Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 6/27/07, Dennis Henderson <hendomatic () gmail com> wrote:
> Fergie nailed it? Yes, once the consumer PC is compromised, all bets are off
> is true. Thats why I pondered about the possibility of actually performing a
> secure transaction while compromised. Peter did provide one solution. Any
> other ideas?


I am assuming the CD-OS was the solution you were referring to, as the
Terminal Server app could always have screenshots taken of it.

Another possible solution could be for the banks to distribute a
TS/VPN client that would disconnect all other network connections for
a time, before, during, and after the transaction, with the added
precaution of deleting any files that were created during the "secure"
transaction before returning internet connectivity to the user.

P.s.: the banking app would have to be run from read only media

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.