Slashdot Mirror
LiveCD for Secure Web Browsing?
An anonymous reader asks: "Say you want to do your online Internet banking on your home PC, with a bank that lets you send actual money to complete strangers online, and you want to be really, really sure that some hacker isn't stealing your password or your money or both. You don't fully trust Windows, despite your best efforts to keep it secure, and you know that no OS installed on a hard disk is guaranteed secure or immune to root-kits and the like. You know enough about computer security to know that you are always just one careless mouse click or one security hole away from being screwed. You've read the advice from your bank, which says 'turn up' your security settings (whatever that means), and don't click on 'unknown' links (ever). So what you really need is a bootable CD with software so simple and stripped down that it lets you browse the web and nothing else. The nearest I can think of is one of the Linux mini-LiveCD's with Mozilla or some other browser included, such as Damn Small Linux, or ByzantineOS. Such a system shouldn't even know how to speak to your hard drives. Do Slashdot readers know of anything like this?"
Seriously, there's such a thing as an overabundance of caution.
How many condoms do you wear during sex? Wait, let me guess, you don't even go into a room with anyone who's ever had sex.
You can't live you life like that.
Ecce Europa - Web Design for Business
Just using Knoppix/DSL should be enough, you don't have to worry about the CD being able to access the harddrive. Just use a base Mozilla with no extensions or whatever, and type in your bank's URL manually and don't do anything else. That should make you 99.99999% safe, excepting the .00001% chance God and Jesus hate you and are conspiring to ruin your life. Good luck.
I hate grammar Nazi's.
Knoppix with Mozilla ought to be fine for the software end of things, but the hardware could be compromised too. Someone could have a hardware keylogger such as the KeyKatcher . Building your own computer from scratch is the only way to really be sure. And by "from scratch" I mean from the raw ore.
This post written under Gentoo-linux with an SCO IP license.
Just run an old version of BeOS!
No one writes Malware for BeOS!
Wow, that's paranoid. What kind of transactions are you planning? Transfer of $28,000,000.00 to Farouk Bello, Executive Director of the Comercial Bank of Africa (Nigerian division)?
Why is anything anything?
I honestly don't understand the problem here. You answered your own question, use a live cd. There are plenty of live cd's out, pick one and go with it. If your using dialup, then use a meta-live-cd-distro to roll your own live cd that includes drivers for your modem. You'll never be 100% secure. Even if you use a live cd and keep your side 100% secure (impossible) then what about on the other end?
Famous Last Words: "hmm...wikipedia says it's edible"
If you're really that worried about it, why not just drive to the nearest branch? Even then its not 100% secure, because the teller is still using a comptuer connected to the bank's network, which is in turn connected to the internet (even of not directly).
Knoppix should be enough for what you're talking about, tho.
Nicholas Brand (who I believe has posted here before) has compiled a great looking List of Live CDs.
Looks like they are even categorized quite extensively too. You should find at least something to ease your paranoia. But if you don't, you can make your own with Morphix, which is sort of a customizable Knoppix, and even has a how-to for something similar to what you want.
It's admirable that you would know enough to avoid using windows / I.E. when trying to have secure transactions over the web. However, running any flavor of Linux is enough to guarentee a realistic amount of security. The .00000001% chance that someone is going to root your Knoppix distro is far smaller than the .000001% chance that someone has rooted the router at your ISP and is now rerouting all traffic from your bank site through their man in the middle. It's far less than the .01% chance that someone will just steal your identity through traditional means and clean you out properly.
In other words, balance risks. I.E. is a nasty mess that anyone can root with a little googling. Mozilla is pretty secure, Mozilla on Linux even more so, and Mozilla on Linux on PPC is pretty darned solid... to the point that other links in the chain become the weak one. Focus on those next, or realize that the Man in the Middle attack is basically undefeatable short of getting a second ISP.
Of course you could always call your bank and conduct your business like that, but it is far more difficult to root an ISP than it is to tap a phone line...
The ______ Agenda
Personally, I could get by with a standard Knoppix CD if I really felt I needed the extra security for web browsing. So could the majority of slashdotters. But Knoppix would be a little tricky for the non-Linux user. So, I thought that a totally automated LiveCD for secure web browsing would be great for the average computer user - the very users who most frequently have spyware on their systems.
As I thought about the idea, I came up with a few major complications:
Many people are still on dialup or have weird login processes to get internet access - not the simple DHCP that I have at home and work. Most modems are of the "winmodem" variety, PPOE is often a mystery even in Windows, and let's not forget AOL's proprietaryness.
Then I thought about printers. Invariably, you'll want a hard copy of some sort of banking transaction. That should prove to be lots of fun to get working. Unfortunately, most folks don't have Postscript printers at home, and text mode won't cut it. So printer drivers and settings will be an issue.
Assuming you could step the average user through the two biggest troublespots above (and assuming there are NO other problems, yeah right) using a LiveCD without saving the configuration somewhere would become tiresome very quickly. So, some local storage would be required, i.e. hard drive, USB drive, or perhaps a floppy. So, saving configuration information somewhere should prove to be even more fun for Linux newbies.
Some other things to consider: access to email (if you're not using webmail), the time to cycle between Linux and Windows (LiveCD's are "fast" when you're in a jam, but I wouldn't want to boot one everyday just to spend 10 minutes on my Bank's website!), web browser compatibility (depends on the bank), Personal Finance Software (what's the point in all this if Quicken or MS Money is going to connect through a suspect Windows installation anyways?).
In the end, I just didn't see any easy way for the average computer user to have access to something like this - at least not until internet connection technologies get a lot more standardized or someone is willing to do a LOT of work on the Linux distribution side. I became disenchanted with the idea and forgot about it... until this Ask Slashdot. Well, that's my CAD 0.02 - it's a good question/idea, and I hope that someone else has a more positive answer.
A keystroke logger could easily be wired in, or simply plugged in the back... waiting for you to enter your credentials.
If you can't trust the computing platform, all bets are off.
While perhaps not ideal for taking to your parents house, I recently went through the steps necessary to boot puppy linux entirely from PXE. So far it is the only linux distro I have found that can do this (and load X). Very nice, but still needs some more polish.
Check it out. It has bootable CD and Compact Flash versions.
if you're worried about your money, then securing your money is the main thing. Securing the computer is useful, but there are numerous other things involved. The people holding your money are usually the banks and other financial institutions. Their online banking apps and _processes_ may not be that secure (cross site scripting attacks etc)- since most are quite new to it and haven't been burnt enough yet. Plus depending on your setup you may be reliant on your ISP to provide you the right IP address for your online banking site (and the dns traffic has to be untampered with). If you somehow get the wrong IP address you could be screwed too- unless you connect directly to the site using https and check the certs (that's assuming you ALWAYS make sure the fingerprints are the same and don't transact if fingerprints change, OR you trust the CA to NEVER incorrectly issue certs to the wrong parties - verisign has screwed up before with an MS cert).
Because of that and so many other issues, if you are really worried about your money, try to get your bank to not allow online transfers, or only to selected accounts - e.g. to the bank account you use for credit card payment. If the bank doesn't allow that, then do you feel your money is safe in that bank? If no, then change banks- or keep the bulk of your money in a safer bank and transfer money from the unsafe one to the safer one. You can often also get the bank to limit the amount transferred per day.
For online payment (and offline where reasonable) pay everyone else using your credit card. That way if anything goes wrong, at least it's not _your_money_ that's gone - it's the card issuer's money that's gone or the Merchant's (or some other party, just not you!) - in which case while you're going through all the legal processes to fix things, you still have money to live on, and the pressure is on the OTHER parties involved to get things fixed, you can actually be a bit more passive. In contrast, if it's your money that's gone, often the rest could be sitting around whilst you'd be the one burning up the phone lines trying to fix things.
In conclusion, allowing money to be transferred online from your account to random parties is quite insecure even if it's with your permission, and even if it's your own hardware and software, coz unlike ATM transfers, you and the bank are _unlikely_ to control everything else involved in the transaction. Plus the devices involved often do other things as well.
I have checked out a bank's online app before (with their permission as part of a job) and I found I could cancel other people's cheques without their permission, fortunately money transfers somehow didn't work - some other control was probably stopping it. I also found SQL injection in another bank's online app.
There are bound to be flaws in banking apps. Previously this wasn't such a problem because the only people using the banking apps were the bank's staff who had to be trusted significantly anyway.
In Soviet Russia, life is paranoid of you! Seriously, do you wear a tinfoil hat and kevlar vest? Did you ever think that someone might just mug you in the street?
Inside of a virtual machine, ie VMWare! It'll be double secure!
Security minded live distro. Phlak.
If it can't fit on a floppy(50mb,8mb..2mb etc), you might as well just use a live cd which is normally fully loaded.
Because if you have to boot from any media except a floppy, chances of you having to get into the bios and set the boot devices are high. So while you are at it, might as well get a full supported, fully loaded media right?
As for floppy sized distros, the only thing that comes to mind, is tomsroot
So you've got yourself a secure solution for online banking with the liveCD, and then your banking website tells you you need IE otherwise you can't continue. (And you really can't)
Interesting as some banks and companies want their clients to connect insecurely, no other options available.
I surf alot of sites that would get me in trouble with the [ wife | law | boss ] if they found out. It is paramount that there be no trace of my surfing habits left on the PC when I am done. What Linux distro can accomplish this?
A couple of months back, I tried to propose a similiar idea at my company for VPN users. Due to shortsightness, (read, its based on Linux), the concept never went to upper management for further consideration. In my company, we give home VPN users a set of detailed installation instructions, CISCO VPN Client install CD and a Secure ID fob. Despite this, we still get occasional support calls. Playing around with Knoppix MAME, I familiarized with re-mastering Knoppix, and realized isn't too hard; with the right set of instructions even a monkey could create one. I proposed distributing a live cd; essentially a stripped down knoppix cd, with a cisco client for linux, upon successful connection would automatically launch Terminal Server (www.rdesktop.org) to connect to our banks of Terminal Server. Some of the advantages that I pointed out cut down on existing support issues; Home users didn't need to configure with messy settings, Knoppix CD either works or it doesn't work. Bypass home computer hard drives (with questional viruses, and spyware). Works on almost any PC, thanks to Knoppix amazing driver recognition.
someone could have build a trapdoor into the eletroweak field when the universe was designed, so that every time someone builds a computer from raw ore, it inserts a dongle on the imaginary axis.
-I like my women like I like my tea: green-
If you are afraid of losing the CD and having whomever finds it figure out how to use it, just use the bookmarks part. It's unlikely that someone will be able to connect a keylogged uname and password with the correct bank name (especially if you click on the password field first and type it, then click on the uname field and type it second.
I mean, internet cafés are incubation sites, but the scammers/keyloggers aren't superhuman!
While no USB keyloggers appear to be available online, that does not mean they do not exist. They should not be very complicated to make. An on-screen keyboard is still more secure. Alternatively one could type the letters out of order, and then use the mouse to rearrainge them.
This post written under Gentoo-linux with an SCO IP license.
I'm been working on some ideas along parallel lines for some while - making a "computer on a disk" (live CD) so that I can take my environment, apps and preferences and data, anywhere I go. But one of the complications I'm anticipating is finding places which will let me use it! A cyber-cafe or a Kinko's would be stupid to let anyone come in and boot off their own CD (how many of them know what a "Live CD" is?), so you may be forced to resort to computers owned by friends - which is OK, if you only travel near places where friends of yours live...
So, it's a good idea in principle, but perhaps in practice your efforts might be better served by coming up with some kind of remote control setup - a secure browser-based means of contacting your personal computer back at home (like GoToMyPC but cheaper...), a kind of a proxy I guess. Then with that you wouldn't even need to worry about a keylogger - you could set up rotating passwords to access your PC (based on the hour of the day plus the date, plus your age, or whatever - a fairly secure yet memorable scheme should not be difficult to concoct) and keep your static bank passwords in your Mozilla password-manager at home, so at no time are you typing anything anyone else can use. (by the way, even if you're not worried about a keylogger, what about all the windows you can see from where you sit in that sunny cyber-cafe - ever heard of camcorders with good zoom lenses...?)
Would take some more setup time, but might be worth it. You wouldn't even need to leave your PC on 24/7 if you set it up to boot at a given hour every day, which I think most can do.
Perfectly Normal Industries