It is true that by having a "pay to" account number that is different from
the "spend" account number, it would make it much more difficult to hack
accounts. It would also make audit trails more complicated.
Public key authentication would be far superior. Because the hacker would
need to obtain both your private key and your password, it would be one
order of magnitude harder to hack. If the private key were stored on a
smart card, it would become virtually impossible to hack unless your
passphrase is easy to guess.
Any account-based system that uses only a passphrase to access the
information is no better than a credit card in terms of security. E-gold
has been around for five years now, and public key technology has been
around far longer than that. It's time for a security upgrade.
Until then get a firewall. Freedom.net software is a great free firewall.
Tiny is also a good one. FinJan's "Surfin Guard Pro" is also an excellent
program that detects keyboard sniffers.
HK
----- Original Message -----
From: "BigBooster" <[EMAIL PROTECTED]>
To: "e-gold Discussion" <[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 6:52 PM
Subject: [e-gold-list] Re: Open Letter to Douglas Jackson: E-gold Weakness
> A hacker (who knew the # of one of my e-gold a/cs) planted
> a Trojan Horse in my computer that reported my password
> enabling him/her to raid my account. (He didn't know the a/c
> #s of any of my other e-gold a/cs, so he/she didn't touch them.)
>
> The Trojan Horse was named "Kern32.exe" and was loaded into
> my Widows\System folder. It was run by adding files to my Startup
> menu.
>
> Not all Anti-Trojan software recognized the Trojan, but I found a
> great package that did.
>
> I repeat, revealing your a/c # is a huge risk. It gives the hacker half
> of what he needs to access your a/c.
>
> Your e-gold accounts would be much more secure if you had to
> reveal a Payment # to get paid, and you reveal your a/c # to nobody.
>
> Frederick Mann
>
>
> At 03:27 PM 05/23/2001 -0700, Vince Callaway <[EMAIL PROTECTED]> wrote:
>
> >[snip]
> > > A hacker (who knew the # of one of my e-gold a/cs) planted
> > > a Trojan Horse in my computer that reported my password
> > > enabling him/her to raid my account. (He didn't know the a/c
> > > #s of any of my other e-gold a/cs, so he/she didn't touch them.)
> >[snip]
> >
> >The only way someone could have "hacked" your account is a) your
> >passphrase sucks and only took a couple of tries or b) you gave it to
> >them.
> >
> >More than likely is was b) in the form of cliking on an e-qold link
> >instead of e-gold.
> >
> >Having an account number is no security risk. I can go to the E-Gold
site
> >and pick a number at random and start trying passwords. Of course I
would
> >get locked out in short order, but that is beside the point.
>
>
> ---
> You are currently subscribed to e-gold-list as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
>
>
________________________________________________________________________
Protect your privacy! - Get Freedom 2.0 at http://www.freedom.net
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
