Are you saying that pump and dump can be perform on any liquid trading instrument,S&P emini for example?
Do you see any vulnerability if one only uses the webtrader? Maybe until IB comes up with a totally bullet proof solution, I will have to use the demo account to get data feed and charts, and use webtrader to enter orders. Your thoughts are appreciated.
The security device is going to preclude anyone from signing on to TWS without the use of your device. And even with your device, they would need to know your personal pin code to use your device. I suggest you review the details of the working of the security device. Now, whether anyone can get into your TWS while you're logged in is a separate question. But I'm not seeing how anyone is going to defeat my routers, firewalls, anti-viral programs, along with the security device. OldTrader
there is at least a published incident where the hacker used thin options on a thick stock. preventing hacker's access to the trading system should be the key issue here.
Thank you for a detailed explanation... Though your conclusions are obvious to any software engineer... And, most certainly, to IB's engineers. But everyone misses the point. IB makes money by offloading endless services onto the Customer... Who then bear the cost instead of IB. That's how the managers at IB think... What other costs can we transfer to the Customer? The "security device" simply transfers most of the ** risk of online fraud ** to the Customer... Because IB can easily make the False Claim that the "security device" is foolproof... And the Customer MUST be at fault... MUST be negligence or inside job. Try explaining the content of your post to a 70 year old Connecticut judge. IB's approach also fails the laugh test. People do not put 5 locks on their door... They put one good lock... plus get insurance... Because all security devices have major limitations. Unlike E*Trade that simply says "Dont worry... you are insured"... IB rejects insurance... And then tries to force you to put "5 locks on your door". The whole IB security situation is scary as hell.
SIPC only protects against a broker-dealer going bankrupt... It does not cover online fraud within a specific broker-dealer. And BD bankrupcies are very rare... less than 10/year out of 5,000 American BDs. If IB's accounts are insured for online fraud... Can a representative from IB please post a link to an IB web page explaining the insurance in detail? If not... shame.
- The only secure method I see (with the Secure Device) is to sign any order submission with it. But clearly, that is not practically viable, at least with a device that gives you a secret key each time. It would be different with a little USB token. But this would be platform dependent ! - In my scenario, WebTrader is just as vulnerable, as it is just another Front-End. I am assuming IB will require Device-based logins for both WebTrader & TWS
Regarding what I call an "advanced pump&dump": Sorry I really do not want to make any further statements as it would only harm all of us. These Hackers might be reading a thread mentioning a security device. But the Mini S&P is one of the few instruments it would NOT work with.