[e-gold-list] RE: two factor cracked - VNUNet.com

[George Hara]

Viking,


> > Such things would continue happening until a hardware isolated solution
> > will be developed.
> 
> There is absolutely no amount of security (provider-based, user-level
> hardware, etc...) that can overcome the user's willingness to hand
> over access to a social engineering con artist.

That is like saying "no program can protect against a brick falling on
someones head". The purpose of the program is to offer a technological
solution to people who want to protect their money INSIDE the money
issuer. What people choose to do with the money is their choice, not
mine to police.

Anyway, there are ways to protect John Doe's data even from such
actions. Only that "John Doe" refers to the average person, not to an
idiot.

But this way, people who are highly motivated to protect their money,
will have the strongest possible technological solution. It's diversity
of choice.


> > will provide users with authentication on each action they want to make
> 
> The user will jump through all of these additional hoops, verify the
> authentication and click "confirm". The con artist will walk away with
> the money, or the requested action completed, laughing all the way.

If you are referring to con artists who can convince people to pay for
inexistent 5'000 bucks plasma TVs, then sure, that would happen. But
once, again, the purpose of the program is to offer a technological
solution to people who want to protect their money INSIDE the money
issuer, not when they spend their money.

If you are not referring to this, then you have to first understand that
documents are generated on PDAs, and are not a response to a challenge
generated by a website. So, a user can't press "Confirm", but can
download the websites service descriptor and then go through the payment
wizard, and finally execute the resulted file on a computer connected to
the Internet. This is a string of conscious choices directed by a
standard which the user can easily understand and learn.


> > If it will catch on, one day it will run on dedicated device, that is, with hardware code protection.
> 
> Will it determine whether the user is being a gullible mark or is
> processing a legitimate transaction?

Again, people spend their money on what they want. My goal is to
technologically secure data.


> > This way, even with a gun pointed at one's head [...]
> 
> Why use a gun when it is easier to just ask?

Because when one wants to rob a bank, one usually uses guns, not "pretty
pleases".


---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com

Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.