Bugtraq mailing list archives
Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable
From: Bridgette Julie Landers <julielanders () YAHOO COM>
Date: Mon, 25 Sep 2000 17:39:26 -0700
James Mancini wrote: 'When I pointed out the weak passwords to them, their response was "no one else complained."' In November 1999 a co-worker of mine had complained ... very loudly. He raised the issue through three levels of escalation ... call customer service, get unsatifactory answer "that's the way it is", demand to speak to manager, rise, repeat. The third level of E*Trade mangement they said that they were in compliance with SEC security regulations and therefore need not change anything. So unless James complained proir to Nov. 99, the E*Trade representative who told him that was either ignorant or lying. Also note that E*Trade OptionsLink accounts can have longer passwords (12 chars?) but that the passwords can only consist of decimal digits. But I guess if it's good enough for a voicemailbox it's good enough for billions of dollars of other people's money. __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable Marc Slemko (Sep 25)
- Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable Marc Slemko (Sep 25)
- Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable James Mancini (Sep 25)
- Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable Marc Slemko (Sep 25)
- Advisory: E*TRADE security problems in full Jeffrey W. Baker (Sep 25)
- Re: Advisory: E*TRADE security problems in full Ben Galehouse (Sep 26)
- Re: Advisory: E*TRADE security problems in full Gunther Birznieks (Sep 27)
- Re: Advisory: E*TRADE security problems in full reb (Sep 27)
- Re: Advisory: E*TRADE security problems in full Signal 11 (Sep 28)
- Re: Advisory: E*TRADE security problems in full Ben Galehouse (Sep 26)
- Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable Marc Slemko (Sep 25)
- <Possible follow-ups>
- Re: User Alert: E*TRADE Usernames and Passwords Remotely Recoverable Bridgette Julie Landers (Sep 26)