[16927] in bugtraq
Re: More info for E*TRADE users
daemon@ATHENA.MIT.EDU (George, Michael)
Wed Sep 27 13:21:55 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <4301290F32BFD2119FE300805F6F7663D38B54@ABHEXCH01>
Date: Wed, 27 Sep 2000 09:13:59 -0500
Reply-To: "George, Michael" <Michael.George@PS.NET>
From: "George, Michael" <Michael.George@PS.NET>
X-To: Lincoln Yeoh <lyeoh@POP.JARING.MY>
To: BUGTRAQ@SECURITYFOCUS.COM
> The trouble is the people who really need to read Bugtraq aren't doing
it ;).
> I suspect most of the aspiring attackers are reading Bugtraq. The decent
> defenders are reading Bugtraq. But the clueless coders aren't. And I
> believe the clueless coders vastly outnumber the Bugtraq'ers.
Lincoln, while it is true that Bugtraq may be a double edged sword, I wouldn't trade it for NOT knowing. In the case of E*TRADE, I forwarded that up the chain at my company since we use E*TRADE to manage our Stock Purchase Program. Bugtraq helps apply pressure to get things fixed.
Also, about the script/code kiddies in the crowd. These guys may be "black hats" today, but will probably end up as "white hats" when they graduate college and go on into careers. Maybe Bugtraq serves as an education on "HOW TO CODE" and "HOW TO IMPLEMENT SECURITY" if you want to remain hack free.. It is sad that the same coding mistakes are made year after year after year.
So keep the info flowing. It is the only way to get things fixed. Many of us out here in BugTraq are lurkers and use the information that is provided to "shore up" defenses and/or demand that vendors (who we pay a lot of money) fix security holes. We don't always have time to "post" and/or beat our drum loudly in the newgroups, but behind the scenes a lot is going on.
-Michael George III
