[News] Banks Look into Online Banking with Live CDs - Linux

This is a discussion on [News] Banks Look into Online Banking with Live CDs - Linux ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Practical Linux home security ,----[ Quote ] | Indeed, some banks have even been looking into Linux Live CDs for their | customers to use. In this circumstance, Internet banking users would boot | ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [News] Banks Look into Online Banking with Live CDs

  1. [News] Banks Look into Online Banking with Live CDs

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Practical Linux home security

    ,----[ Quote ]
    | Indeed, some banks have even been looking into Linux Live CDs for their
    | customers to use. In this circumstance, Internet banking users would boot
    | their computer from the Linux CD and then perform their online banking within
    | a Linux environment. If you already use Linux then this is not really
    | necessary, but it is a testament to the perception of the security and safety
    | Linux offers end users over Microsoft Windows.
    `----

    http://www.itwire.com/content/view/18411/1143/


    Recent:

    Bots rule in cyberspace

    ,----[ Quote ]
    | USA TODAY REPORTS that on an average day, 40 per cent of the 800 million
    | computers connected to the Internet are bots used to send out spam, viruses
    | and to mine for sensitive personal data. ┬*
    `----

    http://www.theinquirer.net/gb/inquir...ule-cyberspace
    http://www.usatoday.com/tech/news/co...-botnets_N.htm


    Security? - Don't Bank on It

    ,----[ Quote ]
    | A useful article here dissecting what's wrong with the latest version of the
    | UK Banking code...
    |
    | [...]
    |
    | Since GNU/Linux users tend not to run anti-virus programs, and don't use
    | traditional firewalls: does that mean they're always liable?
    `----

    http://opendotdotdot.blogspot.com/20...ank-on-it.html


    New banking code cracks down on out-of-date software

    ,----[ Quote ]
    | The banking industry has re-affirmed a policy that makes online banking
    | customers responsible for losses if they have out of date anti-virus or
    | anti-phishing protection. New Banking Codes for consumers and businesses took
    | effect on Monday.
    `----

    http://www.theregister.co.uk/2008/04...ing_code_2008/


    Related:

    Online banking fraud 'up 8,000%'

    ,----[ Quote ]
    | The UK has seen an 8,000% increase in fake internet banking scams
    | in the past two years, the government's financial watchdog has warned.
    |
    | The Financial Services Authority (FSA) told peers it was "very concerned"
    | about the growth in "phishing".
    `----

    http://news.bbc.co.uk/1/hi/uk_politics/6177555.stm


    Secure web browsing through Live Linux distros

    ,----[ Quote ]
    | Banking isn't the be-all and end-all: there's many other reasons you'd
    | want a secure system, separate from what's on the hard disk, besides
    | Internet banking. Traveller's can't necessarily trust the integrity of
    | a computer in an Internet cafe.
    `----

    http://www.itwire.com.au/content/view/13292/53/


    NZ banks demand a peek at customer PCs in fraud cases

    ,----[ Quote ]
    | The code also adds: "We reserve the right to request access to your computer
    | or device in order to verify that you have taken all reasonable steps to
    | protect your computer or device and safeguard your secure information in
    | accordance with this code.
    `----

    http://www.computerworld.com/action/...tsrc=news_list


    Linux FlyBuys into financial transactions

    ,----[ Quote ]
    | Linux may be an operating system synonymous with a flightless
    | bird, but Loyalty Pacific, the company behind popular retail
    | loyalty and rewards program FlyBuys, has announced it will
    | jet its infrastructure to open source software.
    `----

    http://www.linuxworld.com.au/index.p...98;fp;2;fpid;1


    FNB [South African Bank] switches 12 000 desktops to Linux

    ,----[ Quote ]
    | With 12 000 desktops switching to Linux this is very likely the
    | most significant Linux and open source implementation in South
    | Africa to date.
    `----

    http://www.tectonic.co.za/view.php?id=1562


    Swedish bank hit by 'biggest ever' online heist

    ,----[ Quote ]
    | Haxdoor typically installs keyloggers to record keystrokes, and
    | hides itself using a rootkit. The payload of the .ki variant of
    | the Trojan was activated when users attempted to log in to the
    | Nordea online banking site. According to the bank, users were
    | redirected to a false home page, where they entered important
    | log-in information, including log-in numbers.
    `----

    http://news.zdnet.co.uk/security/0,1...9285547,00.htm


    In zombies we trust

    ,----[ Quote ]
    | A little over a year ago, I wrote an editorial where in back-of-the-envelope
    | style (.pdf) I estimated that perhaps 15-30% of all privately owned computers
    | were no longer under the sole control of their owner. In the intervening
    | months, I received a certain amount of hate mail but in those intervening
    | months Vint Cert guessed 20-40%, Microsoft said 2/3rds, and IDC suggested
    | 3/4ths. It is thus a conservative risk position to assume that any random
    | counterparty stands a fair chance of being already compromised. ┬* ┬* ┬*
    `----

    http://blogs.zdnet.com/security/?p=661


    Microsoft's 10Q Risk Factors Lists Conceivable Liability for Data Leaks

    ,----[ Quote ]
    | Improper disclosure of personal data could result in liability and harm our
    | reputation. We store and process significant amounts of personally
    | identifiable information. It is possible that our security controls over
    | personal data, our training of employees and vendors on data security, and
    | other practices we follow may not prevent the improper disclosure of
    | personally identifiable information. Such disclosure could harm our
    | reputation and subject us to liability under laws that protect personal data,
    | resulting in increased costs or loss of revenue. Our software products also
    | enable our customers to store and process personal data. Perceptions that our
    | products do not adequately protect the privacy of personal information could
    | inhibit sales of our products.
    `----

    http://www.sec.gov/Archives/edgar/da...25854/d10q.htm


    Experts are calling for product liability for software

    ,----[ Quote ]
    | "Product liability does not apply to software," Gerald Spindler
    | of the Faculty of Law of the University of G├Âttingen complained.
    | "But what if a whole company comes to a standstill due to faulty
    | software?" he mused.
    `----

    http://www.heise.de/english/newstick...932/from/rss09


    ,----[ Quote ]
    | Ah, from the horse's mouth: Microsoft just might be held legally
    | responsible for selling software that is insecure.
    `----

    http://www.groklaw.net/article.php?s...06112223522439
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFIOYuJU4xAY3RXLo4RAgSSAKCcklvNfaMyChwlHMZvLL utoVXjDACcCmnl
    OMmaKaZ+pw6LSTkdfAZcQOU=
    =szF7
    -----END PGP SIGNATURE-----

  2. Re: [News] Banks Look into Online Banking with Live CDs

    Roy Schestowitz wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Practical Linux home security
    >
    > ,----[ Quote ]
    > | Indeed, some banks have even been looking into Linux Live CDs for their
    > | customers to use. In this circumstance, Internet banking users would
    > | boot their computer from the Linux CD and then perform their online
    > | banking within a Linux environment. If you already use Linux then this
    > | is not really necessary, but it is a testament to the perception of the
    > | security and safety Linux offers end users over Microsoft Windows.
    > `----
    >
    > http://www.itwire.com/content/view/18411/1143/



    That would be the best thing they and a very many other security
    conscious organisations could possibly do in my opinion.


    WINDUMMY OSen is now unrepairable. More viruses, spyware, botnetware and
    malware are released per day than all the Micoshaft, its partners, and
    anti-virus companies and their engineers can release fixes.

    The micoshaft platform is un-repairable.
    You can and SHOULD get sacked for installing or recommending
    Micoshaft products in secure internet facing, banking and government
    applications.

    Time to move everything over to Linux to protect company assets
    and government assets.

    http://www.livecdlist.com
    http://www.distrowatch.com


  3. Re: [News] Banks Look into Online Banking with Live CDs

    7 espoused:
    > Roy Schestowitz wrote:
    >
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> Practical Linux home security
    >>
    >> ,----[ Quote ]
    >> | Indeed, some banks have even been looking into Linux Live CDs for their
    >> | customers to use. In this circumstance, Internet banking users would
    >> | boot their computer from the Linux CD and then perform their online
    >> | banking within a Linux environment. If you already use Linux then this
    >> | is not really necessary, but it is a testament to the perception of the
    >> | security and safety Linux offers end users over Microsoft Windows.
    >> `----
    >>
    >> http://www.itwire.com/content/view/18411/1143/

    >
    >
    > That would be the best thing they and a very many other security
    > conscious organisations could possibly do in my opinion.
    >


    I completely agree. It would be quite interesting for banks to issue
    LiveCDs to customers which are sufficiently well locked-down that they
    can only access the bank's own websites. This would completely and
    permanently end the phishing attack. If the bank were even more clever,
    they could send out, separately, a USB key, only usable with the CD sent
    to the proper customer (swap keys, like ssh does), which the customer
    could keep on a keyring, and insert once the LiveCD has started-up in
    order to authenticate at the bank.

    Once the bank has asked the pertinent question, "what's your name",
    the CD and USB key could be validated, and off you go if all is well.

    If the CD, USB key or name are not correct, then transactions could be
    halted. Similarly, the customer could telephone the bank should any of
    these go missing.

    By encrypting the data on the USB key and perhaps using an encrypted
    filesystem, the whole thing could be made very difficult indeed to crack.


    >
    > Time to move everything over to Linux to protect company assets
    > and government assets.
    >
    > http://www.livecdlist.com
    > http://www.distrowatch.com
    >


    It would be much safer than chip & pin.

    --
    | mark at ellandroad dot demon dot co dot uk |
    | Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
    | Cola trolls: http://colatrolls.blogspot.com/ |
    | Open platforms prevent vendor lock-in. Own your Own services! |


+ Reply to Thread