Bugtraq mailing list archives
E*TRADE Security concerns.. (fwd)
From: Michael Bacarella <mbac () NYCT NET>
Date: Thu, 28 Sep 2000 10:14:27 -0400
I received this reply from E*TRADE when I brought up the concerns expressed on this list. I got this reply 3 days later. It's only fair that we get some of their POV... ---------- Forwarded message ---------- Date: Thu, 28 Sep 2000 00:48:30 -0700 (PDT) From: service () etrade com To: mbac () nyct net Subject: Security concerns.. ----------------------------------------------------------------------------------------------- Dear Sir/ Madam, Over the course of the last few months, E*TRADE has been upgrading its encryption technology to ensure the highest security standards. The first stage of this upgrade was completed on Sunday, September 24th. E*TRADE is constantly reassessing the strengths of all of its Internet security technology, including encryption. At the same time, E*TRADE is currently evaluating a recent allegation targeted at the Company?s encryption technology. The Company takes this type of allegation very seriously, as the security and privacy of customer account information is a matter of faith for E*TRADE. No customer information has been compromised. E*TRADE has a long-standing commitment to the security and privacy of both consumer financial information and personal data and as such, the Company has earned both the Web Trust and TRUSTe certification for protecting that information. No customer information has been compromised. E*TRADE will continue to maintain the highest standards in regards to security and privacy of customer information. For further assistance, please contact us at 1-800-786-2575, 24 hours a day, 7 days a week, or go to http://www.etrade.com and visit our Help Center. Sincerely, Greg Sabin E*TRADE Customer Service It's time for E*TRADE (SM) Get your free @etrademail.com address at http://www.etrade.com. Case #: 000926-5877 ----------------------------------------------------------------------------------------------- Hi, I was interested in signing up with your service a few weeks ago but was somewhat discouraged when I saw that you had a 6(!) charecter password limit. That is quite unsettling, especially since you cannot even use more than 2 non-alpha numeric charecters. Also, I've seen quite a number of *serious* security issues raised on various security mailing lists in the past few days. I never even thought to check your site for such vulnerabilities because, well, you're E*TRADE, THE goto guys for securities. I would naturally come to expect more from such a reputable company. I'm not unreasonable, I make mistakes too, and it's good that you are insured, but your conduct in dealing with these security reports (from Bugtraq, for example) by DENYING that these vulnerabilities even exist makes me very uncomfortable doing business with you. I really do want to get an E*TRADE account, but I cannot justify supporting a company that behaves in the manner that you do. I certainly hope I'm wrong. /* ---------- Michael Bacarella( mbac () nyct net ) | (212) 293-2620 System Development / Integration | http://nyct.net/ [ N e w Y o r k C o n n e c t . N E T ] | info () nyct net Bringing New York The Internet Service It Deserves! --------- */ ----------------------------------------------------------------------------------------------- ------------------------------For E*TRADE Internal Use only---------------------------- Reference-Id: <6221046> ---------------------------------------------------------------------------------------
Current thread:
- E*TRADE Security concerns.. (fwd) Michael Bacarella (Sep 28)