My Treo finally synced and I was able to gather up all my mobile blog posts to post them. This one I wrote a couple weeks ago. Yay, sync!

So, I'm driving behind this car on the way to class tonight. It's a fairly new car, but I'm still thinking, "What a piece of sh*t." when I look at it.

After following it for about half a mile, I realize why I keep having that thought: the license plate was 4POS273, which my mind kept translating into "4 piece of sh*t 2-7-3."

I've had an account at Ameritrade since they first opened. I'm not sure why I keep that particular account, but suffice it to say, I have made them a lot of money over the last eight or so years. They claim to have this wonderful security system, that no one can get through, many IT guys working around the clock to ensure all of their clients' personal information is secure, blah blah blah.

So imagine my surprise when I received a virus/spam email address to the email address that I use for my Ameritrade account.

As in, I use that email address for only communication with Ameritrade.

The email I send to them with that email address is encrypted from my system to theirs. The only way, as far as I can tell, for that email address to get out is either from some leak on my Linux box that's been turned off for the last 10 months, or some leak in their internal systems.

As I've done with a dozen other sites and businesses that "lose" one of my very specific email addresses, I contacted them to let them know they had a problem with their systems, please look into it. Usually I get a response back the following day denying the incident, and I respond with a, "no, no, here's the system you need to look at," quoting a particular IP address. Thus far, each and every company I've contacted has eventually responded with an apology and an admittance of a virus.

Not so with Ameritrade. Instead, they let me know that the problem was clearly a bruteforce attack of spammers, by going alphabetically through the dictionary and appending my domain name to the words, they've magically come upon my secret Ameritrade email address (which, by the way, contains no dictionary words in it - none), so clearly there's no virus inside their hallowed firewalls.

Complete and utter bullsh*t.

Any network that is 1. attached to the Internet in general and 2. has people actually using it is not 100% secure, and no one, absolutely no one will ever convince me otherwise. Too many reports (which, admittedly, I should track down so that I have proof of the following statement, but at the moment, I'm distracted) detailing social engineering break-ins, "innocent" downloads or even malicious jpg images, and, well, just plain stupid people in the world to be able to guarantee a completely secure network.

Flippant answers, canned answers and completely wrong answers all annoy me. Tragically, I have little faith any of the other trading houses are going to be any more diligent in their security, or even their customer responses. Hell, a "let me forward this to our security specialists, even though I really don't think this is a problem" is better than a patronizing, "clearly you're wrong if you think there's a problem with our security" reply.

Allow me to say this will document the beginning of the Ameritrade security hole that will most likely be disclosed within the year.

Dashed up to the City with Messina to go to two events, meet up with people (Jesse!) and have dinner. I'm struck with the realization, as I stand here in Andy's jacket (freezing my ass off - what is it with the City and men who own thin jackets?), that I'm very much where I was many months ago: unable to participate in loud social events without wandering to a wall and being awkward. The funny part is that it's the noise that puts me off, not the people or approaching them. What is it with noise that I become so dysfunctional with crowds and noise?

Dang. I need my earplugs.

When I was a kid, and I didn't understand a word my dad had used, I'd ask him for the definition. Invariably, he'd tell me to go look it up. "You'll remember it better if you look it up."

Sure, I remembered it better. And, sure, in the case of looking up words, doing it myself is better.

However, when I'm helping a client, and he tells me to go look up an answer to a question I just asked about his specific site, one that directly relates to the design of his site, one that, oh, I don't know, maybe, only he can answer, telling me to go "look it up yourself" seems a little retarded to me.

If I could read your mind, I wouldn't have asked the question in the first place.

Date:   	Tue, 13 Dec 2005 16:53:39 -0800 (PST)
From:  	Mark Smith 
To:  	Kitt Hodsden 
Reply-to:  	mark@markandmeg.com
Subject:  	Re: [MisChiEf] disregard any suckem email

Kitt,

Although your identification of this problem may seem second nature to
you, this is actually a very valuable skill that few people have. I wanted
to let you know that you continually impress me with your general
excellence.

-Mark

< You may get a UPA email saying you have been added to team SuckEm.
< Have no fear.  Warren is testing out the UPA rostering interface
< and demonstrating a clear problem in the import players workflow.
< Clearly, a confirmation page should have appeared, allowing Warren
< the opportunity to remove the players that aren't on his new team
< when he imports the old team.
<
< Big THANKS to Warren for the problematic workflow demonstration!
<
< Kitt.
<
<
< Quoting warren.schechter@gmail.com:
<
<< You may get a UPA email saying you have been added to team SuckEm.
<< Have no fear, if you are not playing with suckem or don't know what
<< they are ignore it.  I am lazy and didn't want to type in people's
<< names by hand so I imported the mischief roster hence the email.
<<
<< as you were-
<<
<< warren