Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: More info for E*TRADE users
From: "George, Michael" <Michael.George () PS NET>
Date: Wed, 27 Sep 2000 09:13:59 -0500

The trouble is the people who really need to read Bugtraq aren't doing
it ;).

I suspect most of the aspiring attackers are reading Bugtraq. The decent
defenders are reading Bugtraq. But the clueless coders aren't. And I
believe the clueless coders vastly outnumber the Bugtraq'ers.

Lincoln, while it is true that Bugtraq may be a double edged sword, I wouldn't trade it for NOT knowing.  In the case 
of E*TRADE, I forwarded that up the chain at my company since we use E*TRADE to manage our Stock Purchase Program.  
Bugtraq helps apply pressure to get things fixed.

Also, about the script/code kiddies in the crowd.  These guys may be "black hats" today, but will probably end up as 
"white hats" when they graduate college and go on into careers.  Maybe Bugtraq serves as an education on "HOW TO CODE" 
and "HOW TO IMPLEMENT SECURITY" if you want to remain hack free..  It is sad that the same coding mistakes are made 
year after year after year.

So keep the info flowing.  It is the only way to get things fixed.  Many of us out here in BugTraq are lurkers and use 
the information that is provided to "shore up" defenses and/or demand that vendors (who we pay a lot of money) fix 
security holes.  We don't always have time to "post" and/or beat our drum loudly in the newgroups, but behind the 
scenes a lot is going on.

-Michael George III


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]