[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: E*TRADE Security concerns.. (fwd)
From: Michael Bacarella <mbac () NYCT ! NET>
Date: 2000-09-28 14:14:27
[Download RAW message or body]
I received this reply from E*TRADE when I brought up the concerns
expressed on this list. I got this reply 3 days later.
It's only fair that we get some of their POV...
---------- Forwarded message ----------
Date: Thu, 28 Sep 2000 00:48:30 -0700 (PDT)
From: service@etrade.com
To: mbac@nyct.net
Subject: Security concerns..
-----------------------------------------------------------------------------------------------
Dear Sir/ Madam,
Over the course of the last few months, E*TRADE has been upgrading its encryption \
technology to ensure the highest security standards. The first stage of this upgrade \
was completed on Sunday, September 24th. E*TRADE is constantly reassessing the \
strengths of all of its Internet security technology, including encryption.
At the same time, E*TRADE is currently evaluating a recent allegation targeted at the \
Company’s encryption technology. The Company takes this type of allegation very \
seriously, as the security and privacy of customer account information is a matter of \
faith for E*TRADE. No customer information has been compromised.
E*TRADE has a long-standing commitment to the security and privacy of both consumer \
financial information and personal data and as such, the Company has earned both the \
Web Trust and TRUSTe certification for protecting that information. No customer \
information has been compromised. E*TRADE will continue to maintain the highest \
standards in regards to security and privacy of customer information.
For further assistance, please contact us at 1-800-786-2575, 24 hours a day, 7 days a \
week, or go to http://www.etrade.com and visit our Help Center.
Sincerely,
Greg Sabin
E*TRADE Customer Service
It's time for E*TRADE (SM)
Get your free @etrademail.com address at
http://www.etrade.com.
Case #: 000926-5877
-----------------------------------------------------------------------------------------------
Hi,
I was interested in signing up with your service a few weeks ago
but was somewhat discouraged when I saw that you had a 6(!) charecter
password limit. That is quite unsettling, especially since you cannot
even
use more than 2 non-alpha numeric charecters.
Also, I've seen quite a number of *serious* security issues raised
on various security mailing lists in the past few days. I never even
thought to check your site for such vulnerabilities because, well,
you're
E*TRADE, THE goto guys for securities. I would naturally come to expect
more from such a reputable company.
I'm not unreasonable, I make mistakes too, and it's good that you
are insured, but your conduct in dealing with these security reports
(from Bugtraq, for example) by DENYING that these vulnerabilities
even exist makes me very uncomfortable doing business with you. I really
do want to get an E*TRADE account, but I cannot justify supporting a
company that behaves in the manner that you do.
I certainly hope I'm wrong.
/* ----------
Michael Bacarella( mbac@nyct.net ) | (212) 293-2620
System Development / Integration | http://nyct.net/
[ N e w Y o r k C o n n e c t . N E T ] | info@nyct.net
Bringing New York The Internet Service It Deserves!
--------- */
-----------------------------------------------------------------------------------------------
------------------------------For E*TRADE Internal Use \
only----------------------------
Reference-Id: <6221046>
---------------------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic