[16919] in bugtraq
Re: More info for E*TRADE users
daemon@ATHENA.MIT.EDU (Lincoln Yeoh)
Wed Sep 27 05:17:43 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.5.32.20000926184248.00828d30@popgw.mecomb.po.my>
Date: Tue, 26 Sep 2000 18:42:48 +0800
Reply-To: Lincoln Yeoh <lyeoh@POP.JARING.MY>
From: Lincoln Yeoh <lyeoh@POP.JARING.MY>
X-To: Christian <christian@dijkstra.murdoch.edu.au>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000925102929.A13555@diffie.it.murdoch.edu.au>
At 10:29 AM 25-09-
>beginning. Furthermore, if it happened that you had missed additional
>ways the vulnerability might be exploited (for example, in combination
>with one or more other vulnerabilities) then it could turn out that your
>advice for minimising exposure will not protect e-trade customers as
>much as you thought. By not revealing all information and allowing open
>discussion the situation may even be worse than if you'd said nothing at
>all.
The trouble is the people who really need to read Bugtraq aren't doing it ;).
I suspect most of the aspiring attackers are reading Bugtraq. The decent
defenders are reading Bugtraq. But the clueless coders aren't. And I
believe the clueless coders vastly outnumber the Bugtraq'ers.
In just the past few days I've seen 4 web apps with security issues. 2 free
scripts and 2 proprietary on live sites. I've only been bothering with the
free scripts because some people at work keep asking me if certain scripts
would be useful for the office or secure.
Cheerio,
Link.
