PROTECTED]]On Behalf Of Viking Coder
Sent: Thursday, 24 May 2001 9:02 AM
To: e-gold Discussion
Subject: [e-gold-list] Re: Open Letter to Douglas Jackson: E-gold
Weakness
offshoresurfer wrote
I don't see any problem with people knowing my account number
per se, but I
agree the e-gold system
I am advocating a separate login name from the publicly-known account number
not simply to foil hackers, but to prevent denial of service type attacks.
Anyone at present can lock out any e-gold account he chooses simply by using
the account number and typing an incorrect password a few times!
(paranoia is good!).
Thanks,
Brendan.
BigBooster [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
24/05/01 10:06
To: e-gold Discussion [EMAIL PROTECTED]
cc:
Subject:[e-gold-list] Re: Open Letter to Douglas Jackson: E-gold
Weakness
At 01:47 AM 05/24/2001 +0200
For what it's worth, purely in my opinion, that could very easil be
sniffed by a sniffer designed fo rthe purpose.
The National Australia Bank Internet Banking has overcome any possibility of
keyboard sniffing, as their Internet Banking program is a separate Java
Internet client, and the only
[snip]
A hacker (who knew the # of one of my e-gold a/cs) planted
a Trojan Horse in my computer that reported my password
enabling him/her to raid my account. (He didn't know the a/c
#s of any of my other e-gold a/cs, so he/she didn't touch them.)
[snip]
Horsefeathers.
The only way
A hacker (who knew the # of one of my e-gold a/cs) planted
a Trojan Horse in my computer that reported my password
enabling him/her to raid my account. (He didn't know the a/c
#s of any of my other e-gold a/cs, so he/she didn't touch them.)
[snip]
Horsefeathers.
The necessary piece
offshoresurfer wrote
I don't see any problem with people knowing my account number per se, but I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the same as my account number
2)
A hacker (who knew the # of one of my e-gold a/cs) planted
a Trojan Horse in my computer that reported my password
enabling him/her to raid my account. (He didn't know the a/c
#s of any of my other e-gold a/cs, so he/she didn't touch them.)
The Trojan Horse was named Kern32.exe and was loaded
I repeat, revealing your a/c # is a huge risk. It gives the hacker half
of what he needs to access your a/c.
You reveal your bank acct # every time you write a check. Just because I
know where you live doesn't mean I'm half way to breaking into your house.
The security system locks on your
one. FinJan's Surfin Guard Pro is also an excellent
program that detects keyboard sniffers.
HK
- Original Message -
From: BigBooster [EMAIL PROTECTED]
To: e-gold Discussion [EMAIL PROTECTED]
Sent: Wednesday, May 23, 2001 6:52 PM
Subject: [e-gold-list] Re: Open Letter to Douglas Jackson: E
At 12:38 AM 05/24/2001 +0200, [EMAIL PROTECTED] wrote:
I don't see any problem with people knowing my account number per se, but I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the
At 07:02 PM 05/23/2001 -0400, Viking Coder [EMAIL PROTECTED] wrote:
The more important lesson here is to not open every single attachment sent
to you and to be sure that you are ONLY entering your passphrase at the
https://www.e-gold.com site; NOT the http://www.e-qold.com site. Also make
sure
This whole discussion about security is filled with basic errors.
Everyone is confused, except Viking.
Just go to a smart card model, if you want high security. It's
already working on metalsavings.com, you can use it every day.
I am no expert and don't claim to be. But on the basis
I don't see any problem with people knowing my account number per se, but
I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the same as my account number
2) A permanent password
BigBooster [EMAIL PROTECTED] wrote:
Rather than a Payment #, e-gold could enhance the system so you
use a log-in # which is different from your a/c #. This way, you never
reveal your log-in # to anyone. This would make e-gold much more
secure.
Ok, now here is a trick:
Take this log-in #:
[EMAIL PROTECTED] wrote:
Just go to a smart card model, if you want high security. It's
already working on metalsavings.com, you can use it every day.
Not even the smart card model can protect you from all trojans: if you
still enter and review your transactions on your normal PC, there is
This whole discussion about security is filled with basic errors.
Everyone is confused, except Viking.
Just go to a smart card model, if you want high security. It's
already working on metalsavings.com, you can use it every day.
I am no expert and don't claim to be. But on the basis that
At 01:47 AM 05/24/2001 +0200, [EMAIL PROTECTED] wrote:
It is a granted here that we are talking about protection from sophisticated
trojans, keyboard sniffers etc. I think most of us on this list know that we
should have good passphrases and should not enter them on other sites.
That's not what
-Original Message-
1) A 10-digit number assigned by CompuBank, which was NOT your account
number, and which only the customer knew.
2) A Password of the customer's choosing.
3) A Secret Code, (another Password)
4) A wire code, (another Password)
5) An accurate answer to a
1. Ten-digit number known only to me: 0123456789
That's the combination to my luggage!
Viking Coder
Worth Two Cents?
http://www.2cw.org/VikingCoder
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
So I set my E-Gold password to
0123456789mypasswordmyotherpasswordanotherpassword and have the exact
same
level of security with just one password as CompuBank had with five,
_except_ for the random personal question, and that last is probably
easier
to compromise than the long password
I am not aguing that it's not possible, but it's not likely, and every
change makes it more difficult for a scammer. Ideally, a system
designed to
allow the user to select his security methods would be best of
all, because
then the scammers would not be able to trick users into revealing
22 matches
Mail list logo