Slashdot Mirror
Knoppix Used in Internet Banking Solution
renai42 writes "Australian company Cybersource says it's currently talking to two domestic banks about providing Knoppix-based bootable CDs to consumers to ensure Internet banking security. The company says at least one bank will probably use the CDs in at least one sector of its operations. Cybersource envisages that banks will re-brand its product and provide the CDs alongside other marketing material."
Sounds like an interesting challenge certainly, but let me guess the bank's thinking behind this move..
If you use their traditional online banking service from a PC not booted using their CD, and subsequently get defrauded somehow, this will enable them to say "Ahhh.. but you weren't using our special software!", and ignore your complaint.
How.. nice.
http://twitter.com/onion2k
until the network administrators find a serious vulnerability and have to burn/press about 35602638023862 new cds to patch it.
I can hardly keep track of an ATM card, now you're expecting me to carry around a big honking CD all the time?
Pass
Ahh... how nice. Getting paid to customize knoppix cds. There's a bunch of folks that have their act together.
There wont be key-loggers, virus infested OS's Active X, IE, blah, blah, blah. At least this is a step in the right direction.
...says... it's talking... one bank will probably use... envisages...
and from TFA: Banks eye bootable Linux CDs
wake me up when something happens, ok?
A step in the right direction.
But it seems odd to me that if someone wants a one-trick secure browser solution, he'd use anything other than OpenBSD.
If you sit down and do the analysis (without regard to "religion" or fashion), and say, "I only need a secure browser," you'll likely pick a BSD and it will likely be either NetBSD (hw support) or OpenBSD (security).
I did a similar analysis, and came to this conclusion, after attempting to dispassionately evaluate the options.
http://www.thebricktestament.com/the_law/when_to_
This sounds like a great idea, provided that the Knoppix can be user-friendly enough to figure out how to boot up.
... reminds you of the Apple II days, where you had to boot half of the operating system off a floppy every time you turned on the computer.
There's really no surefire way to ensure that a user's harddrive-installed OS is secure for banking. Considering the staggering variety of adware/spyware/viruses on machines today, it must be quite easy for a malicious malware creator to make a program that hijacks name resolution (change DNS servers, or the HOSTS file) for perfect phishing, or they could install a keystroke logger, or whatever else. If they got their bank-website-hijacking malware on machines in whatever way all today's adware stuff gets on, they could easily phish thousands of bank transactions every day.
The prevalence of malware seems to indicate that people can't control or trust the programs on their own hard drives. If that's the case, they can't trust any of their online interactions. Since Knoppix kills your harddrive and all its flexibility, it's much more secure.
What would be funny is if more and more institutions started demanding the use of bootable OS's. Our PC's would be reduced to a BIOS, monitor, and keyboard
-Brendan
This is good if it takes off. It should encourage banks to make their online systems Mozilla friendly. My bank supports it to some extent but most of the "advanced" features rely on IE5.5+
When I say "advanced", I mean checking standing orders, direct debits, paying bills, ordering cheque books, everything other than 'your balance is..'
Andrew
Cds can be as small as your credit card, besides being much more secure.
Great. So first we have locked out all "not-the-latest-Pentium" computer users - and now we are locking out all slot-loading drive users? My bank uses a nice security device which is also credit card size. It's a, well, card with unique security codes. I can use any Web browser of my choice on any platform to access all the features. I prefer it this way, thank you.
No, I'm saying you need either a supported modem, or an ethernet-connected modem/router.
There are tens if not hundreds of millions of users in the world who use USB DSL modems, Windows-only winmodems, unsupported Broadcom wifi connections or password-protected proxies for whom this CD will be of absolutely no use whatsoever, except as a coffee mat.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
...to ensure Internet banking security
if you can make comments like that.
"Security is a process, not a product". Its a social problem as much as a technical one and I have doubt that whilst this could help, the scammers will get around it once it becomes commonplace.
-dgr
In theory it should be possible to extract the right dialin information from the windows registry. NTFS, FAT and the registry file format are all implemented in open source enough to give it a try. You only need read-only access.
Anyway, the read-only root certs and browser sound like a really, really smart thing. It should stop phishing and zombie pc abuse withoud messing with someones (possible infected) windows installation. This security should more then make up for the inconveniance of having to type in one phone number and a username/password.
I hope they make sure every tcp port is closed though. There is no theoretical reason why a knoppix distro can`t get worms/owned as fast as an average windows box.
Stop the complaining about how it won't work if you have a certain hardware configuration, or if you don't have a certain type of internet connection.
I think the power here comes in that the bank can offer it as an option. If it boots in your computer, then great, use it. Maybe they could even throw something like GnuCash so that people can keep better track of their money. I say, don't make it mandatory, but offer it as an option to help at least some users feel more secure.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
How will it do that? The bank can just instruct people to turn off their PCs at the plug, put in the CD, and switch it back on.
It's still 100 times better than the current state.
Get your own free personal location tracker
Online banking is successful / useful because it's convenient... that could be outweighed by security risks as malware gets worse.
However consider how it'd work with a bootable CD:
- shut down everything on my computer, save open documents, and all that crap
- find a CD
- boot to that CD (assuming it likes my hardware to start with)
- wait for it to boot... (ho hum...)
- do my banking
- NOT be able to save any info to my local computer (for checkbook reconcilliation, or any other local use) - I guess I'll now have to find a paper and pen to copy the info I need down...
- shut down again...
- reboot again to get back to normal operation... (la-dee-da.... ho hummm...)
- find the stuff I was working on before, and get back into the groove...
Does THAT sound convenient any more? I don't know about you guys, but my computer doesn't boot very quickly. We're talking a total of 15 minutes minimum just to go check your balance.
I can stop by the REAL bank on my way home from work easier than that. I don't see this as a good thing overall - even if it does provide the best security. There must be better alternatives (as mentioned in other threads).
MadCow.
I used to have a sig, but I set it free and it never came back.
It will be really cool if the bank provides Knoppix CDs for download from their web site. Complete with full source code and build instructions.
This isn't aimed at people who understand source code. This is for people who can't even spell ISO. For this to work right everything has to be streamlined and dumbed down.
chown -R us
I don't see how this improves security at all.
If the whole OS is supplied on a CD, that means that when you boot from it, there will be NOTHING on the PC to validate that the CD doesn't contain a virus or trojan. While this won't be a problem for the bank's real CDs, it will be a matter of days before people start being spammed AOL style with fake CDs though their doors which look exactly like the ones their bank sent out and some with a covering later saying that it's an upgrade or something.
Because you're BOOTING from the CD rather than using it to install something, you'll be bypassing your antivirus software and software firewall and there's no way that anything can warn you that the CD you're using is a trojan. It can litterally slip in right though your letterbox and into your CD-ROM drive without any checks whereas downloaded or web based applications have to go through your firewall and be scanned by your virus scanner in order to get onto your machine.
The CD could be set up to transfer your money into some else's account and because it was done by your machine on your IP with your user/pass it will be very difficult to pursuade your bank that you didn't do it.
This is an absolutely crap idea and most of the posts above seem to miss this point entirely. These CDs better have some pretty cunning holograms on them or something and the users need to know EXACTLY what they're going to look like before they get them.
How can we be sure the banks servers are not cracked in some way?
Are their any machines sold where the default isn't to automaticly boot from CD? I mean how would those damn "windows restore" CD's work then?
With windose you could probably set the auto run to automaticly reboot into Linux.
Think Deeply.