How to Beat E-gold Hackers

Quote:

HOW TO BEAT THE E-GOLD HACKERS
- some good advice here.
This was passed on to me and it makes sense. Everyone should use it.
New E-g0ld H@cking software.
For years we have been using E-g0ld and it was only until one month ago that
we had the experience that people can often read about in forums when
someone's account has been h@cked and there is no sign of any intrusion
into the owner's computer.
Coincidently, on the day our E-g0ld account was h@cked we had been
performing thorough checking recommended by an expert to clean a PC of all
"unfriendlies". This led us to consider the fact that we are anything but
novices
when it comes to Windows Security and The Internet, so we had to ask
ourselves the question, "How could we continue using e-g0ld despite
performing all the recommended security precautions, when one of our
accounts still got cleaned out?"
We decided to investigate further and despite having no leads to follow, we
finally came across an answer. To cut a long story short, one day we by
chance came across h@ckers talking about techniques to h@ck e-g0ld
accounts. What transpired is that they had developed software, probably
with inside help, to crack e-G0ld passphrases.
Initially the purpose built software was supposed to be able to use a
technique called "brute-force" to try all possible combinations until a
successful passphrase was matched for any target E-g0ld account number.Our
initial reaction was, "How is this possible, since E-g0ld uses Turing
numbers?" Well apparently the Turing Numbers follow a pattern, which is
updated once per week, and can be calculated, using inside knowledge, which
the software uses to cr@ck E-g0ld passphrases as if there were no Turing
Number! Secondly, we asked, what about the recently introduced Account
Sentinel, which checks IP addresses and issues one-time passwords if they
do not match. Well this is only active when trying to login into an account
and NOT when a payment is made, which just requires a passphrase, and can
be set with a special code to empty the entire account!The next question
was what were the limitations of the E-g0ld h@cking software? Well currently
it works on passphrases which are of 10-characters consisting of letters and
numbers!The E-g0ld account that we had h@cked had a passphrase made up of
exactly 10 characters and a number, which is currently the maximum length
the software can cr@ck in a reasonable timescale. However, each extra
letter or digit increases the time to cr@ck the passphrase increase from
hours to days, to weeks/months/years, which means the longer the passphrase
the harder it is to crack, increasing geometrically with each character
added.
Ok, what's the moral of the story?
1) Increase the length of your passphrases to at randomly generated
alphanumeric characters of length 11 or more.
2) Include punctuation characters into your passphrase as the
h@cking software currently doesn't look for these characters, as
this would increase the time to find standard passphrases
significantly and therefore h@ckers will look for simpler codes to
cr@ck instead.
3) In the future the software will no-doubt be updated to look for
passphrases of length 11+ and will include punctuation characters.
However, what are on your side of the E-g0ld user are the real-world
bandwidth limitations, which would take current algorithms nearly
100-years to break passphrases of length 15. We would therefore
recommend passphrases of length 16 of more; including punctuation and your E-g0ld should be safe from cr@cking software in this lifetime!