Home page logo

bugtraq logo Bugtraq mailing list archives

Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable
From: Bridgette Julie Landers <julielanders () YAHOO COM>
Date: Mon, 25 Sep 2000 17:39:26 -0700

James Mancini wrote:
'When I pointed out the weak passwords to them, their
response was "no one else complained."'

In November 1999 a co-worker of mine had complained
...  very loudly.  He raised the issue through three
levels of escalation ... call customer service, get
unsatifactory answer "that's the way it is", demand to
speak to manager, rise, repeat.  The third level of
E*Trade mangement they said that they were in
compliance with SEC security regulations and therefore
need not change anything.

So unless James complained proir to Nov. 99, the
E*Trade representative who told him that was either
ignorant or lying.

Also note that E*Trade OptionsLink accounts can have
longer passwords (12 chars?) but that the passwords
can only consist of decimal digits.  But I guess if
it's good enough for a voicemailbox it's good enough
for billions of dollars of other people's money.

Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]