[e-gold-list] worthy of a donation
http://www.lemetropolecafe.com/kiki_table.cfm?cfid=74287cftoken=12014 719pid=1531 those boys accept e-gold ... 321005 ... send 'em a few centigrams! JP --- Great ventures create great mottos. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] end of a pyramid scheme
http://www.opinionjournal.com/columnists/pdupont/?id=95000578 --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Keyboard Sniffers et al
The external keyboard sniffer is a physical device that snaps into the keyboard connection and has an internal battery. It records all throughput that comes from the keyboard and goes into the keyboard port on the computer. So it is completely outside of the computer and its processes for all intents and purposes. It is invisible. Yet, every electronic device has a signature, so there should be a countermeasure that can be developed against these things. (Like disassembling your keyboard and examining the connection every morning before you boot up. ) Ken - Original Message - From: Samuel Mc Kee [EMAIL PROTECTED] To: e-gold Discussion [EMAIL PROTECTED] Sent: Tuesday, June 05, 2001 10:39 PM Subject: [e-gold-list] Re: Keyboard Sniffers et al It takes up no system resources, i.e. undetectable from a software viewpoint, _No_ system resources? Nice work if you can get it. How is this possible? --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Malicious links?
These links were posted to this list yesterday. Email ini dikirim oleh PlasaCom : http://www.plasa.com Kunjungi teman lama anda di KSI : http://ksi.plasa.com When I, in my curiosity, clicked on the first my computer immediately bombed. This may have been a coincidence or poor programming etc. but my paranoia is aroused Did anyone click on them before this message was posted and have a similar experience? Does anyone have the resourses and expertise to check them out for malicious content? CCS --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Security Certificates
Gold Money now allows security certificates that are installed in the users browser to authenticate transactions. My question is: how easy is it for someone who can gain access to the users computer (either physically or through a trojan) to COPY a security certificate and install it on another browser? Does anyone know? --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Malicious links?
CCS wrote: Did anyone click on them before this message was posted and have a similar experience? Here in the United States, I like to purport my self as a Global / International guy much like James Bond (The Great British Chap), but I confess I had never heard of, and could not possible imagine at what location on the Globe dikirim oleh Kunjungi teman lama anda di was! When I clicked on the 1st link, it brought me to a search engine clearly marked as Indonesia, an archipelago of 17,508 islands over 788,425 sq mi or 1,919,440 sq km. I can only assume that there in the Spice Islands the Pepsi/Fosters/or MOOsehead is apt to be warm and not ice cold! BUT None of my security bells or whisles, which are top secreat, went off and therefore your experience should have been a coincidence. MSO --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Blue gets the blues
This from a friend. I wonder what they spent on this? Despite my repeated requests for a card (I really wanted that free reader!) Amex never sent one. Oh well. JMR Dear American Express(R) Cardmember: We are writing to let you know that as of June 15, 2001, the American Express Online Wallet will no longer be available. As an alternative, we encourage you to use Smart Chip Private Payments, an innovative Smart Chip feature that offers enhanced security when shopping online. Private Payments(SM) helps protect your Card information by providing a unique transaction number that you can use instead of your actual Card number when you shop online. And now there's an added layer of security when you 'lock' access to Private Payments on your PC with your Smart Chip and Smart Card Reader. With this feature, only you will be able to use Private Payments from your PC. For more information on Smart Chip Private Payments, please go to http://www.americanexpress.com/smartchipprivatepayments. You may continue to use your Online Wallet until June 15, 2001. Please visit our Web site at https://wallet.americanexpress.com prior to this date to print any necessary information from your Online Wallet. The Online Wallet software may be removed from your computer; for instructions, go to https://wallet.americanexpress.com or call 1-800-AXP-1234, 24 hours a day, 7 days a week. Thank you for using Blue from American Express. If you have any questions about the Online Wallet or Smart Chip Private Payments, please e-mail us at [EMAIL PROTECTED] or call 1-800-AXP-1234, 24 hours a day, 7 days a week. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Malicious links?
Many thanks to Sean Dickens, Mark S. Ohberg and James M. Ray for indulging my paranoia. I feel better now. CCS *** Craig Spencer [EMAIL PROTECTED] *** --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Charlotte's Story
Hello Folks Here is something for you to do with your e-gold that will give you a warm I've done my bit to help type feeling. :-) Please visit http://www.altimaweb.com/charlotte/ and make an e-gold donation to help Charlotte on her way to Texas for the operation she so desperately needs. Even a single dollar from each of you will help. Thank you in advance. Kind Regards Geoff Wiltshire --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Security Certificates
On 6 Jun 2001, at 8:30, Ken Griffith wrote: Gold Money now allows security certificates that are installed in the users browser to authenticate transactions. My question is: how easy is it for someone who can gain access to the users computer (either physically or through a trojan) to COPY a security certificate and install it on another browser? Does anyone know? Hello Ken, Here is an answer I got from the GoldMoney people: My understanding is that for a trojan to steal the cert from the browser, it must take advantage of a glaring security hole in the browser related to how these certificates are stored on the client computer. IE5 and Netscape4 have undergone quite thorough security reviews in this regard, and the management/security of client certs in both of these browsers is reputed to be quite tight. Therefore, the likelyhood of a trojan being able to steal the cert from the browser is very remote, if even possible at all. If an attacker gains physical access to the machine and has the necessary passwords to login to the user's account and access the cert, he could steal a copy of the digital certificate from the machine. Physical security is as essential for digital certificates as it is for one's wallet or checkbook. One way to enhance physical security of the cert is to store in on a smart card and never keep it on one's computer. Claude http://www.goldcurrencies.ca http://www.ormetal.com == Claude Cormier Public Key http://www.ormetal.com/PGPkey.html == --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Security Certificates
My question is: how easy is it for someone who can gain access to the users computer (either physically or through a trojan) to COPY a security certificate and install it on another browser? Does anyone know? Therefore, the likelyhood of a trojan being able to steal the cert from the browser is very remote, if even possible at all. Here's the thing. I use to work for a company about two years ago where I was asked to move a certificate from one computer to another. The certificates are password protected and the person owning the certificate had logged in not to long ago. Once they enter the password to use the certificate, they are capable of using it continiously until they logout. So I went ahead and exported the certificate from Netscape, saved it on disk, and imported it into MSIE on another computer. Now this may be just an IE thing, but the certificate never asked for a password again. Which allowed anybody to use it. The Moral of the story is, if you suspect somebody is going to rob you, don't let then use your computer first. As far as viruses are concerned, I'm not sure if there are command line arguments for browsers to export certificates. Remember, certificates still need a password to work. So just make sure its a good one. Khurram Khan == 2 cents worth? http://two-cents-worth.com/?135153 _ Get email for your site --- http://www.everyone.net --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Gold Money's New Handshaking Protocol
You can send a payment by generating a 'key'. For the payment to be complete, this key must be emailed to the receiver and then the receiver must 'redeem' the payment. I take it this isn't a bearer payment. It is a specific order to spend from Acct 'A' to Acct 'B'. So what happens if somebody intercepts the key? Can they redeem it? Does that just mean that the payment processed that much quicker? What happens if you receive several hundred payments? Do you have to redeem them one by one? Does their OMI (Online Merchant Interface) automatically handle this and redeem all payments? Does a payment ever expire? Or, could it possibly end up in a sort of limbo if it isn't redeemed? Because, I assume that, the moment you generate the key, the spend is made out of your account. What happens if the receiver never redeems it? This could be an interesting way to get around paying storage fees. What if you don't have access to your email, i.e. you only have a POP3 account set up and aren't at home or your web-based email provider is down, but need the funds that you had ordered a few days ago when you did? It is now possible to do repudiable payments if the recipient sends the requested item without verifying/redeeming the key first. A spends to B - A emails key to B - B receives key (but, in haste, doesn't redeem key) - B sends item to A - A receives item revokes key - B is left with a boucing check without the NSF fees I have noticed many places that accept e-gold but don't have an SCI setup. I've also noticed several that use the email option instead of receiving the confirmation in a POST for a program to digest. This comes back to an earlier question. What does this person have to do if they've just received 1000 payment keys in the mail? Spend the next several hours redeeming said payments? since the receiver MUST redeem the payment with the randomly generated key, this worry is overcome. I don't see how making a receiver redeem a payment ensures that they are the intended recipient of said funds. Moreover, the sender can revoke the 'key' if he made the payment in error, as long as he does it before the receiver redeems it. This part I understand. However, that really only works if you accidentally mis-keyed the number and didn't notice it on the preview screen. Viking Coder Worth Two Cents? http://www.2cw.org/VikingCoder --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Charlotte's Story
Sounds like a very good cause, Geoff, and she's a cute little kid. You might also wish to post an appeal to: http://www.free-market.net/forums/e-gold0009/ which is the new free-market.net e-gold forum (the old ones are archived, but full). Thanks. JMR --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Gold Money's New Handshaking Protocol
I take it this isn't a bearer payment. It is a specific order to spend from Acct 'A' to Acct 'B'. So what happens if somebody intercepts the key? A third party won't be able to redeem it, as they will have to log-in to the correct receiving account first. What happens if you receive several hundred payments? Do you have to redeem them one by one? Does their OMI (Online Merchant Interface) automatically handle this and redeem all payments? You don't have to use this interface. However, I think it's an excellent service for large transactions. Several of the market makers have made mistakes sending a payment to the wrong account in the past year. I can think of 4 cases, at least -- myself included. The e-gold interface is prone to mental fatigue when sending dozens of individual payments in a row. Does a payment ever expire? Yes, but the expiration time can be set by the sender. Or, could it possibly end up in a sort of limbo if it isn't redeemed? Because, I assume that, the moment you generate the key, the spend is made out of your account. Good question. I'll check. What happens if the receiver never redeems it? This could be an interesting way to get around paying storage fees. The sender can always revoke it. What if you don't have access to your email, i.e. you only have a POP3 account set up and aren't at home or your web-based email provider is down, but need the funds that you had ordered a few days ago when you did? Contact the sender and have him send the payment through the common interface. It is now possible to do repudiable payments if the recipient sends the requested item without verifying/redeeming the key first. YES, which is the benefit to this system. The receiver MUST 'pick-up' the payment. This makes the system just about 'goof-proof' for the sender. I can't tell you how frustrating it is to send money to an incorrect account, especially if it's a large amount. I have noticed many places that accept e-gold but don't have an SCI setup. I've also noticed several that use the email option instead of receiving the confirmation in a POST for a program to digest. This comes back to an earlier question. What does this person have to do if they've just received 1000 payment keys in the mail? Spend the next several hours redeeming said payments? Refuse them. since the receiver MUST redeem the payment with the randomly generated key, this worry is overcome. I don't see how making a receiver redeem a payment ensures that they are the intended recipient of said funds. Because the PRIMARY PROBLEM with the common e-gold interface is that there is no association between the account and an entity identified by another method. A method which requires the sender to send an email to the client ensures a 'two-step' handshake which means that more effort is made by the sender to make the payment, AND a corresponding action is required of the receiver. This means that it is far less likely that the sender will inadvertently enter the wrong account number, and even if he did, the receiver wouldn't be able to redeem the payment. Moreover, the sender can revoke the 'key' if he made the payment in error, as long as he does it before the receiver redeems it. This part I understand. However, that really only works if you accidentally mis-keyed the number and didn't notice it on the preview screen. And that happens. OR the customer gave you the wrong account number. Would you want to send a 1000 gram payment to Acct Number: '123456', Acct Name: 'Bugler', when the payment is destined for Bill Smith at [EMAIL PROTECTED] ? OR would you want to make the payment and then send the key to Bill Smith to redeem it? I just believe it is WAY too easy to make an error with E-Gold's current protocol when sending dozens of payments in a row. Craig --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Security Certificates
My question is: how easy is it for someone who can gain access to the users computer (either physically or through a trojan) to COPY a security certificate and install it on another browser? Does anyone know? i don't believe there are any scriptkiddie type tools out there to do it - but in theory you can get burned. your internet browser has a form of protected storage to hold your client certificate. that method of storage varies depending on type of browser, version of browser, OS etc. netscape stores its client certificates in files like secmod.db. IE/windows tends to use a certificate store based in the registry. java apps have their own certificate store. if you using a smartcard to generate/store your client certificate then you are a lot better off. on those devices, in general, your private key remains and is never present on/within your computer. if you are not using a smartcard, an attacker/trojan would try and get a copy of your (potentially encrypted) certificate store by copying it off to their machine. they would then use a keyboard sniffer to watch you enter your password to that store. they could then utilize this info to use your certificate. if you are using a smartcard that keeps the private key onboard, things get tougher for the attacker. he can no longer gain access to your private key without either hacking the interface/hardware of the smartcard itself, or obtaining your physical smartcard. regarding attacks that are only theoretical, i offer 2 grams to the first person that contacts me with the name of the security related organization that used the phrase making the theoretical practical since 1992 anyway, those are my personal thoughts on the matter for what they're worth. regards, jay w. [EMAIL PROTECTED] --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] DIRT
Does anyone have the URL of the company that is marketing the privacy invading trojan to law enforcement agencies? Thanks, Ken Griffith --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: Security Certificates
Does anyone have any experience with commercially available smart cards for storing private keys or certificates? What are the options? Ken --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] RE: My E-gold Account had password stolen
[1] The www.Cornucopiaclub.com/index.asp?ref=3957 page sends you to their 'memberNew.asp' and collects name: cho[o]se a password: confirm password: your E-Gold account: your eMail: and sends it to their 'newMemberAdd.asp'. If your password chosen here bears any similarity or gives any clue to your e-gold passphrase they may be able to guess your e-gold passphrase. The 'opportunity' is yet another HYIP. A sucker is born every minute! I got past here by creating the following record: member Name:test password: test E-mail: [EMAIL PROTECTED] member ID: 4420 e-gold account: 999 Their e-gold Shopping Cart Interface does actually go to the correct e-gold secure page. Their e-gold account is #133884 Cornucopia Club. The field 'Status_URL' sends to '[EMAIL PROTECTED]' and to your own e-mail. On completion it should send you to their 'addtrans.asp', or if payment does not complete, then to their 'noPay.htm'. Note: The form data does not include your e-gold passphrase so long as you only type it into the e-gold secure page. However, you can say goodbye to any money paid to any alleged HYIP (High Yield Investment Program), because they are all confidence trickers (conmen). There is no credibility or security in these programs, but they have provided a postal address: Cornucopia Club Suite 309-145 Bryan Bldg., 4537 Casino St., Palanan, Makati, Manila, Philippines, 1200 and e-mail address: [EMAIL PROTECTED] [2] The MMFC Money Matters Freedom Club Corp. (a Panamanian IBC) page at http://www.mmfreedomclub.com/index.php?ref=27867 is no longer accepting new members, so I cannot get to their payments page. [3] http://www.hyo-club.to/signup.asp?sid=106125 is run by (Nevis Corporation) PNG, Ltd, and goes to http://www.hyo-club.to/signupform.asp?sid=106125 . This also gets you to create a password in order to proceed so the same comments as previous apply, except that you have not told them your e-gold account number yet. Next is their 'create.asp' . First Name: test Last Name: test Password:testtest Sponsor: 106125 Email: [EMAIL PROTECTED] New account number: 111534 Password: testtest [Please note: none of these pages have been secure.] Then you log into http://www.hyo-club.to/ which goes to http://www.hyo-club.to/logon.asp , and *then* you get the terms of membership. Anyway, on it goes and you will eventually get to the correct e-gold secure payments page where you login. Their e-gold account for referral credit is #113543, but their payments page spends to e-gold account #143261 HYO Club. So neither the first or third website steals your passphrase. On the other hand, if you deal with disreputable people, they are more than likely to try to guess your passphrase from the passwords you have registered with them, and they know your e-gold login from your account number, which again reinforces my lobbying for e-gold to implement a separate login name or number from the e-gold account number to which people may pay you money. Regards, Ian Green --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] RE: My E-gold Account had password stolen
Cornucopia Club Suite 309-145 Bryan Bldg., 4537 Casino St., Palanan, Makati, Manila, Philippines, This is a maildrop (www.offshoremaildrop.com), and I heard elsewhere that the maildrop operators themselves have done a disappearing act... offshoresurfer --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: DIRT
Does anyone have the URL of the company that is marketing the privacy invading trojan to law enforcement agencies? http://www.codexdatasystems.com Watch the status bar of your browser (at the bottom of the screen) when you click into their site. A harmless javascript script that pretends to violate your privacy by searching your hard drive downloading all of your files even remotely formatting your hard drive. You can only obtain info on this software if you send them a request on your agency letterhead. The only reason this is lawful is that they are selling it to the people who make the laws. Viking Coder Worth Two Cents? http://www.2cw.org/VikingCoder --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: DIRT
You can only obtain info on this software if you send them a request on your agency letterhead. The only reason this is lawful is that they are selling it to the people who make the laws. Just make up an agency. I bet they'll never know the difference. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Re: DIRT
More and more, I think the world should just turn off javascript Viking, is there a way for a site to refuse service UNLESS you have js turned off? Example, I am jpgold.com You come to my site -- IF your browser has javascript running, my site recognizes that and tells you cannot log into your jpgold.com account. JP http://www.codexdatasystems.com Watch the status bar of your browser (at the bottom of the screen) when you click into their site. A harmless javascript script that pretends to violate your privacy by searching your hard drive downloading all of your files even remotely formatting your hard drive. You can only obtain info on this software if you send them a request on your agency letterhead. The only reason this is lawful is that they are selling it to the people who make the laws. Viking Coder --- Great ventures create great mottos. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] America, no longer the land of the free.
Hell, serfs didn't have as much taken from them as Americans do now. However, Heritage's index is not the only one out there. I forget who puts out the other one. Freedom's unheard call -- by Paul Craig Roberts Roberts, who cites the Heritage Foundation/Wall Street Journal 2001 Index of Economic Freedom which reports there are only 12 free countries out of the 161 examined, explains that really, with the exception of the Hong Kong and Singapore city-states, there are no free countries in the world. (06/05/01) http://www.independent.org/tii/news/010531roberts.html --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] RE: America, no longer the land of the free.
I'd love to move to Singapore, but my wife won't have it. For one thing, they know how to treat vandals there. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Cambist.net back online!
Dear all, This is a notice to let you know we are back online! http:// www.cambist.net is now active and accepting orders again. Thank you for your patience while the DNS servers were updated. Our fee structure has also been updated. Cambist.net now charges a 2% fee for all transactions. Thank you, Tristan Petersen Cambist.net --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-list] Cheap Debit card.
Far be it for me to promote something other than E-Gold, but paypal is now offering a MasterCard/Debit card on their accounts. Since my exchange business centers around moving between paypal and E-Gold it is a perfect fit for those that want to withdraw E-Gold funds. I currently pay 2% on out exchanges from E-Gold to paypal. Go to https://www.paypal.com/affil/pal=vince%40weg.net and signup. Once you get your debit card just visit my site at http://www.freedomhound.com and click the link E-Gold to Paypal. -- Vince Callaway FreedomHound.com --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]