mailing list archives
Re: More info for E*TRADE users
From: "George, Michael" <Michael.George () PS NET>
Date: Wed, 27 Sep 2000 09:13:59 -0500
The trouble is the people who really need to read Bugtraq aren't doing
I suspect most of the aspiring attackers are reading Bugtraq. The decent
defenders are reading Bugtraq. But the clueless coders aren't. And I
believe the clueless coders vastly outnumber the Bugtraq'ers.
Lincoln, while it is true that Bugtraq may be a double edged sword, I wouldn't trade it for NOT knowing. In the case
of E*TRADE, I forwarded that up the chain at my company since we use E*TRADE to manage our Stock Purchase Program.
Bugtraq helps apply pressure to get things fixed.
Also, about the script/code kiddies in the crowd. These guys may be "black hats" today, but will probably end up as
"white hats" when they graduate college and go on into careers. Maybe Bugtraq serves as an education on "HOW TO CODE"
and "HOW TO IMPLEMENT SECURITY" if you want to remain hack free.. It is sad that the same coding mistakes are made
year after year after year.
So keep the info flowing. It is the only way to get things fixed. Many of us out here in BugTraq are lurkers and use
the information that is provided to "shore up" defenses and/or demand that vendors (who we pay a lot of money) fix
security holes. We don't always have time to "post" and/or beat our drum loudly in the newgroups, but behind the
scenes a lot is going on.
-Michael George III