mailing list archives
Re: More info for E*TRADE users
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Tue, 26 Sep 2000 18:42:48 +0800
At 10:29 AM 25-09-
beginning. Furthermore, if it happened that you had missed additional
ways the vulnerability might be exploited (for example, in combination
with one or more other vulnerabilities) then it could turn out that your
advice for minimising exposure will not protect e-trade customers as
much as you thought. By not revealing all information and allowing open
discussion the situation may even be worse than if you'd said nothing at
The trouble is the people who really need to read Bugtraq aren't doing it ;).
I suspect most of the aspiring attackers are reading Bugtraq. The decent
defenders are reading Bugtraq. But the clueless coders aren't. And I
believe the clueless coders vastly outnumber the Bugtraq'ers.
In just the past few days I've seen 4 web apps with security issues. 2 free
scripts and 2 proprietary on live sites. I've only been bothering with the
free scripts because some people at work keep asking me if certain scripts
would be useful for the office or secure.