Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
news.admin.net-abuse.email
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Ameritrade Spam Again
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Rex Karz  
View profile  
 More options Aug 2 2006, 1:47 am
Newsgroups: news.admin.net-abuse.email
From: Rex Karz <rexkar...@yahoo.com>
Date: Tue, 01 Aug 2006 06:47:26 -0700
Local: Wed, Aug 2 2006 1:47 am
Subject: Re: Ameritrade Spam Again
Forward | Print | View thread | Show original | Report this message | Find messages by this author

Buss Error wrote:
> On 28 Jul 2006 17:01:42 -0700, "Thomas" <tomwin...@gmail.com> wrote:

>> I have decided to perform an experiment. I have just updated my
>> ameritrade addresses to a set of 47 random characters, drawn from a
>> 38-character pool (a-z, 0-9, dash, and period). Based on how slow
>> someone would have to check addresses to dictionary attack our server,
>> it would take 10^68 YEARS to guess this new email address if you ran
>> through every permutation.

> Also consider that you might be transiting someone sniffing traffic
> for email adresses between you and Ameritrade, if any of the traffic
> is with the email address is enclear. Also consider that Ameritrade's
> traffic is being sniffed by their upstream or a customer at their
> upstream doing arp cache poisioning.

> However, I agree, the most likely thing is Ameritrade has an insider
> leaking their mailling lists, followed by a comprimised system within
> Ameritrade itself.

> There are man in the middle attacks that will work with SSL, if you
> can get the browser to load a certificate.

Ameritrade leaking email addresses?

Could I dare speculate that it is AT&T that has the leaky
employee? After all, they are engaged by BigBrother to spy on all
internet traffic, ostensibily to catch Ossama and friends and
other nere do wells. So, I suppose that an unscrupulous AT&T jerk
is as good a candidate as any to attribute the leakage.

Also, given that the NSA is likely to be able to crack even AES256
at this point and that your traffic needs to be in plaintext for
BigBrother to use it, I can also easily imagine that the plaintext
is readily visible at the AT&T evesdropping points.

Just my speculation, of course.


    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2010 Google