Is it just me, or is this retarded?
Guy posts a paranoid article on Slashdot claiming that his online trading account has been compromised because he's receiving spams to a "private" email address used only for his trading.
Err.. couldn't the emails have fairly easily been intercepted en-route? SMTP isn't exactly an encrypted protocol.
And isn't it possible that he used a weak password, or whatever?
People are telling him to file complaints with the FTC, the FBI, etc etc and all comments are basically hostile toward the trading company, but it seems likely to me that the company itself hasn't been compromised at all and there's a more mundane explanation for this guy's spam problem.
September 23rd, 2006 11:26am
The guy just says "it was coming in to an email address I had dedicated to my online trading account account." Which to me is a slightly different story security-wise. He could have used the address for other purposes before he 'dedicated' it.
But even aside from that possibility, it's not as though it's difficult for somebody to snag a random email address off the wire.
September 23rd, 2006 12:07pm
Retarded. Could be spammers just send stuff to random email address. For example, all 3 letter acronyms at some domain. Could be he registered for some newsletter and forgot about it. This guy and most of slashdot are idiots.
September 23rd, 2006 12:23pm
That's how the spammers found me. I used a too-short username, and they brute-forced their way to it.
Which is easy, when sending emails doesn't cost you anything.
September 23rd, 2006 2:29pm
Hmmm, I don't know. I use spamgourmet.com which lets you set up an account, say 'bob' then just make up email addresses as you want them, like firstname.lastname@example.org. I occasionally start getting spam from an address even though I _know_ that I won't have used it anywhere else, and it's pretty much from an address that I gave to a company I was a bit skeptical about giving my address to in the first place. I think that the company selling out my details is far more likely that some ISP or backbone grabbing it off the wire.
September 23rd, 2006 3:50pm
"Could be spammers just send stuff to random email address."
Back during the spamwars (98-01ish) it was well documented that spammers used dictionary attacks to try email addresses. That's why it's so evil to click the "click this link to stop receiving spam" link, and why webbugging was created - to verify email read by real-life people that could then be moved to the higher-revenue "send to real people" spam lists.