PaulDotCom mailing list archives
Latest trend - Linux Boot CDs for Online Banking
From: reswob10 at gmail.com (craig bowser)
Date: Wed, 14 Oct 2009 12:07:46 -0400
Good points about the dangers of using a LiveCD. If the user doesn't create an updated LiveCD every few months or so, they could be in just as much danger as if they used their own machine. However, even with an out of date LiveCD, the risk of persistent malware is removed. That would eliminate the threat of keyloggers and such, right? Unless they surf somewhere else besides the bank web site or read email before doing their actual banking... Unless, of course, the malware has infected the bios. Sigh. Maybe I should just actually GO to the bank from now on. Reality banking is on its way back. Craig On Wed, Oct 14, 2009 at 8:52 AM, Tim Mugherini <gbugbear at gmail.com> wrote:
Again I agree but why use unpatched anything? As the risk would be lower if either system was patched. I think I am concerned more with the message to the end user more than anything (aka dont worry about patching is a quick fix and your good to go) On Wed, Oct 14, 2009 at 1:21 AM, Matt Lye <lyematt at gmail.com> wrote:Overall the risk is lower comparing unpatched Windows with unpatched Linux. Typically as long as the live CD is a recent version I wouldn't see much wrong about this method. -Matthew Lye You can do anything you set your mind to when you have vision, determination, and and endless supply of expendable labor. <No tree's were harmed during this transmission. However, a great number of electrons were terribly inconvenienced> On Wed, Oct 14, 2009 at 12:55 PM, Keith Pawson <keith at winnetworks.com>wrote:Seems that a few people in the public arena have started spreading the word about using a Linux Boot CD is the most secure way to do Internet Banking now :-0 Not just one source either: http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne t-banking.aspx<http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne%0At-banking.aspx> http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589 http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036 http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b ank_on.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b%0Aank_on.html?wprss=securityfix> http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d own_non.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d%0Aown_non.html?wprss=securityfix> http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking. html<http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.%0Ahtml> Am I right in saying this is actually a bad thing? I've listened to Paul and the gang go on about using live CDs such as Backtrack and so forth is a bad thing due to components being out of date and vulnerable - use them in a test network for research and education. So imagine people doing this and not updating the live CD for say 6 months or never and suppose they leave the thing running for a week or even worse all the time. In addition this does not mitigate against DNS spoofing, browser XSS and so forth, right? What do you guys think about this latest trend and what do you think the risks really are with this scenario? Cheers _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091014/05bb9789/attachment.htm
Current thread:
- Latest trend - Linux Boot CDs for Online Banking Keith Pawson (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking craig bowser (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking Dale Stirling (Oct 18)
- Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 19)
- Latest trend - Linux Boot CDs for Online Banking Ben Greenfield (Oct 20)
- Message not available
- Latest trend - Linux Boot CDs for Online Banking Michael Salmon (Oct 20)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
- Latest trend - Linux Boot CDs for Online Banking PJ McGarvey (Oct 21)
- Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Allen Deryke (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)