[e-gold-list] CF$ - dDOS - Server05
Hello Everyone, One of our servers (s05) which hosts among others the online accounting of cyfrocash.net has been under a somewhat unusually large dDOS barrage for the past few hours. Of course, backups are in place and there is no reason for concern other than that some 200 websites are down as well. We are doing what we can to counter the childishness of the attackers and are planning to inform the authorities as soon as we determined all of the remaining IPs that are part of the attack. All CF$ clients who want to conduct transactions while the site is still down, please email us instructions at: [EMAIL PROTECTED] Luckily we only have an average of 250 sites per server, which means that only a smaller part of our hosting clients is affected, servers 1 through 4 and 6 through 8 function normally. Sorry for posting this here, but a large part of CF$ clients and most clients hosted on server 5 are e-gold users, so it was the best way to inform everyone. Thank you for your support. Cheers, Robert. budget privacy website hosting http://www.cyberfrontier.net start a profitable online business http://www.cyberfrontier.biz e-commerce e-business services http://www.cyfrocash.com --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: Gold-Cart Article... trusting e-gold/delayed payments
Sidd, This is a possibility, but of course that would be easy for a screen scraper to steal... I will look into this more. No need, I have a new idea (that works with images). Prepare to... bedazzled ;) I will make this like a whitepaper. If any of you FBI, NSA, CIA guys read this list, get your popcorn and wait 'cause this method is TEMPEST-proof. Actually, I think only you guys will find the idea interesting (unless you already know about it :) ). For those who don't know, TEMPEST is a method to read whatever is displayed on a CRT monitor. So far, I've never heard this being possible on a TFT monitor. More information on this (and other security issues): www.tscm.com it is far more secure to have the PIK printed and carried in your wallet True, unless someone steals your wallet, or you loose it. Besides, most log-ins are (supposed to be) done from the personal computer (or a secured location). more than 8 are getting too difficult to remember Sure, but nobody forces people to use more characters. Anyway, the new method will disregard the memorizing issue. George Hara --- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: Gold-Cart Article... trusting e-gold/delayed payments
displayed on a CRT monitor. So far, I've never heard this being possible on a TFT monitor. -BEGIN PGP SIGNED MESSAGE- check out the Kuhn / Anderson paper - google search should locate it easily. Monitor buyers should not assume that so-called low-radiation monitors, or even LCD screens, provide any Tempest protection; we found that some modern TFT-LCD laptop displays give clearer reception than many cathode ray tubes. being perfectly secure is perfectly impossible :) -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 iQEVAwUBP8CxeMyM0YPqVE7FAQF+lgf/WKk+BPygwgkF6+VLp3AU6fbjjJW5ZgiP m+GYvY5a4Gli/J35gWJAJpJ6DeSJn32bp4T/yRDshzGoPrA6Vc+w+FV9Ew9YQIMt 1OXah2TkWVlPcH3lz4xwjUE+13zvvrenHCEo8wVOgCXmfH8fdkeYfFi9BzKkmJyS ocfCtfQGmJeyE51qTfnen/w0z/ZutO1jVlmlSsNr7KCPnxPzXDFcBm0vSRYVOgSX DCXDVmsUVB8LS0auLdpHw11xj4/6x+nMD9FLiQylO4S6aabU/p9K8evFldS0MQvb NMZ18Ipzz53JVlDAtHh0ZU4z9U30vyI+DPBglcdxx2yttewWIRG6LQ== =YmvF -END PGP SIGNATURE- --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: Gold-Cart Article... trusting e-gold/delayed payments
No monitor is safe. Tempest is a Transient Electromagnetic Pulse Emanation signal receiver which means it is not really being used to pick up monitor radiation (although possible) but rather your signal eminating from the motherboard/processor itself which gives much more data than just a monitor. This gets amplified over wiring and piping in a structure. I have seen them setup in van at a 2-3 mile distance from the source. I suspect they can use them readily from a satellite now or by sticking a transmitter onto a water pipe and such things. But why use tempest when there are dongles hanging out of the routers at the nocs for law enforcement to plug into? http://www.iab.org/documents/docs/iab-plenaries/2003-07-vienna/slem.pdf http://news.com.com/2100-1023_3-213242.html Gordon www.katzglobal.com For those who don't know, TEMPEST is a method to read whatever is displayed on a CRT monitor. So far, I've never heard this being possible on a TFT monitor. More information on this (and other security issues): www.tscm.com --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: Gold-Cart Article... trusting e-gold/delayed payments
On Sunday, November 23, 2003, at 05:39 AM, FileMatrix wrote: it is far more secure to have the PIK printed and carried in your wallet True, unless someone steals your wallet, or you loose it. ... That's not a problem. The guy who gets your wallet still cannot log in because he doesn't have your secret Login ID. -- Patrick --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: Gold-Cart Article... trusting e-gold/delayed payments
On Sunday, November 23, 2003, at 09:53 AM, Katz Global Media wrote: ... But why use tempest when there are dongles hanging out of the routers at the nocs for law enforcement to plug into? Yes but intercepting a message through a dongle doesn't help if the message is encrypted. Tempest lets them read a message as it is displayed on your computer screen after you decrypt it. -- Patrick --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: Gold-Cart Article... trusting e-gold/delayed payments
check out the Kuhn / Anderson paper - google search should locate it easily. Monitor buyers should not assume that so-called low-radiation monitors, or even LCD screens, provide any Tempest protection; we found that some modern TFT-LCD laptop displays give clearer reception than many cathode ray tubes. Interesting! I was always a little fearful of laptop displays. I don't know why?! Probably I alwasy thought that there are some technological compromises made in order to make the monitor fit in that tiny space. I have a modern desktop TFT, but I'm looking forward for new technologies, like OLED, which should have an even smaller electrical signature. Gordon, Even if they pick up electrical signals from all the components of the computer, I see no way how that could be used, except for the signals from the keyboard (which I know is already used because the keyboard is a rather simple mechanism). George Hara --- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Bedazzled Log-in Method Whitepaper
Bedazzled Log-in Method Whitepaper Author: George Hara (http://www.filematrix.xnet.ro/ideas/whitepapers/login.htm) Introduction Using strings of characters as passwords has always been a security issue because they are hard to remember and can be stolen by key-loggers or screen-text harvesters. It will still be an issue for personal computers, but there is another method available for authentication over the Internet (where are the highest security concerns). This method involves no special technologies, but simply a new vision on how to bring existing technologies together. The method is easier to use than text passwords, but it requires, from the users, the protection of their personal computers (where they need text-password log-in and encryption), just as they do now. The Bedazzled log-in method uses a (public) user name / ID (for example, the user's email address) and a number of images, called password images, for authentication. The images have to be generated (by the authentication service) during the creation of the account for which the authentication will be later required. Each image is a small, PNG compressed, bulk of pixels with random colors. The PNG compression is used because a true-color image is compressed without losses, with a very high rate. In the case of random images this doesn't help, but, as you'll read below, in the User images section, this is the best format. Each image should contain something like 50 * 50 true-color pixels (24 bits). This means that the total number of combinations of such a random image is 24 ^ (50 * 50), that is over 10 ^ 3450. Basically, a particular case is unbreakable through brute force search. Authentication -- The authentication is the classic method: the user is identified by his user name, and then he is authenticated by comparing all images specified in the log-in form, with the images stored on the computer which makes the authentication. If all images are *identical*, and put in the same order (im age 1 as password 1, image 2 as password 2...), the user is authenticated. If they are not identical, the user is rejected. Implementation --- To make the Bedazzled log-in method easy to use, the password images must be saved on the user's computer, preferably in encrypted files (see file encryption under WindowsXP, or PGP encrypted drives). Since the Bedazzled log-in method is supposed to be used over Internet, it is necessary for the user to be able to drag-and-drop each image onto the browser, in the log-in form. This way, the log-in form has access to the password images, and can download them to the authentication server when the user clicks the Log-in button. As you can see, the method is very eay to use, but in order to make it even easier, the log-in form should display a small file browser which should be used to navigate to the password images (they should all be in the same directory, for easy user access). The log-in form should save a cookie on the user's computer in order to automatically open the file browser at the same location, the next time the user attempts to authenticate himslef. User images There is no need for the images to be random. The user could choose his own images when he creates an authentication account, being only limited to a specific file size (like 20 KB / image). He could simply take some images from his computer and resize them to fit the size limit; the images should be compressed without loss (preferably in a PNG format), just in case they are lost but the original bigger images still exist and can be resized again with the same algorithm (to generate the same password image). Another method requires a small program which takes a string of characters typed by the user, and converts them through a hash algorithm into an apparently random image. This method makes it possible to recreate the password images if the user remembers the string of characters, without the need of storing any information. TEMPEST protection -- First of all, since the user doesn't need to type anything and the password images don't need to be displayed, the passwords are protected from TEMPEST atacks. However, the user may need to navigate through his pictures and choose the correct password images for each log-in form. This would create a potential security breach. The Bedazzled log-in method has intrinsic TEMPEST protection to this kind of breach because when a monitor displays an image, the colors of each pixel is not displayed exactly as indicated by the bits that make the picture. Each monitor has its own way of displaying the image. Besides, users always alter the image by chaging various parameters of the monitor's image: brightness, contrast, color balance, color temperature, gamma. On the other end of the TEMPEST technology, the reader takes a snapshot of the image displayed by the monitor. This is like making a scan of a print of a
[e-gold-list] paypal sux post
article from paypalsucks.com http://www.paypalsucks.com/forums/showthread.php?fid=6tid=1529old_block=0 I was a middle management type with Pay-Pal until leaving recently- partally due to my disgust over their internal security policies which have led to the mountain of complaints seen on this and other similar boards. There aren't many PP whistleblowers; during your exit interview a soon-to-be-former manager is warned, intimidated and threatened against doing the very thing I'm doing right now. But since I left to start my own business, there's not a thing they can do to me. Pay-Pal DID start as an honest, legitimate company with an innovative service concept. However, in my opinion, this concept can never actually WORK in the real world because there are legions of scammers all over the globe with reams of stolen credit card info and identifications just WAITING to swoop down on any new payment service like this that comes along. Credit-card transactions where the card is not present and thus personally examined by a clerk account for the overwhelming majority of fraud transactions. Comparitavely, there's very LITTLE credit card fraud at Wal-Mart, because the cashier actually sees both you and the card- and can ask for supporting identification at the point of sale. Unfortunatly, the high-risk, card not present transactions are the ONLY kind of transaction a company like PP can do, and boy- did the con artists find them in a hurry! The basic con was (and is) to use stolen identification information to open new PP accounts, funnel money into them with stolen credit card numbers, then transfer the money OUT of the account before PP gets the charge-back and can freeze it. Unfortunately, despite PP's claims of having a tough anti-fraud program, these people are mostly impossible to catch, because when opening a new PP account, they DO have all the proper-appearing ID information (which was stolen or conned out of unsuspecting individuals, most of whom have never HEARD of Pay-Pal). When fraud is uncovered and the account is checked out, the perp is almost never caught, since it was almost always opened under a stolen identity, and he's long abandoned the mail-drop. Yes, the application process COULD be made more stringent, but it is felt (probably correctly) that a brand-new customer would certainly balk at doing things like sending in notorized copies of their driver's licence and so forth. So an alternate strategy for offsetting the charge-back losses slowly evolved at PP. It's the perfect scheme really; since PP can't usually catch the scammers and dosen't want to loose customer base by making things more stringent to start with- they decided to simply re-coup their chargebacks from the pockets (and accounts) of good, solid people under the easily-defensible and impossible-to-criticize guize of Fraud Prevention and Enforcement.. Simply put, if you're a seller and somebody pays you with a stolen credit card, you're targeted by PP security and might very well have your account siezed, investigated, closed- and the money retained by PP. (Yes... they simply add it to their revenues and spend it like any other income. You basically gave them permission to do this under the terms and conditions you originally agreed to. No, I KNOW you didn't really read it, but I bet you will the next time!). Even if the person paying you has NOT used a stolen credit card, he could have been been flagged by PP as somebody to keep an eye on for any one of numerous reasons. If he does business with YOU, especially multiple times- you're frozen. OCCASIONALLY some lucky soul will complain about the siezure, and when the case is investigated by PP he is cleared and the money unfrozen. This good fortune has nothing to do with an actual investigation (there aren't any, really). Pay-Pal WILL unfreeze a small percentage of the accounts (as a future defense against a potential class action), so you MAY benefit from a simple luck of the draw. See, if it ever comes down to a massive class-action lawsuit, or even testimony before the SEC or other regulatory body, PP wants to be able to stand up in court and say But your honor, we DON'T just freeze accounts and pocket the money. We really DO perform a painstaking investigation. Here's the proof... look at all these people who WERE suspected, but were then cleared by our crack security staff! If this was really a scam, why would we have given all of THIS this money back? I'm amused by the posts that say, But I've been a good customer of PP since the beginning and have paid thousands in fees why would they have done this to ME? Let me answer that with a hypothetical question: If you were an unregulated financial services company so embittered by fraud losses that you, yourself, had completely lost whatever moral compass you might have once possessed, what would YOU rather have: a happy, content customer whos business might account for $5000 worth of fees over the next 10 years, or a
[e-gold-list] Re: tempest systems
George, Gordon, Even if they pick up electrical signals from all the components of the computer, I see no way how that could be used, except for the signals from the keyboard (which I know is already used because the keyboard is a rather simple mechanism). No that is not the case. The tempest system that I am aware of can take the signal and reproduce the entire active computer onto a slave computer. Once in, the remote operator is basically sitting in front of your computer just like you are and is able to watch on the screen what you are doing. It is not much unlike pointing an antennae and listening to the radio. The station broadcasts a signal and your tuner intercepts it and plays it on the radio. In this case, your processor emits its own frequency and that can be tuned into and played on a computer just like the radio. But all this is a moot point. The same can be done via your brain and a tempest like system can be used to turn your eyes into cameras and reproduce what you see onto a monitor. I could be just a paranoid kook though... uspto.gov search 3,951,134 , 1974!!! http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFp=1u=%2Fn etahtml%2Fsearch-bool.htmlr=0f=Sl=50TERM1=3%2C9512C134FIELD1=co1=ANDT ERM2=FIELD2=d=pall 4,140,997 1979 see also: patent 4877027 4877027 4858612 3766331 3629521 4,889,526 those patents just scratch the surface of what whas happenning in the 1970s Gordon www.katzglobal.com Anonymous Hosting(tm) Solutions --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: tempest systems
Gordon, No that is not the case. The tempest system that I am aware of can take the signal and reproduce the entire active computer onto a slave computer. Once in, the remote operator is basically sitting in front of your computer just like you are and is able to watch on the screen what you are doing. I don't believe such systems are available (for now) since no two computers are identical and so the slave computer can't work perfectly synchronized with the master. Hence, i see no possible way to duplicate what's happening into a microprocessor because the signal of the processor can't be serialized (like a radio station transmission). To intercept the parallel signal of a processor, it would mean to have tens of millions of receivers, for each and every single transistor. But the most important thing is to have a way to separate the signal from each transistor, to know signal which goes where, and to do this faster than the master computer works. But as a paranoid idea, yes that *will* sure be a problem. The same goes for the brain, but on a much more complex scale. George Hara --- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] GoldNow in Japan!
Guys, I'm pleased to advise that GoldNow is now accepting local orders from Japanese customers. Please place your order at my site! Also, I have now employed my Japanese speaking daughter (Deanna) to handle Japanese customer queries. As soon as I get her trained, I'll add her phone number to our customer service list. I'm excited AGAIN! Cheers! Graham Kelly CEO - GoldNow http://www.GoldNow.St Primary Customer Service +61 3 9776-4886 US Phone 1-866-999-1717 US Fax 1-213-559-8555 UK Phone +44 (0) 709 233-7612 UK Phone +44 (0) 709 201-4015 CEO 'In the depth of winter, I finally learned that within me there lay an invincible summer' - Albert Camus --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] The Gold Casino Share Price Chart and DGC Industry Stat Charts
The Gold Economy Magazine now features a live price chart of DBOURSE TGC shares on our home page (bottom right). TGE has also started a new weekly column that will show the latest digital currency statistics charts every Monday morning. www.goldeconomy.com --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: tempest systems
I'm not a technician (far from it), however my understanding of 'tempest-for-dummies' is like this: Your monitor and keyboard give off some sort of FM frequency. This is why your monitor will sometimes interfere with a TV set near it. Similarly if you fool with the TV's channel-tuner you will sometimes pick up cordless phone or portable radio signals. TEMPEST is a method of picking up that FM signal and reproducing what your monitor and keyboard etc. are doing on a unit set up for that purpose. So it can pick up whatever girlie pics you are leering at, and whatever passwords you are entering to see them. And record same for your later embarrasment. If this sort of thing is a problem for you, you can 'shield' your computer by building a cage around it which will prevent the signal travelling (this is way outside my area of expertise but I'm sure any competent electrician or radio enthusiast could put you on the right track). There are commercially available 'tempest shields', however you have to remember that most of the 'leakage' comes from the cables connecting the pieces of hardware. Next week's lesson: Tinfoil helmets to prevent satellite mind control rays 101. _ Tune in to http://radiofreesatan.com Tune in, Turn on, We'll Take You Straight to HELL! Get your own Free Email at http://freemail.radiofreesatan.com --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Pecunix security
Dear Sidd, One of the things I'm not clear about is how one goes about logging into a Pecunix account with less than full access. I believe Patrick made the point But the way Pecunix displays the PIKs makes it difficult if not impossible to copy and paste them. It seems to me that the advantage of the drop-down lists in both 1MDC and Pecunix is precisely that there is no way to type or paste any part of the keystream (PIN in the case of 1MDC, PIK in the case of Pecunix). Since we know that keystroke loggers and clipboard loggers are out there, it seems uncommonly foolish to move back to a typing or pasting approach. Virus or trojan attacks on the security of client workstations is too great a risk for my taste, especially when so many work-place logging tools are exempted from the major anti-virus and firewall systems - which opens them up to attackers exploiting the same openings. This is a possibility, but of course that would be easy for a screen scraper to steal... I will look into this more. Sidd, it seems to me that you should keep the high level of security for full access. Perhaps lower-level access could be obtained using PGP only? Or maybe those who want to risk the keystroke loggers and clipboard loggers can set their accounts to a more open approach. I don't know. In some ways it reminds me of those signs that gun owners have been offering to their neighbors, This home has no firearms. Sort of an invitation to thieves and rapists, a kind of evolution in action approach to crime. In response to George's rather odd suggestion, you wrote: there is a very good reason for leaving out the Zero, One, Oscar, Lima, India, characters... they can be easily confused, depending on the font the user chooses, And it is nearly impossible to prevent users from over-riding the fonts in their web browser. So, there will be confusion of zero with capital O, one with lowercase l and some capital I, etc. your suggestions degrade the security substantially. Possibly, for users electing to have lower security or for lower-level access, some of these degraded log-in systems might be appropriate. to click the help button. There's a help button? grin more than 8 are getting too difficult to remember. I think that depends entirely on how much effort one makes in generating mnemonic series of letters and numbers. Several of my unpublished PGP keys use 25 character passwords, which I have no trouble remembering. Then again, I used to remember thousands of words for theater productions. Remember, even if the keylogger stole your password, it still doesn't have the full picture and your account is safe. Indeed, it seems very difficult to anticipate having enough data from a series of Pecunix log-ins to be confident of even having enough of the PIK to be able to log in half the time. If it were possible it would require running a program (such as activex) from the browser... a definitely BAD idea. Isn't ActiveX one of those dramatically bad ideas of the Microsofties? I thought it was pretty much limited to Internet Exploder? Regards, Jim --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
[e-gold-list] Re: ?
Dear Sidd, Thanks for your comments... you must be using a pretty old browser! One of the traditional problems of HTML is the hefty installed base of relic browsers. Believe it or not, I first encountered this difficulty in 1996 when there were still significant numbers of original Mosaic users. Relic browsers are their own reward. Many dangerous downloads and virus/trojan stuff is designed to be downloaded by the latest and greatest. Older browsers oftenr eject that stuff. The key should be displaying in a text area form field. Sidd, that's a lot of trouble to go to. All you need to do is put the keystream, with its ASCII armored text lines between pre and /pre for pre-formatted text. Even within the text area form field, using pre above and /pre below the PGP key should make it better for Bob and other relic browser users. Finally, the keys are up on the server, so if you go to your PGP keys and do a server search for [EMAIL PROTECTED] you should find it. That's probably the easiest solution for Bob right now. PS Bug bounty on it's way! What a guy. Sidd rocks. Regards, Jim --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.