Home page logo

bugtraq logo Bugtraq mailing list archives

E*TRADE Security concerns.. (fwd)
From: Michael Bacarella <mbac () NYCT NET>
Date: Thu, 28 Sep 2000 10:14:27 -0400

I received this reply from E*TRADE when I brought up the concerns
expressed on this list. I got this reply 3 days later.

It's only fair that we get some of their POV...

---------- Forwarded message ----------
Date: Thu, 28 Sep 2000 00:48:30 -0700 (PDT)
From: service () etrade com
To: mbac () nyct net
Subject: Security concerns..

Dear Sir/ Madam,

Over the course of the last few months, E*TRADE has been upgrading its encryption technology to ensure the highest 
security standards. The first stage of this upgrade was completed on Sunday, September 24th. E*TRADE is constantly 
reassessing the strengths of all of its Internet security technology, including encryption. 

At the same time, E*TRADE is currently evaluating a recent allegation targeted at the Company?s encryption technology. 
The Company takes this type of allegation very seriously, as the security and privacy of customer account information 
is a matter of faith for E*TRADE. No customer information has been compromised.

E*TRADE has a long-standing commitment to the security and privacy of both consumer financial information and personal 
data and as such, the Company has earned both the Web Trust and TRUSTe certification for protecting that information. 
No customer information has been compromised. E*TRADE will continue to maintain the highest standards in regards to 
security and privacy of customer information.

For further assistance, please contact us at 1-800-786-2575, 24 hours a day, 7 days a week, or go to 
http://www.etrade.com and visit our Help Center.   

Greg Sabin

E*TRADE  Customer Service
It's time for E*TRADE (SM)
Get your free @etrademail.com address at

Case #: 000926-5877


        I was interested in signing up with your service a few weeks ago
but was somewhat discouraged when I saw that you had a 6(!) charecter
password limit. That is quite unsettling, especially since you cannot 
use more than 2 non-alpha numeric charecters.

        Also, I've seen quite a number of *serious* security issues raised
on various security mailing lists in the past few days. I never even
thought to check your site for such vulnerabilities because, well, 
E*TRADE, THE goto guys for securities. I would naturally come to expect
more from such a reputable company.

        I'm not unreasonable, I make mistakes too, and it's good that you
are insured, but your conduct in dealing with these security reports 
(from Bugtraq, for example) by DENYING that these vulnerabilities
even exist makes me very uncomfortable doing business with you. I really
do want to get an E*TRADE account, but I cannot justify supporting a
company that behaves in the manner that you do.

        I certainly hope I'm wrong.

/* ----------
 Michael Bacarella( mbac () nyct net )          | (212) 293-2620
 System Development / Integration            | http://nyct.net/ 
 [ N e w  Y o r k  C o n n e c t . N E T ]   | info () nyct net
 Bringing New York The Internet Service It Deserves!
--------- */


------------------------------For E*TRADE Internal Use only----------------------------
Reference-Id: <6221046>

  By Date           By Thread  

Current thread:
  • E*TRADE Security concerns.. (fwd) Michael Bacarella (Sep 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]