From the sufficient security is good enough department:
http://www.counterpane.com/crypto-gram-0105.html#8
Mr. Schneier points out some obvious security tips that one might want to
use as a check list when reviewing one's own computer security. Veterans
will not find anything new here, but
At Sat, 19 May 2001 07:18:26 -0700 (PDT), Frank Zuchristian
[EMAIL PROTECTED]
wrote:
We wanted to warn our clients that Thursday, is a bank
holiday.
[remainder snipped]
Mr. Zuchristian,
Your frequent updates to the list regarding your business are in clear violation
of two of the e-gold
~~~i LeoN~~ wrote:
are reticent to implement. I for one would pay extra each month for this tiny
additional service.
Intersting tax proposal. But, may be it is better to ask if some Market
Makers would be interested in working as intermediary for that. So that
those, interested could
Well, as a prop trader in an portuguese investment bank, i have
a 264 long position (just roll over for aug contracts on friday)and waiting
for the 360 mark. It seems like a good panic buying.
it feels good!
Like a stock trader that finds unconfortable to be short in the stock market
(to
--- Frank Zuchristian [EMAIL PROTECTED]
wrote:
Launched today. A new payment alternative to Egold
or
OS Gold.
Perhaps an alternative to OS Gold ... but definitely
NOT an alternative for e-gold! Where's the gold?
It PAYS interest on each account!!
I bet... (hyip?)
It's FREE to join!
The
--- Viking Coder [EMAIL PROTECTED] wrote:
It appears to me the only mistake Costa Gold made
wasto use Omnipay for their outexchange...
I don't see how Omnipay acted any differently than
anybody else would.
I'm not surprised, you have an obvious blind spot
where e-gold/GSR/Omnipay are
As JP May says, Great ventures create great mottos.
I'm looking for a few good ideas from this list. One of the great things
about working here is the incredibly-talented fan club that's naturally
attracted to e-gold, and the (free) work many of you do to help me is
inspiring, so I'd like to
Hello E-Gold people
I have a couple of concerns and thought I would air them here in the hope of
some answers.
I have been asked to set up a site for a good cause, the cause is a little
girl who is in dire need of an operation to straighten her spine. I will be
enabling e-gold donation on the
On 21 May 2001, at 1:20, Carlos Gonçalves wrote:
Well, as a prop trader in an portuguese investment bank, i have
a 264 long position (just roll over for aug contracts on friday)and
waiting for the 360 mark. It seems like a good panic buying.
I like this optimism. On what analysis method are
Hi People,
I wonder if anyone here knows a couple of reliable sources for a Panamanian
IBC Formation Service Provider that accepts e-Gold?
Thanks Jess.
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
Sounds good! Folks there should also know that you sell a nice shirt! :)
*Thanks for that Jim, glad you like the shirt, if anyone else want's one and
would like a peek at our Ingrid too, go to
www.vw-online.co.uk/htdocs/merchandise.htm or it might be html , I can never
remember.
I'd love
Note from Jim Ray:
Hey, you should post your cruise experience on the e-gold list! I think
I'm going to start charging a percentage for taking people along, this is
2 for 2! :^)
JMR
A couple of weeks ago I flew down to Florida to visit the folks at E-Gold
and specificly to see Jim Ray. I
Good evening,
Paul, at Ice Gold or myself, Frank at Euro Gold Line
are very happy to help out our English cousins and do
so on a regular basis
Frank
Euro Gold Line
http://www.eurogoldline.nl
--- Geoff Wiltshire [EMAIL PROTECTED] wrote:
Sounds good! Folks there should also know that you
Once again, eith Paul, at Ice Gold or myself at Euro
Gold Line will be able to help you
Frank
Euro Gold Line
http://www.eurogoldline.nl
--- Geoff Wiltshire [EMAIL PROTECTED] wrote:
Hello E-Gold people
I have a couple of concerns and thought I would air
them here in the hope of
some
Sounds good! Folks there should also know that you sell a nice shirt! :)
*Thanks for that Jim, glad you like the shirt, if anyone else want's one and
would like a peek at our Ingrid too, go to
www.vw-online.co.uk/htdocs/merchandise.htm or it might be html , I can never
remember.
I still think
I have been on ICQ with the owners all day, they have
already made changes and will divulge the necessary
information to insure that you are not getting ripped
of.
Their problem was that it was released before
everything was ready. It is just a shame, that
because of bad experiences we are all
Does anyone on this list have the means to move (buy or sell) between five
to
ten tons of gold? Please contact me if so. Serious inquiries only.
Thank
you.
Wow, you need to be on a different list! :)
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a
At 3:10 PM -0500 5/23/01, Magazine Depot wrote:
Jim,
If you like Juxtapoz a lot, you can buy a subscription with e-gold at:
http://magazinedepot.com/magazineinfo.asp?TN=502660665
It looks like a really cool magazine to me. I might even have to subscribe
myself!
I saw that, and I agree, it's
Dear Mr. Jackson,
I'm interested in using e-gold as one of the payment
systems for a program I'm developing. It will work on the
basis that participants in the program pay one another,
rather than paying a central company which then pays out
commissions.
This will require that their account #s
Does anyone on this list have the means to move (buy or sell) between five to
ten tons of gold? Please contact me if so. Serious inquiries only. Thank
you.
e-gold only has about 1 1/2 tons of gold in circulation right now.
If you are serious, this would be a great way to prove that the
[snip]
A hacker (who knew the # of one of my e-gold a/cs) planted
a Trojan Horse in my computer that reported my password
enabling him/her to raid my account. (He didn't know the a/c
#s of any of my other e-gold a/cs, so he/she didn't touch them.)
[snip]
Horsefeathers.
The only way
A hacker (who knew the # of one of my e-gold a/cs) planted
a Trojan Horse in my computer that reported my password
enabling him/her to raid my account. (He didn't know the a/c
#s of any of my other e-gold a/cs, so he/she didn't touch them.)
[snip]
Horsefeathers.
The necessary piece
offshoresurfer wrote
I don't see any problem with people knowing my account number per se, but I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the same as my account number
2)
A hacker (who knew the # of one of my e-gold a/cs) planted
a Trojan Horse in my computer that reported my password
enabling him/her to raid my account. (He didn't know the a/c
#s of any of my other e-gold a/cs, so he/she didn't touch them.)
The Trojan Horse was named Kern32.exe and was loaded
I repeat, revealing your a/c # is a huge risk. It gives the hacker half
of what he needs to access your a/c.
You reveal your bank acct # every time you write a check. Just because I
know where you live doesn't mean I'm half way to breaking into your house.
The security system locks on your
It is true that by having a pay to account number that is different from
the spend account number, it would make it much more difficult to hack
accounts. It would also make audit trails more complicated.
Public key authentication would be far superior. Because the hacker would
need to obtain
I could not recommend MAGAZINE DEPOT highly enough. I am completely
unaffiliated with it, but it is superb -- probably the best existing
use of e-gold.
The top e-gold sites are:
1 http://magazinedepot.com
2 http://bananagold.com
3 http://xodds.com
At 12:38 AM 05/24/2001 +0200, [EMAIL PROTECTED] wrote:
I don't see any problem with people knowing my account number per se, but I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the
At 07:02 PM 05/23/2001 -0400, Viking Coder [EMAIL PROTECTED] wrote:
The more important lesson here is to not open every single attachment sent
to you and to be sure that you are ONLY entering your passphrase at the
https://www.e-gold.com site; NOT the http://www.e-qold.com site. Also make
sure
This whole discussion about security is filled with basic errors.
Everyone is confused, except Viking.
Just go to a smart card model, if you want high security. It's
already working on metalsavings.com, you can use it every day.
I am no expert and don't claim to be. But on the basis
I don't see any problem with people knowing my account number per se, but
I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the same as my account number
2) A permanent password
BigBooster [EMAIL PROTECTED] wrote:
Rather than a Payment #, e-gold could enhance the system so you
use a log-in # which is different from your a/c #. This way, you never
reveal your log-in # to anyone. This would make e-gold much more
secure.
Ok, now here is a trick:
Take this log-in #:
At 12:38 AM 05/24/2001 +0200, [EMAIL PROTECTED] wrote:
I don't see any problem with people knowing my account number per se, but I
agree the e-gold system only offers very basic level security. To get into
my main online bank account and send money, I need:
1) A customer login number - not the
[EMAIL PROTECTED] wrote:
Just go to a smart card model, if you want high security. It's
already working on metalsavings.com, you can use it every day.
Not even the smart card model can protect you from all trojans: if you
still enter and review your transactions on your normal PC, there is
We've been over this before, and my response is the same: It does not solve
the real problem, which is that a fool and his password are soon parted. The
only effect of such a system would be to change the nature of the scams by
which passwords are stolen, _and_ it wouldn't foil a keyboard sniffer
This whole discussion about security is filled with basic errors.
Everyone is confused, except Viking.
Just go to a smart card model, if you want high security. It's
already working on metalsavings.com, you can use it every day.
I am no expert and don't claim to be. But on the basis that
At 01:47 AM 05/24/2001 +0200, [EMAIL PROTECTED] wrote:
It is a granted here that we are talking about protection from sophisticated
trojans, keyboard sniffers etc. I think most of us on this list know that we
should have good passphrases and should not enter them on other sites.
That's not what
On Wed, May 23, 2001 at 07:58:20PM -0400, [EMAIL PROTECTED] wrote:
Understandably, from a marketing perspective, the easier the system is to
use, the more people will use it. However, e-gold and others will have
difficulty attracting serious commercial customers until they provide a
truly
[EMAIL PROTECTED] wrote:
The technology is out there, but so far there hasn't been much
implementation of it. I wonder why?
Julian's law of security: nobody but spooks will pay for security that
calls them an idiot.
(Where pays is either in terms of money or of fuss-and-bother.)
---
You
Julian's law of security: nobody but spooks will pay for security that
calls them an idiot.
Good software makes the security virtually invisible. People don't mind
carrying cards around in their wallets. They already do. If someone
produced software and smartcards that were EASY to use it
Saying log in number! is no different from saying password!.
It's just A LONGER PASSWORD.
It means absolutely nothing.
Are we learning yet?
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
I WAS HIT BY A TROJAN VIRUS
is equivalent to saying
I UNFORTUNATELY KNOW NEXT-TO-NOTHING ABOUT COMPUTERS
Everybody go back and reread that about twenty times.
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL
-Original Message-
1) A 10-digit number assigned by CompuBank, which was NOT your account
number, and which only the customer knew.
2) A Password of the customer's choosing.
3) A Secret Code, (another Password)
4) A wire code, (another Password)
5) An accurate answer to a
Presently e-gold is
about equal to credit cards in terms of security, and somewhat better in
terms of non-repudiability. However, as Costa Gold and other examples have
shown, even e-gold isn't really non-repudiable. If they think a transaction
is fraudulent they will freeze it, so it isn't
The other long term solution is to completely abandon account based systems
and switch to digital bearer instruments or digital cash. These can be
stored on the users hard drive in an encrypted form, or stored on a smart
card, or stored on a zip disk, offline where hackers can't reach them.
A Trojan Horse can be implemented in your system without
your opening any attachment. It can be installed as a result
of accessing a malicious website.
I'm tempted to say Poppycock, but I suppose there could be some remaining
bug in the Windoze Explorer that will let it happen. I'll believe
[EMAIL PROTECTED] wrote:
Julian's law of security: nobody but spooks will pay for security that
calls them an idiot.
Good software makes the security virtually invisible. People don't mind
carrying cards around in their wallets. They already do. If someone
produced software and
- Original Message -
From: [EMAIL PROTECTED]
|
| Fredrick, keyboard sniffers DEFEAT ALL SECURITY that is keyboard
| based. Including PGP.
|
| Completely, utterly, you're fucked.
|
| There is no way around it, unfortunately.
.
.
| There is (unfortunately) no way
For both types (smart cards):
- cost and hassle of getting cards
- hassle of guarding cards from pickpockets and burglars
- hassle of making sure you always have your card when and where you need
it
- hassle involved when you inevitably lose your card
This is arrayed against a plain
Unfortunately, this is not quite accurate. All digital bearer instrument
schemes require a central clearing mechanism to prevent double spending.
This
amounts to an account based system. Such systems can be PKI based and so
are more secure than e-gold. But they, also, can be spoofed and
JP,
With respect, I must categorically disagree! There is a simple and highly
effective way of defeating keyboard sniffers on a simple everyday internet
browser interface. Unfortunately I am not keen to divulge the details
because it is a feature of the new Pecunix interface currently under
[EMAIL PROTECTED] wrote:
Julian, for the average consumer there is no doubt you are correct. For a
business or bank moving thousands or millions of dollars, the risk of loss
is definitely worth the hassle of getting the smart card.
Of course. (And this is actually consistent with my law -
There is a simple and highly effective way of defeating keyboard sniffers
on a simple everyday internet browser interface. Unfortunately I am not keen
to divulge the details because it is a feature of the new Pecunix interface
currently under development.
Yes, it is called a keypad on the
Fredrick, keyboard sniffers DEFEAT ALL SECURITY that is keyboard
based. Including PGP.
Completely, utterly, you're fucked.
What about a second password that you didn't type in.. but instead had to select the
letters from drop down menus.
Khurram Khan
==
2 cents worth?
[EMAIL PROTECTED]
| There is a simple and highly effective way of defeating keyboard
sniffers
| on a simple everyday internet browser interface. Unfortunately I am not
keen
| to divulge the details because it is a feature of the new Pecunix
interface
| currently under development.
|
| Yes, it
- Original Message -
From: Khurram Khan [EMAIL PROTECTED]
|
| What about a second password that you didn't type in..
| but instead had to select the letters fromdrop down
| menus.
Khurram,
If they can sniff keyboard strokes they can sniff anything in the input
stream, including mouse
Fredrick, keyboard sniffers DEFEAT ALL SECURITY that is keyboard
based. Including PGP.
Completely, utterly, you're fucked.
What about a second password that you didn't type in.. but instead
had to select the letters from drop down menus.
You can get that with mouse stroke sniffers!
But
Khurram,
If they can sniff keyboard strokes they can sniff anything in the input
stream, including mouse clicks...
Sidd.
Certainly true - however the idea I supposed would be to temporarily
win an escalating war.
This
http://interestingsoftware.com/pin-selects.html
would eliminate
-BEGIN PGP SIGNED MESSAGE-
What do you reckon Jay!
i reckon ya'll keep discussing - many interesting ideas
percolating up...there are several wants and needs to try
and balance out in this area - most of them come down to
a security vs. convenience continuum/tradeoff.
we've been
1. Ten-digit number known only to me: 0123456789
That's the combination to my luggage!
Viking Coder
Worth Two Cents?
http://www.2cw.org/VikingCoder
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
So I set my E-Gold password to
0123456789mypasswordmyotherpasswordanotherpassword and have the exact
same
level of security with just one password as CompuBank had with five,
_except_ for the random personal question, and that last is probably
easier
to compromise than the long password
At 11:18 PM -0400 5/23/01, [EMAIL PROTECTED] wrote:
...
I'd echo Jay's thoughts, I'm especially begging everyone to
click on this URL and read it carefully!
* * * * * *
the advice given here should be followed when possible:
http://www.counterpane.com/crypto-gram-0105.html#8
* * * * * *
and
I've got a question:
Ian Grigg made an announcement on the Webfunds list that Systemics will no
longer be supporting DigiGold, as of May 25:
--
Dear WebFunds Users,
I regret to announce that Systemics Inc will not be supporting
DigiGold Ltd from 25th May, 2001,
I am not aguing that it's not possible, but it's not likely, and every
change makes it more difficult for a scammer. Ideally, a system
designed to
allow the user to select his security methods would be best of
all, because
then the scammers would not be able to trick users into revealing
If they can sniff keyboard strokes they can sniff anything in the input
stream, including mouse clicks...
Sidd.
Certainly true - however the idea I supposed would be to temporarily
win an escalating war.
Not really. In fact, it might be more work to write a sniffer that records
only
Not really. In fact, it might be more work to write a sniffer that
records
only keyboard events instead of just logging all Windoze messages. I
think
it's safe to assume that any sniffer knows everything you do with your
computer. The only protection is not to install a sniffer.
OK, how
Julian, for the average consumer there is no doubt you are correct. For a
business or bank moving thousands or millions of dollars, the risk of loss
is definitely worth the hassle of getting the smart card.
So the logic here is that the average consumer is too stupid, unwilling to
learn,
OK, how about a website which sent back an image to the user's browser,
which had a visible keypad to which the user was to 'mouse-click' the
passphrase? Now, imagine that the browser sent back a picture of a gif,
generated 'on-the-fly', with the keypad in different locations, and with the
On 24 May 2001, at 0:53, Viking Coder wrote:
OK, how about a website which sent back an image to the user's browser,
which had a visible keypad to which the user was to 'mouse-click' the
passphrase? Now, imagine that the browser sent back a picture of a gif,
generated 'on-the-fly', with
Good... until two weeks later when somebody writes a trojan virus that
intercepts anything, and everything, at the browser-level before it leaves
the computer. The trojan then sends out the gathered info to it's
recipient without the mark even knowing anything has happened.
Viking,
70 matches
Mail list logo