Bugtraq mailing list archives
Re: More info for E*TRADE users
From: "George, Michael" <Michael.George () PS NET>
Date: Wed, 27 Sep 2000 09:13:59 -0500
The trouble is the people who really need to read Bugtraq aren't doing
it ;).
I suspect most of the aspiring attackers are reading Bugtraq. The decent defenders are reading Bugtraq. But the clueless coders aren't. And I believe the clueless coders vastly outnumber the Bugtraq'ers.
Lincoln, while it is true that Bugtraq may be a double edged sword, I wouldn't trade it for NOT knowing. In the case of E*TRADE, I forwarded that up the chain at my company since we use E*TRADE to manage our Stock Purchase Program. Bugtraq helps apply pressure to get things fixed. Also, about the script/code kiddies in the crowd. These guys may be "black hats" today, but will probably end up as "white hats" when they graduate college and go on into careers. Maybe Bugtraq serves as an education on "HOW TO CODE" and "HOW TO IMPLEMENT SECURITY" if you want to remain hack free.. It is sad that the same coding mistakes are made year after year after year. So keep the info flowing. It is the only way to get things fixed. Many of us out here in BugTraq are lurkers and use the information that is provided to "shore up" defenses and/or demand that vendors (who we pay a lot of money) fix security holes. We don't always have time to "post" and/or beat our drum loudly in the newgroups, but behind the scenes a lot is going on. -Michael George III
Current thread:
- More info for E*TRADE users Jeffrey W. Baker (Sep 23)
- Re: More info for E*TRADE users Christian (Sep 25)
- Re: More info for E*TRADE users Lincoln Yeoh (Sep 27)
- Re: More info for E*TRADE users Greg A. Woods (Sep 27)
- Re: More info for E*TRADE users Lincoln Yeoh (Sep 27)
- <Possible follow-ups>
- Re: More info for E*TRADE users George, Michael (Sep 27)
- Re: More info for E*TRADE users Christian (Sep 25)