Gentlemen, I have been working on an article on how to protect your e-gold passwords, but in light of the recent discussion, I'll post some of the stuff early. As someone pointed out, using the same password on multiple websites is the best way to get your money stolen, but Trojans that insert keyboard sniffers are a serious problem too. Having a different account number for spends will hardly make a difference in keyboard sniffer attacks, so people should stop suggesting it. (Do I hear a broken record?) If e-gold really wanted to solve the problem they should ADD DIGITAL CERTIFICATE SUPPORT and encourage people to use an offline device to store passwords or private keys. (For example, see this affordable biometric system: http://www.digitalpersona.com/index.htm ) In fact, the only REAL long term solution is to go completely over to digital-bearer-instruments (digital cash) instead of book-entry systems, but until then, here's how to protect your account: You need to make sure that your password is unique to your e-gold account, and that it is very difficult to guess. Ie, it should have no words in it that are found in a dictionary. (Again, the biometric system from U. are U. generates passwords that are dervied from a cryptographic hash of your fingerprint. http://www.digitalpersona.com/index.htm ) BEFORE you get a good password, or even open an account, you need to protect yourself against trojans. (Why, because a keyboard sniffer can catch your passwords when you open the account to begin with.) There are three differente types of protection that you need: 1. Every computer accessing the net should have FIREWALL software installed on it. If a trojan succeeds in planting a sniffer on your computer, the firewall will usually block the outgoing packets so the dirtbag who sent it can't get your password. 2. Use ANTIVIRUS software to protect against trojans. The only problem is that AV doesn't detect NEW trojans (or DIRT). And there are now "worm kits" available on the net that allow any idiot to slap together a new trojan in no time. This means a smart hacker who identifies you as a target need merely create a new trojan specifically targeted at you. (By the way, these e-gold thieves are probably subscribers to this list. Hmmm.) 3. To prevent NEW targeted trojans that slip by your AV software you need Finjan's Surfin Guard Pro (www.finjan.com). Finjan's products are classified as "active defense". They monotor incoming attachments for hostile behavior and block them before they can execute. Their free product blocks hushmail applets, so you should purchase their personal edition that lets you choose which sites to trust content from. I contacted the president of Finjan, Carl Rosenberg, and asked him if his product can stop DIRT, the trojan that is sold to law enforcement agencies. DIRT is quite similar to the Trojan known as "BO". He said it will stop DIRT if Finjan protection is installed when it is sent to you. BUT, if DIRT is already on your computer, then neither Finjan nor AV programs will detect it. Here is how to check your computer for the DIRT trojan: Because it isn't presently detected by anti-virus software, one does have to look for evidence of it. By default, it installs two files in the C:\WINDOWS directory -- DESKTOP.EXE and DESKTOP.DLL. If you find either of those files, you need to remove them and any associated files (such as .LOG files), or re-format your HDD to be on the safe side. One can also check your Windows Registry for any references to DESKTOP.EXE or DESKTOP.DLL, likely to be found under the following keys: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion You can read more about dirt at the following URL: http://www.theregister.co.uk/content/8/19480.html Hope this helps, Ken Griffith --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
