Well, I was in the same boat as everyone else, but I bit the bullet, contacted and retained a lawyer. A class action claim has been filed against TD Ameritrade in my name. Others just started signing on as well. Join the fight! (and please mod this up!) I had no idea how long this had been going on. There's some info and a form [eplaw.us] you can fill out if you might want to join the suit. The laws are such that it makes sense to join the claim if you reside in Alabama, Kansas, Illinois, Florida, Michigan, Missouri, New Jersey, Washington, Wisconsin, and/or West Virginia. It's my understanding that in these states you can't sign away your right to be part of a class action suit - i.e. any agreement to do so is unenforceable. Looks like there are dozens of folks who have also noticed the problem and have used disposable email addresses and could join, like Seth Breidbart (of Breidbart Index fame). Mention your slashdot handle if you fill out the form.
Oh, and as for the poster who mentioned spam to jsmith@bar.example.com being an issue: The email addresses I gave to Ameritrade were of the form jsmith@bar.example.com. The checksum is something based on jsmith, that I can calculate in my head, and have written a sieve script to calculate. Only when the checksum verifies is the mail allowed in. Otherwise I log it as a DHA attempt. I started giving out these email addresses a several years ago, and only relatively recently had to write the sieve code. 6Yankee: it's worthwhile! Oh, and yes, there were multiple controls in the experiment. The addresses were valid for years before I gave 'em to Ameritrade, and received no mail in that time. Many other valid addresses have also received no mail to date.
Oh and I got malware? I don't think so. Mac OS X with nothing extra on it but mozilla apps, used for nothing but my TD Ameritrade account. After they provided my address to the pump 'n dump crew the first time, I made sure there were no excuses left to point to on my end.
Ameritrade initiated the spam by providing my address, and the addresses of the other complainants on this thread and others, to the system that fed the botnet that executed the requisite SMTP commands. And all the spam to date is stock spam. Kryai's right; it's sad that efforts like his (I've done the same) to responsibly report security flaws are routinely ignored.
I'M GONNA SUE! No, really-in fact I ALREADY HAVE. (Score:1)
I had no idea how long this had been going on. There's some info and a form [eplaw.us] you can fill out if you might want to join the suit. The laws are such that it makes sense to join the claim if you reside in Alabama, Kansas, Illinois, Florida, Michigan, Missouri, New Jersey, Washington, Wisconsin, and/or West Virginia. It's my understanding that in these states you can't sign away your right to be part of a class action suit - i.e. any agreement to do so is unenforceable. Looks like there are dozens of folks who have also noticed the problem and have used disposable email addresses and could join, like Seth Breidbart (of Breidbart Index fame). Mention your slashdot handle if you fill out the form.
Oh, and as for the poster who mentioned spam to jsmith@bar.example.com being an issue: The email addresses I gave to Ameritrade were of the form jsmith@bar.example.com. The checksum is something based on jsmith, that I can calculate in my head, and have written a sieve script to calculate. Only when the checksum verifies is the mail allowed in. Otherwise I log it as a DHA attempt. I started giving out these email addresses a several years ago, and only relatively recently had to write the sieve code. 6Yankee: it's worthwhile! Oh, and yes, there were multiple controls in the experiment. The addresses were valid for years before I gave 'em to Ameritrade, and received no mail in that time. Many other valid addresses have also received no mail to date.
Oh and I got malware? I don't think so. Mac OS X with nothing extra on it but mozilla apps, used for nothing but my TD Ameritrade account. After they provided my address to the pump 'n dump crew the first time, I made sure there were no excuses left to point to on my end.
Ameritrade initiated the spam by providing my address, and the addresses of the other complainants on this thread and others, to the system that fed the botnet that executed the requisite SMTP commands. And all the spam to date is stock spam. Kryai's right; it's sad that efforts like his (I've done the same) to responsibly report security flaws are routinely ignored.