> From: FileMatrix [mailto:[EMAIL PROTECTED]
> It seems to me that the first thing one does to protect a system from > automated attacks is to forbid access attempts to the same account > more than once every x (say 10) seconds. > This means that even with constant attempt to crack the > password and the > Turing number, the cracker can't do his job in real-time. > Regards, > George Hara I agree with you George, but I would be concerned that such a lock out system not be used as a denial of service method for attackers. For example, a competitor could make a login attempt every nine, ten or eleven seconds to the FileMatrix e-gold account and then take advantage of the disgruntled FileMatrix customers who got bad service. As a solution it may be wise for the e-gold system to lock out only repeated attempts from the same IP address, and hope that the attacker is not coming through your own ISP and possibly the same proxy server. At least this reduces the potential for success of this method as a DNS attack. If a competitor on the same IP is attacking it may be easier to find them. Of course, something more intricate may be necessary in the face of IP Spoofing and such. I suppose I should not let it go unmentioned that some other Digital Gold Currencies such as Pecunix have a good defence against account targetting attacks. A different, public account number, for example one's e-mail address is used for people to pay you, while a secret account number is used to log in! I wonder what it would take for e-gold to reorganise the account number system. I think if they did so they should keep the existing numbers, as they are both already public, and account holders may actually like their number or have purchased convenient numbers. Therefore a new numbering system (with numbers and letters, like the GoldMoney accounts) could be used for the actual logins. Regards, Ian Green http://iangreen.2cw.org --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
