PaulDotCom mailing list archives
Latest trend - Linux Boot CDs for Online Banking
From: dale at puredistortion.com (Dale Stirling)
Date: Mon, 19 Oct 2009 07:38:12 +1100
This is definatly a short term fix as I this becomes a major trend it will just shift the attackers focus to the OS's on these live CD's. Then we are in the same position that we are now having users that have a false sence of security from a quick fix that had a limited life span. As said before I think a patched system and user education are the way to go. On 10/15/09, craig bowser <reswob10 at gmail.com> wrote:
Good points about the dangers of using a LiveCD. If the user doesn't create an updated LiveCD every few months or so, they could be in just as much danger as if they used their own machine. However, even with an out of date LiveCD, the risk of persistent malware is removed. That would eliminate the threat of keyloggers and such, right? Unless they surf somewhere else besides the bank web site or read email before doing their actual banking... Unless, of course, the malware has infected the bios. Sigh. Maybe I should just actually GO to the bank from now on. Reality banking is on its way back. Craig On Wed, Oct 14, 2009 at 8:52 AM, Tim Mugherini <gbugbear at gmail.com> wrote:Again I agree but why use unpatched anything? As the risk would be lower if either system was patched. I think I am concerned more with the message to the end user more than anything (aka dont worry about patching is a quick fix and your good to go) On Wed, Oct 14, 2009 at 1:21 AM, Matt Lye <lyematt at gmail.com> wrote:Overall the risk is lower comparing unpatched Windows with unpatched Linux. Typically as long as the live CD is a recent version I wouldn't see much wrong about this method. -Matthew Lye You can do anything you set your mind to when you have vision, determination, and and endless supply of expendable labor. <No tree's were harmed during this transmission. However, a great number of electrons were terribly inconvenienced> On Wed, Oct 14, 2009 at 12:55 PM, Keith Pawson <keith at winnetworks.com>wrote:Seems that a few people in the public arena have started spreading the word about using a Linux Boot CD is the most secure way to do Internet Banking now :-0 Not just one source either: http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne t-banking.aspx<http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne%0At-banking.aspx> http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589 http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036 http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b ank_on.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b%0Aank_on.html?wprss=securityfix> http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d own_non.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d%0Aown_non.html?wprss=securityfix> http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking. html<http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.%0Ahtml> Am I right in saying this is actually a bad thing? I've listened to Paul and the gang go on about using live CDs such as Backtrack and so forth is a bad thing due to components being out of date and vulnerable - use them in a test network for research and education. So imagine people doing this and not updating the live CD for say 6 months or never and suppose they leave the thing running for a week or even worse all the time. In addition this does not mitigate against DNS spoofing, browser XSS and so forth, right? What do you guys think about this latest trend and what do you think the risks really are with this scenario? Cheers _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Sent from my mobile device
Current thread:
- Latest trend - Linux Boot CDs for Online Banking Keith Pawson (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking craig bowser (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking Dale Stirling (Oct 18)
- Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 19)
- Latest trend - Linux Boot CDs for Online Banking Ben Greenfield (Oct 20)
- Message not available
- Latest trend - Linux Boot CDs for Online Banking Michael Salmon (Oct 20)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking PJ McGarvey (Oct 21)
- Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Allen Deryke (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)