PaulDotCom mailing list archives
Latest trend - Linux Boot CDs for Online Banking
From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Thu, 22 Oct 2009 09:10:38 +0100
I reckon this would be a support nightmare. Old PCs, BIOS configuration and broken cup holders would hamper adoption and you'd end up fielding general support calls. I'm currently using a chip and pin device to authorise online banking transactions. Are there any current malware sophisticated enough to counter this? Seems to be a tried and trusted solution. Jim On 21/10/2009, PJ McGarvey <pj_mcgarvey at hotmail.com> wrote:
I didn't read the whole article, but I wonder if this would be best suited
for large transactions, say over $1000? The bank could use some other
means to verify the user is using its live cd, before allowing the
transaction. Or what if they integrated some sort of bootable distro on a
usb fob that has a certificate built-in for use with two-factor
authentication? Even combine that with some out-of-band type of
authentication, like a PIN sent to your cell phone.
Of course, if the banking session were still compromised, and the Bank
states there is no recourse if you use the live CD, then you're SOL...
Bruce Schneier has written some stuff about "authenticating the transaction"
-PJ
Date: Mon, 19 Oct 2009 08:49:07 +0100
From: jim.halfpenny at gmail.com
To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] Latest trend - Linux Boot CDs for Online Banking
2009/10/18 Dale Stirling <dale at puredistortion.com>
This is definatly a short term fix as I this becomes a major trend it
will just shift the attackers focus to the OS's on these live CD's.
Then we are in the same position that we are now having users that
have a false sence of security from a quick fix that had a limited
life span.
As said before I think a patched system and user education are the way to
go.
I can see where the banks are coming from with this, since it may be
possible to safely use a computer infected with current banking trojans
when booting from a live CD. Penetration into the market will probably be
low so malware pushers may not target this platform. However, even if this
were an minimal environment which auto-updated on boot up I reckon this
would be too slow for Joe Blow. I have doubts whether people would reboot
into a different OS in order to gain some additional security.
Jim
-- Sent from my mobile device
Current thread:
- Latest trend - Linux Boot CDs for Online Banking Keith Pawson (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking craig bowser (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking Dale Stirling (Oct 18)
- Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 19)
- Latest trend - Linux Boot CDs for Online Banking Ben Greenfield (Oct 20)
- Message not available
- Latest trend - Linux Boot CDs for Online Banking Michael Salmon (Oct 20)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking PJ McGarvey (Oct 21)
- Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Allen Deryke (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)