>* [EMAIL PROTECTED] >| >| http://www.msnbc.com/news/660096.asp >| >| >| A reminder that 1mdc-grams INHERENTLY USES a "click on this" >| pin-number approach as a security supplement. > >Are you sure that really does much for security? >
Yes, I'm absolutely certain, Vebjorn! :-) For the short version, see the 3rd last paragraph below! >Two Australian researchers took a closer look at a couple of on-line banks >that use such schemes, and managed to sniff PINs without much difficulty: > Indeed, the approach on 1mdc is exactly, specifically, precisely the opposite of the problem described in that paper under "1.Attacks 1.Attack 1: Scrape then escape!" (You probably see me frequently ranting about what a joke Windoze is.) By all means, it is perfectly possible (on any platform) to make a sort of meta-key-sniffer that will defeat "SRK" type click-to-enter schemes as seen on e-gold or 1mdc. (See dozens of my posts to that effect.) However, the fact is that 99.99% of keyboard sniffing is straightforward keyboards sniffing, planted on a PC owned by some poor fool who is so stupid they don't understand attachments. And that "99.99%" problem is completely defeated by simple SRK-type approaches. Indeed, it's a certainty that *every* attack upon poor fools who have had their passwords "stolen" "by e-gold" (remember the wave of that problem on the egold list when all the HYIP suckers were having their passwords "stolen"?) was by a conventional everyday keyboard sniffer. Jay's S.R.K. system completely defeats this problem, as does the simple PIN-number on 1mdc. Jay's SRK system is much better, even better, than the simple PIN system on 1mdc, but I doubt the SRK is used much, whereas the simple-PIN system on 1mdc, must be used. To put it simply, the bottom line is every case ever of some fool having their password "stolen" on a DGC, has, as yet, caused by the dead-simple type of keyboard sniffer. Those dead-simple keyboard sniffers are completely defeated by the simplest of pin-entry type schemes. A similar idea is that (somewhat annoyingly) 1mdc-grams *forces* you to use one of those annoying passwords that *must* contain upper case, lower case and digits. Right there you eliminate 90% of retards using your DGC who choose a password of "password" and have it "stolen" "by egold" within a week. The result of all this? 1mdc-grams (before even opening properly) already has numerous customers, and all of the customers are fairly serious, lots-of-gold, frequent-spends type of DGC user .. really there are no newbies or experimenters or dud empty accounts .. which is just the market 1mdc-grams wants! (The fee for forgetting your password will be 25 grams, for instance.) >-- >Vebjorn Ljosa You rock, JP --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!
