This paper is not intended to teach how to break down e-gold account but I want to show that it is very easy to do because it beware!
Starting from break account eg a member who, after I track turned out to use the IP from Albania, so I trick myself for accidentally trapped by hackers earlier. Here's the story ...
The methods used by hackers is to send an email with the subject "Notification of e-gold account update" saying that my account diblock eg for security reasons because the number of hacker attacks. But this email successfully identified by Antispam me. That's why I pretended not to know and try clicking on the link provided hacker tsb is: "Respond to this notification" that when I go to check out his link here: http://www.e-gold.com-x.in / acct / login.html is quite clever because the domain is com-x.in (in = India), while the www.e-gold.com is simply a sub domain! Email e-gold.com name but after I check the IP address is: 64.224.109.64 from VIRGINIA, USA. Whether or not this proxy.
Okay, let's follow the will of the hacker. When I click on it
hackers had set up a page that is very similar to e-gold.com page (not hard because there are s / w kind of HTTP Track, Web Copier or Firebug that can be used to menciplak website), he asked for an account id and password and turing code, then I follow and when finished enter then I open my account from a link eg the original, the result: MY ACCOUNT TO BE ZERO! Remarkable only takes a few seconds only! (I deliberately leave some usd for the hacker can feel successful.)
Well, how do they work? Quite simply, the hacker had set up a script from the API e-gold.com password so that when I fill it directly to Spend into account these hackers. This is where the weakness of E-gold.com is not the availability of TAP or PIK to protect Spend / Payment.ActSen on e-gold.com also can be tricked to install the device NAT (Network Address Translation) on the target computer.
Conclusion:
We recommend that you do not use e-gold anymore because the security system is very weak. Proposed improvements I have asked several months ago but e-gold so far do not take any action!
Any sophisticated your password MUST be broken. The only way is the addition of a layer of security through:TAP alias PIK
2. Block or Allow specific IP
3. Limit to Spend / Payment
4. Key Token such as BCA (though the algorithm can still be uprooted also tokens)
So, the point must use a combination of the above safety, security minimum numbers 1 through 4 MUST BE THERE! Once again, beware, beware!
