MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
| In another case, the hacker doesn't know the log-in #. He
| most likely does not have a practical way of quickly identifying
| any string of characters as the log-in # for an e-gold a/c. This
| makes it much more difficult for the hacker to find the log-in #
| and the password.
This is assuming the hacker is using an off-the-shelf keyboard sniffer.
It would be fairly straightforward for a skilled programmer to write a Trojan
that targets e-gold account access specifically, using more sophisticated ways
than keyboard sniffing. It wouldn't take me long to write a program that, for
example, intercepts calls to wininet.dll, neatly extracting all the needed
log-in, account info and passwords.
Voila, the log-in number now offers no extra protection. How long would it take
to implement this if e-gold decides to use log-in numbers - a day perhaps?
Using a hidden log-in number amounts to 'security through obscurity' - which is
a false and temporary security at best.
The best recipe for security is keeping your system safe (not always easy,
certainly on Windows), and using a 'hard' passphrase. Catching the thief after
the act is not going to get easier.
IMHO,
--Luc
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
