We are happy to announce the release of Jigsaw daytradr 5004. The software can be downloaded here. We have fixes (in release notes) and also - this is the first time we've released security-specific changes. Note - if you see any errors loading the members pages - clear your browser cache, it'll be because of additional security features on our servers.
We became aware in January that a group of hackers were specifically targeting trading platforms and that we were on the list. Not only was the platform targeted but our servers too. Fortunately, the servers weren't breached - but the hackers did have limited success with the platform and then announced they were "going after Jigsaw's servers" - but how?
We communicate with the servers via secure HTTP - the same protocol used by your browser when you log on to a secure website and something I'd presumed safe. That was until a friend came around and showed me how, by installing a fake certificate (in 5 minutes), it was possible to view the traffic between any secure website (or daytradr) and the servers. Someone would still need access to your PC to do that - but that can be done by sending you a link on an email that you click without thinking. It can also be done with any file attachment you open, especially spreadsheets. If that happens, then HTTPs doesn't appear to protect you.
Anyway - the upshot is there was a hole that needed plugging. We were fortunate that we had someone who spoke Chinese and who spotted this in China and that they announced their plans to attack our servers, so we could work to protect them. Since January, we have been working on this, our take was "We shouldn't do another release without addressing this". We've increased piracy protection, added multiple layers of encryption on top of HTTPs, and put up firewalls on the servers to prevent breaches.
Note that when you do use the platform, you will need to re-enter your password - this is because we decided to use a different encryption approach to passwords stored in XML files, just in case the encryption keys have been exposed.
Note also, that older versions will still work after these changes, but at some point in the future, they will be retired - something we'll do by switching off the old approach to connecting to our servers.
We also have bug fixes - which will be in the release notes, the beta for V5 will be completed on 3rd April.
Trade Copier
Note that we have already commenced the design and coding for 5.0.0.6 - which includes a trade copier. In that, a 'parent' order will be able to have 'child orders' on other accounts. We would like feedback on this feature. There is an RFI thread here - if you are interested in trade copier functionality, please go and leave your comments.