I don't know if anyone mentioned that already. All IB users should be very careful with free API software available for TWS. IB does not recommend, test or support any of these application (and for good reason). anyone can build one of these, offer it to the public.. then, they have full access to your computer and know you are an active trader and know you are with IB. in the beginning I was very happy with all the charting, easy front end programs etc... now I don't install any of them (but one I have for a very long time). and I wrote my own software. remember this : just like in real life, thieves often simply enter through the door.
this program is likely to be a disaster, it requires a token to be carried around. if you travel it will likely prove to be adisaster. i suggest obviously people be more careful with your passwords and who has access to their computer.
you're kidding me. 1. You don't have to sign up; 2. if you've got a significant sum of money under management the extra layer of protection is a blessing; 3. if i'm not mistaken, you can put them on your key ring.
Now that's a reason to always have at least 100K in your accounts! Thanks for the info. Nonono, wait a sec. IB has got nothing to do with. IB uses bloody SSL2 for TWS, account management and even the rest of it's website! As well as soon as you go into account management, you identify via certificate! Admitted, IB does deserve some bashing for a few trading reliability, server things and slow and inadequate phone support/order desk, but certainly not for security. IB is notorious about security. Even TWS runs over SSL! Blaming your broker for this is the next lamest thing after blaming your broker for your bad trades! About fault: Do you want me to be honest with you? It's your fault. You're the fool. You failed to provide adequate computer and online security to protect your assets, therefore you may not deserve them anyway. I don't need to investigate this, because I'm sure you had, otherwise you wouldn't have been attempted to be robbed. Did you have either, all or any of these? - Fully aggresively configured, exclusive-permission firewall? - Internet via a fully encrypted and VPN-like proxy-masked secure tunnelling solution, such as Anonymizer? - Fully functional and again aggressively configured virus & trojan scanning & control solution (Norton AV)? - Specialized Pest/Bug/Spyware/Keylogger control solution, such as PestPatrol? - Fully secured email solutions? Encryption of emails? - Extensive encryption solutions for sensitive information, files, communications, hard drives etc, I.e. PGP? It's free and it's must. I leave this to answer to yourself. Now let me ask: Are you guilty of any of the following? - Using same passwords for different things - Using as passwords words that can be found within your environment / life? (Social engineering target) - Using passwords that don't contain both numbers and characters, including number-row characters and upper/lower case? - Not changing your passwords regularly? - Accessing sensitive accounts from public internet terminals? - Not logging out from email account on the latter before leaving? - Not making full use of privacy features, as given I.e. on Hotmail login? (If you use Hotmail, god beware) - Using a system that is easily accessible/hackable because hard to restrict? If you must use Windows, XP Pro is your only choice! Period! If you are a halfway serious trader, dealing money on the internet, every day, then you should know all this, or not trade! If you walk through the Bronx at night in a suit with a suitcase that has "my trading money" written on it, and get mugged, is it the bad man's fault? LOL! It's your fault, big time! I think I can save myself explaining why. Don't see the internet as any safer. In fact, it's a lot less safe than walking through a dark suburb at night. On the internet, anybody can attack you from anywhere at any time. You better go and get good armor before you use it extensively! You can say you didn't know, but sorry, that's an obsolete excuse in the 21st century. There's an interesting saying that's quoted even by the judges in Germany, it says "Unwissenheit schuetzt vor Strafe nicht." Which translates about as: "Not knowing doesn't prevent you from punishment." More quotes? A fool and his money, will soon be parted. If someone with money meets someone with experience, the one with the experience will soon have the money, and the one with the money will have the experience. Always remember it. Being burnt is good, it teaches you. Experience is your greatest teacher, so honor it and act on it. A mistake only becomes bad in the moment you fail to learn from it. As it says in NLP: To FAIL = From Actions I Learn. Blaming is always easy, but gets you nowhere. Stop blaming others (IB) and start taking responsibility. Good Luck! This information was provided to you for free. Scientist.
Computer systems can be compromised: yours probably was. The attacker probably grabbed your certificate and used this in combination with your password etc to change the email address etc. There are however a couple of simple ways that this can be stopped by the vendor - IB or somebody else. One simple way to do this that comes to mind is to require additional information/steps upon any change request to the account information - Now IB already does this in a way using email but they could add another level of verification. This if course would increase their costs. There is a relatively cost effective way to stop even a hacked account and that would be to use a hardware and networking fingerprint that is uniquely identified with your workstation. This however would complicate the authentication system and add to costs - requiring additional workflow/business process steps. I however believe that this type of system is a worthwhile investment and we have implemented it in our businesses where account integrity is of high importance and business value.
Are we all paranoid? If you listen to that stuff you just live in constant fear of getting spied upon or robbed. I heard about Trojans that retrieve all the info on your PC but how do they get on your PC? Can you get one if your are on a wireless network with other users downloading file sharing software and who knows what, can other people on the network hack into your PC (through a router and a firewall like the free ZA )? I rarely download anything but porn, heard you can't get a virus from picture files (is this true?), someone implied you can get a Trojan when browsing can this happen without you downloading anything? Still in the unlikely event someone manage to get sensitive information and wire money out of your account , wouldn't that be tracable? Wouldn't you get your money back in the end?