|
Eman Posted: Sun Feb 22, 2004 2:36 am Looking for faults and answers is all very well but how many of these failures have occured because the service e-gold account of the various admins have been hacked and the money stolen? COUNTLESS. And still the various Admins continue to use the e-gold facility as their "BANKER". WHY? Why are we constantly hearing of hackings at e-gold and not at other facilities like e-bullion, stormpay, evocash int-gold and others? Do these others charge too much for their services or what? And why do the various Admins still seem to prefer e-gold? And still the various Admins continue to stick with e-gold. Looks like if they have not already been hacked then it is reasonable to assume that it is only a matter of time and they too will be hacked leading to another massive and predictable failure. |
|
Eman Posted: Sun Feb 22, 2004 10:54 am So you are in Admin, Sceptre? You are saying that all those Admins who have gone down and blamed their inability to carry on business because their funds have been stolen at e-gold are lying? I must say that I find this scenario LESS believable than that all those thefts at e-gold are perpetrated by backroom staff at e-gold who need no passphrases in order to enter clients' accounts and steal. This state of affairs is in turn brought about by e-gold's own condition of use that "All spends are final". This means that the perpetrator can, at a stroke, switch funds from one account to another with no prospect of any repercussion. When e-gold receives a complaint of the theft, all they can do is place some kind of limit on the recipient account. Meanwhile the owner of that recipient account is free to enjoy his/her loot; let the account lie dormant, open another free e-gold account and carry on all over again, regardless. Sceptre, tell me, which scenario is more believable? Why would HYIP Admins not be hacked? What facility do you use yourself as an Admin to transact funds with your clients and what do you then do with the funds? Your answers may well help others. And that question again, Why is hacking 99% of the time at e-gold? |
|
Eman Posted: Mon Feb 23, 2004 1:20 am This is getting lively. But the point of my post was to discover why 99% of hackings take place at e-Gold.com rather than at their various competitors' and why, in the face of that evidence Admins appear to prefer the e-gold facility for the purpose of transacting money with their clients rather than the apparently safer facilities like e-Bullion, stormpay, IntGold, Evocash and others? Scepter offered the plausible view that the security at e-gold is second to none. That's as maybe, so why do they suffer more hackings than anyone else? I suggest that those "good" security measures at e-gold are against external threats which are probably very effective but quite useless against "inside jobbers". This is made all the easier for those thieving insiders by e-gold's own condition of you that says "All spends are final" ; which means that those insiders can steal from clients to their heart's content and continue to enjoy the proceeds of their crime virtually unmolested and undetectable. Any good answers? |
|
Doro Ajani Posted: Wed Feb 25, 2004 2:33 pm Eman, It could be that HYIP admins use e-gold because it's the oldest and most popular e-currency, and their potential investors are more likely to have an e-gold account than they are to have an e-bullion, gold money or pecunix account. Or, maybe the programs some Admins are piggybacking off of only accept e-gold as a means of deposit, and they don't want to incur extra expense converting e-bullion, pecus, or gold money grams into e-gold. I find it hard to believe that Admins would be careless with their e-gold passphrases, considering the size of a number of the HYIPs in the arena... Hmmm...who knows. Maybe this will prompt Admins of new HYIPs to not only accept e-bullion, pecunix or gold money, in addtion to e-gold for deposits, but to payout in these other e-currencies as well... |
|
We investigated and placed a value limit on account #589681 to prevent it from receiving additional funds. However, regrettably we are unable to refund your money because e-gold Ltd. (e-gold) is contractually prohibited from freezing e-gold accounts, releasing e-gold account records, or reversing e-gold spends in the absence of a court order or subpoena. You might want to consider obtaining some combination of help from a legal professional or law enforcement to obtain court order, if the size of your loss warrants expenditure of your resources (time and money) to resolve. If you have visited certain high yield investment websites you are vulnerable to malicious code being downloaded to your computer even though you may not have not clinked on any links in emails. There are malicious websites that tests your browser and if it is vulnerable, it uploads an hta file that runs a script. The script creates an executable file called netlog.exe, runs it, and then deletes it. This script changes your computer hosts file. Since the script deletes the executable file it probably will not be detected by antivirus software. You may want to check your computer host file for a fake e-gold entry. There are viruses such as this one: http://us.mcafee.com/virusInfo/defa...n&virus_k=99469 that plant fake entries in the host file which windows then uses instead of the correct IP address for the site. This JavaScript trojan drops an invalid Windows 'HOSTS' file onto the victim system when the web page containing the trojan script is viewed (with scripts enabled). The script itself is encrypted, decrypting itself when run (when the host web page is viewed in a browser). This Trojan drops a Windows HOSTS file onto the infected machine, resulting in subsequent requests to various hosts being redirected to a bogus host. Look in the below files for an e-gold entry and remove it. Where you will look will depend on the type of system you have. If you have Windows 95/98/Me, look in ( c:\windows\hosts) If you have Windows NT/2000/XP Pro, look in (c:\winnt\system32\drivers\etc\hosts) If you have Windows XP Home, look in (c:\windows\system32\drivers\etc\hosts) Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). Additional Windows ME/XP removal considerations http://vil.nai.com/vil/SystemHelpDo...eSysRestore.htm Below are some other ways an account can be compromised. These can easily be prevented with proper security precautions. 1) Never give your passphrase to anyone unless you want that individual to have total control of your account. 2) Your passphrase should never be used as the password for anything else. 3) You should also ensure that your anti-virus software is up to date then run a complete scan of your computer to see if it's infected. If your passphrase is changed using the "SRK" feature and the account is only accessed using the "SRK" feature, then your passphrase should be protected even if there is a Trojan virus on your computer. To change your passphrase using the "SRK" feature. a. Log into your account using your current passphrase. b. Click on the button that says, "account info" c. Scroll down to passphrase box and click in the box. d. Click on the button that says SRK e. A small window will pop up on your screen f. Enter your new passphrase by clicking on the numbers, letters or symbols in the pop-up window. You will see *** being added to the passphrase box as you use your mouse to click on the numbers, letters or symbols. *See note g. When ready to confirm your passphrase click on the arrow on the bottom right hand corner of the pop-up window. h. Confirm new passphrase using the same procedure you followed in item #6. i. Click update passphrase. *Note: For upper case letter click on the upper case "ABC", for lower case letters click on the lower case "abc", for numbers click on the "123", for symbols click on the "sym" 4) Ensure you have all the critical updates to your browser. If you are using Internet Explorer, you should be aware that there are numerous security holes. To check for critical updates to your Internet Explorer Browser please follow the below steps: a. Open your IE browser and click on "Tools". b. Click on "Windows Update". This will take you to the Microsoft Windows Update page. c. Click on "Product Updates" on the left side of the browser window. d. Your computer will then be scanned to see what updates you need. e. If there are any critical updates for your computer they will be listed. f. Follow the procedures on the page to download the critical updates. Below are some security sites, please review them; they're an important way to protect yourself and your e-gold. CERT Home Network Security http://www.cert.org/tech_tips/home_networks.html Common Sense Guide for Home and Individual Users http://www.isalliance.org/resources/ Microsoft Security Basics for Home Users http://www.microsoft.com/security/home/ NSA Security Recommendation Guides http://www.nsa.gov/snac/index.html Security Focus community homepage http://www.securityfocus.com/ Gibson Research. Info on Spyware, Shields-UP/port scan http://grc.com/default.htm Viruses & the MAC FAQ if you use an Apple http://www.sherpasoft.org.uk/MacVirus/ CERN antivirus support website http://support-antivirus.web.cern.ch/support-antivirus/ Password Recommendations at CERN http://security.web.cern.ch/security/passwords/ CERN Computer Security Recommendations http://security.web.cern.ch/security/Recommendations/ Thank You, Due Diligence Department |
|
wbremer Posted: Fri Feb 27, 2004 5:13 am "The highest tree catches the most wind". Ever heard of that? It is the same with Microsoft and e-Gold. They are most used and they are therefor also most targeted by hackers. Logical! And NO speculation here on my part. Eman: Quote: We know that the thefts at e-gold are inside jobs, so... Show me the proof. But of course you can't do that because you don't have any. People will always blame e-Gold. They will never believe that it is a problem (keylogger, backdoor-trojan, etc.) on their own systems. OK, sometimes it's not, but then they either spent into a SCAM-program with a framed spend-page, or the cliked a link in an email. Again, most people won't admit to that as they don't want to look stupid. |
|
Eman Posted: Fri Feb 27, 2004 12:54 pm Dear Doro and wbremer, Thank you so much for your calm and thoughtful input into something that is obviously very worrying for us all while we look for answers to the problem of incessant thefts at e-gold. Doro, this is the sort of response, as I see it, that one would expect from the "generals" as opposed to the work-a-day back-room staff "footman" working for his pay packet on Friday. The "general" usually has the overall well-being of the company at heart and will do his utmost to ensure the success of his "product". The "footman" on the other hand is most interested only in his/her own survival and is therefore likely to take advantage of any lapses that he can find while in that employment to augment his own situation if he can get away with it. This is where the most "bad apples" are to be found. Having said that I must say that punters are becoming increasingly aware of the existence of keyloggers, back-door trojans and the scam programs that are repleat on the net. I have, myself, very nearly been had; so convincing are some of these scams, assuming the names of reputable programs like Foreign-Fund.com, as they do, to try to fool punters into parting with their e-gold login details by spending into framed e-gold spend pages. Having obtained the login details it is then just a matter of accessing those accounts and extracting money. wbremer, that may be so but how does this and keyloggers and back-door trojans account for the fact that 99% thefts appear to occur at e-gold as opposed to the other facilities even given that e-gold, like Microsoft is the biggest player and therefore the most targeted? These keyloggers and back-door trojans and the like target only e-gold in our computers? We use these same computers to access our domestic family bank accounts on the net; most people hold far more money in these accounts than ever they will at an e-gold account; the thiefs must know that yet they choose to go for only e-gold? And the other e-currecy facilities? There is the experience of a punter whose e-gold account having been hacked and stolen from immediately re-formatted his drive. He restored windows and fortified his security with the latest firewalls, zonealarm and other hacker deterrents. He then logged into his e-gold account and changed his passphrase. He reported that within one hour of his doing that the thieves were back in his account again depositing $20 and extracting $300. Now, tell me who but the backroom "footmen" who do not need passphrases in order to enter accounts will have the savvy to by-pass such precautions? Doro and wbremer, do you see my problem? This is what makes me conclude that a lot of thefts are perpetrated in-house at e-gold. I am still open to convincing reasons to the contrary. Be safe, one and all. |
|
Originally Posted by sceptre
If you are looking for ultimate security, even check the certificate each time that you visit the e-gold site.
And Use a browser which is secure, i.e. Not Internet Explorer. |
|
Originally Posted by Arnett
Why would E-gold bother with hacking a few accounts?
It's a mutimillion dollar business, they need to protect their reputation at all costs. They are just now beginning to open a door to online retail businesses around the world, the market potential is huge and they need that reputation to stay intact. Hacking a few accounts as compared to the potential goal of being No.2 behind Paypal just doesn't add up. Also I'd be very, very surprised if a rogue E-gold employee(s) were able to get away with anything for this long of a period. No way. These people aren't slouches when it come to security, for sure they'd do regular employee computer sweeps and checks. When you pit E-gold's enormous potential growth against a 3% (estimate/guess) incident of account hackings it just doesn't make sense. |
|
Originally Posted by memorex
Quote:
Internet Explorer is not a problem with e-gold, the user is the problem. |
| The payload, which can come as a .zip attached archive file or as a MIME HTML file, infects the system when the .zip file is opened, or when the HTML message is viewed. The latter technique exploits the as-of-yet-unpatched IE vulnerability to infect users smart enough to know not to launch an attached file. |