Re: More info for E*TRADE users

["George, Michael" <Michael.George () PS NET>]

> The trouble is the people who really need to read Bugtraq aren't doing
it ;).

> I suspect most of the aspiring attackers are reading Bugtraq. The decent
> defenders are reading Bugtraq. But the clueless coders aren't. And I
> believe the clueless coders vastly outnumber the Bugtraq'ers.

Lincoln, while it is true that Bugtraq may be a double edged sword, I wouldn't trade it for NOT knowing.  In the case 
of E*TRADE, I forwarded that up the chain at my company since we use E*TRADE to manage our Stock Purchase Program.  
Bugtraq helps apply pressure to get things fixed.

Also, about the script/code kiddies in the crowd.  These guys may be "black hats" today, but will probably end up as 
"white hats" when they graduate college and go on into careers.  Maybe Bugtraq serves as an education on "HOW TO CODE" 
and "HOW TO IMPLEMENT SECURITY" if you want to remain hack free..  It is sad that the same coding mistakes are made 
year after year after year.

So keep the info flowing.  It is the only way to get things fixed.  Many of us out here in BugTraq are lurkers and use 
the information that is provided to "shore up" defenses and/or demand that vendors (who we pay a lot of money) fix 
security holes.  We don't always have time to "post" and/or beat our drum loudly in the newgroups, but behind the 
scenes a lot is going on.

-Michael George III