There is only one way to have good security on epassporte - GoFuckYourself.com

Klen · 01-02-2008, 09:37 AM

I examined other p2p systems and concluded each of these system can be comprimised if hacker got your username and password.
Some of them have additional protection like requiment of putting birthday info during each send but that info can be founded very easily in most cases and it doesnt help much.
So that means people who blame epass for bad security they blame it without valid reason.
So i conclude there is only way to prevent situation where your money gone:disable p2p send transfer.
In most cases webmasters uses epass so they can get faster withdraw and they dont need to send money to anyone.
Even if someone need to pay hosting and similar things,they can still use virtual visa electron which cannot be abused as p2p send transfer.
So epassporte need to allow their users to disable p2p send option if they want to do it and voila,no more problems with hacked accounts.

scottybuzz · 01-02-2008, 09:39 AM

Genius. I think you just sovled all the fraud problems in the world there Klentelaris. Complete genius.

dready · 01-02-2008, 09:42 AM

Not a bad idea. I could get along just fine without that option.

FredIsMe · 01-02-2008, 09:43 AM

Bump for epassporte folks

01-02-2008, 09:48 AM

Why not have a digital password system that requires you to have a piece of hardware that changes passwords every 10 seconds on you at all times in order to login?

xmas13 · 01-02-2008, 09:51 AM

Epassporte is a one-man show, this, is epassporte's main problem.

dready · 01-02-2008, 10:07 AM

Quote:

Originally Posted by bdjuf

Why not have a digital password system that requires you to have a piece of hardware that changes passwords every 10 seconds on you at all times in order to login?

Good idea also. Paypal will send you an RSA SecurID tag for only $5.

QTbucks_Mark · 01-02-2008, 11:20 AM

Quote:

Originally Posted by bdjuf

Why not have a digital password system that requires you to have a piece of hardware that changes passwords every 10 seconds on you at all times in order to login?

Or use plain old one-time transaction codes like almost every sane banking system.

Actually, why doesn't epassporte do this? Just send a letter with 50 or so one-time codes via mail, charge a dollar or two for the postage fee and advertise it as brand-new-foolproof-and-almost-unbreakable-security-feature or something like that...

Of course someone still could gain access, but getting your username, password, the new security question AND a piece of paper nobody but you has - that's pretty damn hard. Justy my

Klen · 01-03-2008, 08:24 AM

Quote:

Originally Posted by bdjuf

Why not have a digital password system that requires you to have a piece of hardware that changes passwords every 10 seconds on you at all times in order to login?

Or simply token which generates unique pin every time when you need to login(one bank has that and it works fine).Impossible to have unauthorized access.Unless someone have your token and knows pin of token

nico-t · 01-03-2008, 09:04 AM

well... then they have to secure the option to disable p2p transfers too, otherwise the hacker can simply enable it when he got the good old username and password... i think the best way is just not being a fool when it comes to your pass, and also change it once in a while.

DamageX · 01-03-2008, 09:08 AM

Disable P2P transfers for me and I drop epassporte faster than you can say drop.

01-02-2008, 09:37 AM	#1
Klen Industry Role: Join Date: Aug 2006 Location: Little Vienna Posts: 32,235	There is only one way to have good security on epassporte I examined other p2p systems and concluded each of these system can be comprimised if hacker got your username and password. Some of them have additional protection like requiment of putting birthday info during each send but that info can be founded very easily in most cases and it doesnt help much. So that means people who blame epass for bad security they blame it without valid reason. So i conclude there is only way to prevent situation where your money gone:disable p2p send transfer. In most cases webmasters uses epass so they can get faster withdraw and they dont need to send money to anyone. Even if someone need to pay hosting and similar things,they can still use virtual visa electron which cannot be abused as p2p send transfer. So epassporte need to allow their users to disable p2p send option if they want to do it and voila,no more problems with hacked accounts.

01-02-2008, 09:39 AM	#2
scottybuzz Too lazy to set a custom title Industry Role: Join Date: May 2006 Location: NY Posts: 14,800	Genius. I think you just sovled all the fraud problems in the world there Klentelaris. Complete genius. __________________ $$$$$ MAKE HUGE MONEY IN CAMS - CLICK HERE $$$$$

01-02-2008, 09:42 AM	#3
dready Confirmed User Industry Role: Join Date: Oct 2002 Location: Toronto, ON Posts: 5,247	Not a bad idea. I could get along just fine without that option. __________________ ICQ: 91139591

01-02-2008, 09:51 AM	#6
xmas13 Confirmed User Join Date: Dec 2004 Location: GFY Posts: 5,176	Epassporte is a one-man show, this, is epassporte's main problem. __________________ ICQ 557504926

01-03-2008, 09:08 AM	#11
DamageX Marketing & Strategy Industry Role: Join Date: Jun 2001 Location: Former nomad Posts: 14,293	Disable P2P transfers for me and I drop epassporte faster than you can say drop. __________________ Whitehat is for chumps If you don't do it, somebody else will - true story!

01-02-2008, 09:43 AM	#4
FredIsMe So Fucking Banned Join Date: Dec 2004 Location: Livin' in America Posts: 2,406	Bump for epassporte folks

01-02-2008, 09:48 AM	#5
buddyjuf Guest Posts: n/a	Why not have a digital password system that requires you to have a piece of hardware that changes passwords every 10 seconds on you at all times in order to login?

01-03-2008, 09:04 AM	#10
nico-t emperor of my world Join Date: Aug 2004 Location: nethalands Posts: 29,903	well... then they have to secure the option to disable p2p transfers too, otherwise the hacker can simply enable it when he got the good old username and password... i think the best way is just not being a fool when it comes to your pass, and also change it once in a while.