[e-gold-list] Re: Shockingly-positive media coverage of e-gold
security-measure
Viking Coder
vikingcoder at gmail.com
Thu Aug 31 16:33:40 MDT 2006
> a second page that displays an icon I chose when they set
> this system up
The funny part is that that is utterly worthless. It's like putting
the house key under a rock and posting a sign to the door that says
"key under that rock".
The phisher mimics the first page and asks for your username. A script
then takes your username, sends it to the real website and extracts
the key icon. The phisher's second page shows you the key icon and
asks for your password.
A similar method is used by spammers to defeat the captcha (turing
image) when bulk-creating email accounts. On a random "free porn"
website, show the extracted turing image before allowing the user to
view the next porn pic.
As for the validity of the image swapper... It is easy to set up (no
site needs access to that image except e-gold.com) and it provides
another clue to the potential victim - the status bar showing "loading
from [phish site address]" rather than "loading from e-gold.com". No
cost with a marginal return, although very helpful when it does work,
means that it is a keeper.
Viking Coder
___________
http://www.vikingcharts.com
---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
More information about the E-gold-list
mailing list