Latest trend - Linux Boot CDs for Online Banking

[gbugbear at gmail.com (Tim Mugherini)]

I agree. It is very short sighted. I read Krebs articles for quite some time
now and find his work to be fascinating and educational, but often slanted
against Windows. Regardless of OS' bias, I think he is doing his readers a
disservice with this article.

Yes - Linux is less targeted and there are less cross platform trojans in
the wild but I would consider using a live CD as the solution. In addition
to not being patched, it doesn't necessarily going to supply any protection
from an unsecured or compromised network, browser side attacks, spear
phishing, etc.. etc... etc..

I do know many who use dedicated  VM's or systems for online banking, etc...
but again these are fully patched, on trusted networks, etc..

Glad someone else caught the article and questioned it.

Tim



On Tue, Oct 13, 2009 at 10:55 PM, Keith Pawson <keith at winnetworks.com>wrote:

> Seems that a few people in the public arena have started spreading the word
> about using a Linux Boot CD is the most secure way to do Internet Banking
> now :-0
>
> Not just one source either:
>
> http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne
> t-banking.aspx<http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne%0At-banking.aspx>
> http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589
> http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036
>
> http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b
> ank_on.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b%0Aank_on.html?wprss=securityfix>
>
> http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d
> own_non.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d%0Aown_non.html?wprss=securityfix>
>
> http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.
> html<http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.%0Ahtml>
>
> Am I right in saying this is actually a bad thing?
>
> I've listened to Paul and the gang go on about using live CDs such as
> Backtrack and so forth is a bad thing due to components being out of date
> and vulnerable - use them in a test network for research and education.
>
> So imagine people doing this and not updating the live CD for say 6 months
> or never and suppose they leave the thing running for a week or even worse
> all the time. In addition this does not mitigate against DNS spoofing,
> browser XSS and so forth, right?
>
> What do you guys think about this latest trend and what do you think the
> risks really are with this scenario?
>
> Cheers
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091014/802128b2/attachment.htm