[e-gold-announce] Turing challenge and Access Controls
e-gold-announce at talk.e-gold.com
e-gold-announce at talk.e-gold.com
Tue Jan 8 13:31:22 PST 2002
e-gold Ltd. is pleased to announce the deployment of additional security
features benefiting all e-gold Users:
*** Feature1:
Turing number challenge must be successfully met for e-gold account access
via web or shopping cart interfaces.
Comment:
Turing numbers (in this context) are random numbers presented in a
graphical format that prevents the numbers from being machine readable.
Benefits:
1. Foils passphrase guessing attempts by "robot programs".
2. Prevents account level denial of service attempts by "robot programs".
User action required:
1. No action is required by User to implement this security enhancement.
2. However, we recommend that Users change passphrase to one longer and
more random if warranted (see security links provided below).
*** Feature2:
Access to e-gold accounts via Automation and Phone interfaces can be
configured via web interface, with a default configuration of disabled. ~
Comment:
Use of Turing numbers is not feasible via automation interface because
Turing numbers can't be machine read. They are not feasible for the phone
interface because the screen resolution of most phones is inadequate to
support this technology.
Benefits:
1. Users who do not use automation or phone interfaces can disallow
access to their account(s) via interfaces that do not issue Turing number
challenge.
2. Users who require access via automation interface can enhance security
by restricting automation access based on IP number.
3. Users who require access via phone interface can enhance security by
restricting phone access based on phone number.
User action required:
1. No action required if User does not require access via automation or
phone interfaces. ~
2. Users who require access to e-gold accounts via automation and/or phone
interfaces should:
- Configure access via e-gold web interface (required) ~
- Change passphrase to one longer and more random (recommended - see
security links provided below)
~ Grace Period
Effective 2002-01-11 12:00 AM GMT (approximately), access restrictions
will be enforced. Existing automation interface Users
are encouraged to configure automation access to their e-gold accounts
before this grace period has elapsed to prevent access
denials to their applications.
*** Security links:
When it comes to the security of your money and personal information,
there's no substitute for education! Please take the time to read through
the security information provided on the websites listed below:
Internet Security Tips:
http://www.cert.org/tech_tips/ (must read!)
http://www.microsoft.com/privacy/safeinternet/
http://www.procomp.com/news/0012security.html (dial-up Users - see this!)
http://www.cable-modem.net/features/mar00/story1.html
http://www.securemac.com/
System Vulnerability Search Engine:
http://icat.nist.gov/icat.cfm
Virus education and protection:
http://www.mcafee.com/anti-virus/
http://www.symantec.com/
http://www.sherpasoft.org.uk/MacSupporters/macvir.html
[Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold
account(s) via the web and shopping cart interfaces to help thwart
keystroke loggers and common viruses.]
Home firewalls:
http://rr.sans.org/firewall/home_user.php
http://www.physics.ucsb.edu/~pcs/cable_modem/cox_home.htm
http://www.firewallguide.com/
http://ec.rr.com/hfirewalls.html
http://www.practicallynetworked.com/pg/router_guide_index.asp
Microsoft Windows Update:
http://windowsupdate.microsoft.com/
[If you are a Windows User, you should be visiting this site regularly!]
Passphrase selection:
http://www.fin.ucar.edu/it/dsn/userdocs/pswdguide.htm
http://www.more.net/security/password.html
http://home.netscape.com/security/basics/passwords.html
http://www.unix-ag.uni-kl.de/~conrad/krypto/passphrase-faq.html
http://www.circa.ufl.edu/password/
http://www.cs.umd.edu/faq/Passwords.shtml
http://www.uic.edu/depts/accctest/accts/password.html
http://www.adpc.purdue.edu/BSC-Pete/passwrds.htm
*** e-gold Interfaces:
Web:
http://use.e-gold.com
Phone:
https://mobile.e-gold.com
Shopping cart interface (SCI) and automation interface information:
http://sci.e-gold.com
*** Questions?
If you have questions regarding the information communicated in this
message, please utilize the contact information provided on the e-gold
website:
http://www.e-gold.com/unsecure/contact.html
*** Announcement Archive
Communications sent via e-gold-announce are archived here:
http://www.e-gold.com/unsecure/lists.html
--------
Thank you for using e-gold!
---
You are currently subscribed to e-gold-announce as: cypherpunks at einstein.ssz.com
To unsubscribe send a blank email to leave-e-gold-announce-465237E at talk.e-gold.com
http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!
More information about the cypherpunks-legacy
mailing list