[e-gold-announce] Turing challenge and Access Controls
e-gold Ltd. is pleased to announce the deployment of additional security features benefiting all e-gold Users: *** Feature1: Turing number challenge must be successfully met for e-gold account access via web or shopping cart interfaces. Comment: Turing numbers (in this context) are random numbers presented in a graphical format that prevents the numbers from being machine readable. Benefits: 1. Foils passphrase guessing attempts by "robot programs". 2. Prevents account level denial of service attempts by "robot programs". User action required: 1. No action is required by User to implement this security enhancement. 2. However, we recommend that Users change passphrase to one longer and more random if warranted (see security links provided below). *** Feature2: Access to e-gold accounts via Automation and Phone interfaces can be configured via web interface, with a default configuration of disabled. ~ Comment: Use of Turing numbers is not feasible via automation interface because Turing numbers can't be machine read. They are not feasible for the phone interface because the screen resolution of most phones is inadequate to support this technology. Benefits: 1. Users who do not use automation or phone interfaces can disallow access to their account(s) via interfaces that do not issue Turing number challenge. 2. Users who require access via automation interface can enhance security by restricting automation access based on IP number. 3. Users who require access via phone interface can enhance security by restricting phone access based on phone number. User action required: 1. No action required if User does not require access via automation or phone interfaces. ~ 2. Users who require access to e-gold accounts via automation and/or phone interfaces should: - Configure access via e-gold web interface (required) ~ - Change passphrase to one longer and more random (recommended - see security links provided below) ~ Grace Period Effective 2002-01-11 12:00 AM GMT (approximately), access restrictions will be enforced. Existing automation interface Users are encouraged to configure automation access to their e-gold accounts before this grace period has elapsed to prevent access denials to their applications. *** Security links: When it comes to the security of your money and personal information, there's no substitute for education! Please take the time to read through the security information provided on the websites listed below: Internet Security Tips: http://www.cert.org/tech_tips/ (must read!) http://www.microsoft.com/privacy/safeinternet/ http://www.procomp.com/news/0012security.html (dial-up Users - see this!) http://www.cable-modem.net/features/mar00/story1.html http://www.securemac.com/ System Vulnerability Search Engine: http://icat.nist.gov/icat.cfm Virus education and protection: http://www.mcafee.com/anti-virus/ http://www.symantec.com/ http://www.sherpasoft.org.uk/MacSupporters/macvir.html [Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.] Home firewalls: http://rr.sans.org/firewall/home_user.php http://www.physics.ucsb.edu/~pcs/cable_modem/cox_home.htm http://www.firewallguide.com/ http://ec.rr.com/hfirewalls.html http://www.practicallynetworked.com/pg/router_guide_index.asp Microsoft Windows Update: http://windowsupdate.microsoft.com/ [If you are a Windows User, you should be visiting this site regularly!] Passphrase selection: http://www.fin.ucar.edu/it/dsn/userdocs/pswdguide.htm http://www.more.net/security/password.html http://home.netscape.com/security/basics/passwords.html http://www.unix-ag.uni-kl.de/~conrad/krypto/passphrase-faq.html http://www.circa.ufl.edu/password/ http://www.cs.umd.edu/faq/Passwords.shtml http://www.uic.edu/depts/accctest/accts/password.html http://www.adpc.purdue.edu/BSC-Pete/passwrds.htm *** e-gold Interfaces: Web: http://use.e-gold.com Phone: https://mobile.e-gold.com Shopping cart interface (SCI) and automation interface information: http://sci.e-gold.com *** Questions? If you have questions regarding the information communicated in this message, please utilize the contact information provided on the e-gold website: http://www.e-gold.com/unsecure/contact.html *** Announcement Archive Communications sent via e-gold-announce are archived here: http://www.e-gold.com/unsecure/lists.html -------- Thank you for using e-gold! --- You are currently subscribed to e-gold-announce as: cypherpunks@einstein.ssz.com To unsubscribe send a blank email to leave-e-gold-announce-465237E@talk.e-gold.com http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!
participants (1)
-
e-gold-announce@talk.e-gold.com