someone stole their email address DB. I am curious: is this method explained in the email about how addresses can get compromised? Or are they simply blaming users?

PostPosted: Sun Aug 13, 2006 6:16 pm
by A_Guest
SysKoll wrote:Now, it's not too much a stretch to imagine that their IIS (or any other Windows service) has been compromised and that someone stole their email address DB. I am curious: is this method explained in the email about how addresses can get compromised? Or are they simply blaming users?

That's a really good question. Due to what was said in the email, I assumed that they were simply blaming users, and I hit the delete button without ever clicking the link.

Re: Ameritrade settlement

PostPosted: Wed Aug 30, 2006 4:10 am
by jgombos
SysKoll wrote:Any news on their [Ameritrade's] "investigation"?

No, haven't heard back from them. I still get spam - and it's no longer purely stock spam.

My next experiment is to periodically change my Ameritrade email address to alternate domain names, or a different 2nd field, to see if the attacker is still harvesting the database regularly.

PostPosted: Fri Sep 01, 2006 4:22 am
by burnt
Here is a confirmed case of this type of occurrence:
Title: Workforce Management: information on employment law, human resource development and human resource management.

A very good resource when I needed to research some labor law issues. The price: spam
The remedy: spamgourment
It works!

PostPosted: Sun Sep 03, 2006 3:23 am
by SysKoll
burnt wrote:Here is a confirmed case of this type of occurrence:

Can you detail what you mean by that? Got some spam from them?

TD Ameritrade sells your address.

PostPosted: Tue Nov 28, 2006 11:44 pm
by jlseagull
A month after I signed up for a brokerage account, I started getting stock pump-and-dump spam on a unique address given only to them. Their customer service at first tried to blame me, then blamed "brute-force" generated email addresses. They insist it's not them.

I'm considering closing my account there.

PostPosted: Wed Nov 29, 2006 11:35 pm
by SysKoll

Is it still Ameritrade? Do you have a header that you could PM me?

Also, the problem is that if you are running Windows, the customer service will always be able to invoke the excuse that "the clueless user got an address slurping virus and blames us". Even if it's not the case here, this is such a common occurence that it's their first reaction.

jgombos, jlseagull, I'd like you to PM me the disposable address you gave to Ameritrade. If it's OK with you, I'll anomize the info and contact a security researcher about this issue.

PostPosted: Thu Nov 30, 2006 6:31 pm
by jlseagull

Ameritrade is now TD Ameritrade.

PM sent with header.

PostPosted: Wed Dec 27, 2006 12:44 am
by tcgraham
SPAM received. SG disposable address used only once with each site.

Applebees - 11330 in 31 months 365 per month - 8864 in 4.5 months 2000 per month is a retail site. Their gimmick is that they sell only one product each day. I confronted/accused them. They denied spamming.

PostPosted: Wed Jan 03, 2007 6:49 pm
by SysKoll
Netcraft reveals that is running Microsoft-IIS/6.0 under Windows Server 2003. So for all we know, their server might be infected with spambot viruses collecting email addresses.

PostPosted: Sat Feb 10, 2007 4:28 pm
by boomschtick 1215 blocked since account created 2/14/06 573 blocked since account created 5/26/06 (all porn spam)

Both used exclusively on their sites.

PostPosted: Sun Jun 24, 2007 3:26 am
by Elvey
I'M GONNA SUE! No, really-in fact I ALREADY HAVE.

Ok, put up or shut up, folks. :oops: You said you wanted a lawyer who was interested? :x I found one, and he's taken the case, on contingency. So grab a torch and pitchfork and join me! :twisted:

Well, I was in the same boat as everyone else, but I bit the bullet, contacted and retained a lawyer. A class action claim has been filed against TD Ameritrade in my name. You can sign on as well. Join the fight!
I had no idea how long this had been going on. There's some info and a FORM-CLICK HERE you can fill out if you might want to join the suit. The laws are such that class representatives are needed who reside in Alabama, Kansas, Illinois, Florida, Michigan, Missouri, New Jersey, Washington, Wisconsin, and/or West Virginia. It's my understanding that in these states, only, you can't sign away your right to be part of a class action suit - i.e. agreements to do so are unenforceable. Looks like there are dozens of folks who have also noticed the problem and have used disposable email addresses and could join, like Seth Breidbart (of Breidbart Index fame). Mention your handle here if you fill out the form.

Oh, and if spamgourmet itself is interested, that would be great!!!

The email addresses I gave to Ameritrade were of the form of spamgourmet's high security addresses. The addresses were valid for years before I gave 'em to Ameritrade, and I received no mail in that time. Many other valid addresses have also received no mail to date.

Oh and I got malware? I don't think so. Mac OS X with nothing extra on it but mozilla apps, used for nothing but my TD Ameritrade account. After they provided my address to the pump 'n dump crew the first time, I made sure there were no excuses left to point to on my end.

Ameritrade initiated the spam by providing my address, and the addresses of the other complainants on this thread and others, to the system that fed the botnet that executed the requisite SMTP commands. And all the spam to date is stock spam. Kryai's right; it's sad that efforts like his (I've done the same) to responsibly report security flaws are routinely ignored.

Why do they deserve this?
I think Ameritrade has repeatedly lied to their customers about the problem for years, instead of fixing it. That's the kind of gross negligence that merits legal action. And that's assuming ameritrade even has a security problem, as opposed to a lack-of-ethics problem. Perhaps Ameritrade didn't send the spam, the logic being that they make serious money already, and hence wouldn't be so stupid as to set themselves up for such a huge liability. I somewhat buy the argument, however Skilling and Fastow et. al of Enron were dumb enough to set themselves up! Smart people do incredibly stupid things with great regularity. (There's even a book with approximately that title about it!)