Bugtraq mailing list archives
Fw: Security Features
From: "Adam J. Baldwin" <ajb () ANDREW CMU EDU>
Date: Wed, 27 Sep 2000 13:06:43 -0400
Hi folks, I wrote E-Trade expressing my concern about the security vulnerabilities that people are discussing on Bugtraq. Here's their response (edited to protect some of my personal information) ----- Original Message ----- From: <custemail () etrade com> To: <ajb () andrew cmu edu> Sent: Wednesday, September 27, 2000 9:54 AM Subject: Security Features
--------------------------------------------------------------------------
---------------------
Dear Mr. Baldwin: Thank you for choosing E*TRADE. Over the course of the last few months, E*TRADE has been upgrading its
encryption technology to ensure the highest security standards. The first stage of this upgrade was completed on Sunday, September 24th. E*TRADE is constantly reassessing the strengths of all of its Internet security technology, including encryption.
At the same time, E*TRADE is currently evaluating a recent allegation
targeted at the Company's encryption technology. The Company takes this type of allegation very seriously, as the security and privacy of customer account information is a matter of faith for E*TRADE. No customer information has been compromised.
E*TRADE has a long-standing commitment to the security and privacy of both
consumer financial information and personal data and as such, the Company has earned both the Web Trust and TRUSTe certification for protecting that information. No customer information has been compromised. E*TRADE will continue to maintain the highest standards in regards to security and privacy of customer information."
For further assistance, please contact us at 1-800-786-2575, 24 hours a
day, 7 days a week, or go to http://www.etrade.com and visit our Help Center. You can access the Help Center by clicking on the "help" button located on the E*TRADE banner at the top of each page. The Help Center provides detailed instructions, definitions, and services to assist you in navigating your E*TRADE account.
Sincerely, Michael Breaux, Jr. E*TRADE Customer Service It's time for E*TRADE (SM) Get your free @etrademail.com address at http://www.etrade.com. Message :Hello, I've recently become aware of a possible security hole regarding cookies
stored on my computer and cross-frame scripting vulnerabilities.
I've also learned that E-Trade has denounced these reports as "spam",
although you have implemented a new cookie encryption algorithm over the weekend.
I'm very concerned about the security of my account, and strongly urge you
to fully disclose any vulnerabilities to the puplic and take whatever steps are necessary to maintain the security and privacy of individuals accounts.
I would like to be kept informed directly of such matters, including the
acknowledgement of any vulnerabilities and any solutions to those problems.
I appreciate your time, Adam J. Baldwin
Current thread:
- Fw: Security Features Adam J. Baldwin (Sep 28)