[16951] in bugtraq

home help back first fref pref prev next nref lref last post

Fw: Security Features

daemon@ATHENA.MIT.EDU (Adam J. Baldwin)
Thu Sep 28 14:22:16 2000

MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID:  <002301c028a5$4fed23b0$d3a00280@scythe>
Date:         Wed, 27 Sep 2000 13:06:43 -0400
Reply-To: "Adam J. Baldwin" <ajb@ANDREW.CMU.EDU>
From: "Adam J. Baldwin" <ajb@ANDREW.CMU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM

Hi folks,

I wrote E-Trade expressing my concern about the security vulnerabilities
that people are discussing on Bugtraq. Here's their response (edited to
protect some of my personal information)

----- Original Message -----
From: <custemail@etrade.com>
To: <ajb@andrew.cmu.edu>
Sent: Wednesday, September 27, 2000 9:54 AM
Subject: Security Features


>
> --------------------------------------------------------------------------
---------------------
> Dear Mr. Baldwin:
>
> Thank you for choosing E*TRADE.
>
> Over the course of the last few months, E*TRADE has been upgrading its
encryption technology to ensure the highest security standards. The first
stage of this upgrade was completed on Sunday, September 24th. E*TRADE is
constantly reassessing the strengths of all of its Internet security
technology, including encryption.
>
> At the same time, E*TRADE is currently evaluating a recent allegation
targeted at the Company's encryption technology. The Company takes this type
of allegation very seriously, as the security and privacy of customer
account information is a matter of faith for E*TRADE. No customer
information has been compromised.
>
> E*TRADE has a long-standing commitment to the security and privacy of both
consumer financial information and personal data and as such, the Company
has earned both the Web Trust and TRUSTe certification for protecting that
information. No customer information has been compromised. E*TRADE will
continue to maintain the highest standards in regards to security and
privacy of customer information."
>
>
> For further assistance, please contact us at 1-800-786-2575, 24 hours a
day, 7 days a week, or go to http://www.etrade.com and visit our Help
Center.  You can access the Help Center  by clicking on the "help" button
located on the E*TRADE banner at the top of each page.  The Help Center
provides detailed instructions, definitions, and services to assist you in
navigating your E*TRADE account.
>
> Sincerely,
>
> Michael Breaux, Jr.
> E*TRADE  Customer Service
> It's time for E*TRADE (SM)
> Get your free @etrademail.com address at
> http://www.etrade.com.
>
> Message :Hello,
>
> I've recently become aware of a possible security hole regarding cookies
stored on my computer and cross-frame scripting vulnerabilities.
>
> I've also learned that E-Trade has denounced these reports as "spam",
although you have implemented a new cookie encryption algorithm over the
weekend.
>
> I'm very concerned about the security of my account, and strongly urge you
to fully disclose any vulnerabilities to the puplic and take whatever steps
are necessary to maintain the security and privacy of individuals accounts.
>
> I would like to be kept informed directly of such matters, including the
acknowledgement of any vulnerabilities and any solutions to those problems.
>
> I appreciate your time,
> Adam J. Baldwin
>

home help back first fref pref prev next nref lref last post