Home page logo

bugtraq logo Bugtraq mailing list archives

Re: More info for E*TRADE users
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Tue, 26 Sep 2000 18:42:48 +0800

At 10:29 AM 25-09-
beginning.  Furthermore, if it happened that you had missed additional
ways the vulnerability might be exploited (for example, in combination
with one or more other vulnerabilities) then it could turn out that your
advice for minimising exposure will not protect e-trade customers as
much as you thought.  By not revealing all information and allowing open
discussion the situation may even be worse than if you'd said nothing at

The trouble is the people who really need to read Bugtraq aren't doing it ;).

I suspect most of the aspiring attackers are reading Bugtraq. The decent
defenders are reading Bugtraq. But the clueless coders aren't. And I
believe the clueless coders vastly outnumber the Bugtraq'ers.

In just the past few days I've seen 4 web apps with security issues. 2 free
scripts and 2 proprietary on live sites. I've only been bothering with the
free scripts because some people at work keep asking me if certain scripts
would be useful for the office or secure.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]