Slashdot Mirror

← Back to Stories (view on slashdot.org)

Knoppix Used in Internet Banking Solution

Posted by samzenpus on from the open-banking dept.

renai42 writes "Australian company Cybersource says it's currently talking to two domestic banks about providing Knoppix-based bootable CDs to consumers to ensure Internet banking security. The company says at least one bank will probably use the CDs in at least one sector of its operations. Cybersource envisages that banks will re-brand its product and provide the CDs alongside other marketing material."

16 of 263 comments (clear)

  1. Credit Card CDs would be better by LiquidCoooled · · Score: 5, Interesting

    Boot from a tiny partition of Linux on a CC sized cd. Give it duel use and let all customers have it available.

    The other security features on the credit card could be put onto the CD to ensure authenticity.

    --
    liqbase :: faster than paper
  2. Great Idea but... by shashark · · Score: 3, Interesting

    Cds can be as small as your credit card, besides being much more secure.

    But wait, how will one patch the CDs in case any security holes are found ? Rewritable CDs wont help either...

  3. Re:Great, but with some caveats by houghi · · Score: 2, Interesting

    To surf with knoppix you have to be using a cable/DSL ethernet modem or router, or have a supported dial-up modem and the ability to configure it.

    So what you are saying is that you need an internetconnection, just like you would need that with any other OS?

    --
    Don't fight for your country, if your country does not fight for you.
  4. Could be good, probably will be bad by 2ksilver · · Score: 3, Interesting

    If implemented properly, this would be a great thing. Assuming they can get around the wide range of hardware people use, without requiring much technological knowledge from the user, this is a much more secure way than windows. Keep in mind that the same people who are infected with 1000x spyware programs and don't seem to care are the same kind of people who have little idea how a computer works. This would have to be as user-friendly as possible to not scare off users or prevent people from using it. I bet this fails, but someone else takes the idea and makes a better version of it and it will take off. Does the average user know how to boot from a CD?

  5. Re:This will be viewd as a great idea.. by Sven+The+Space+Monke · · Score: 2, Interesting
    How about this - with the inclusion of UnionFS (gawdDAMN is that cool), have it so that, on boot-up, apt-get update & upgrade from a trusted source (possibly one the bank has provided). Display a message saying "Please wait, we're just getting any security updates needed to keep your account safe" with a progress bar during the process.


    That should solve that problem, I would imagine (unless the trusted apt repository gets compromised).

    --
    A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
  6. Cracked distributions by Sinbit · · Score: 2, Interesting

    How can we be sure the distributed CD is not cracked in some way?

  7. Re:Great, but with some SERIOUS caveats by sebster · · Score: 2, Interesting

    Well, one way to do this is to turn of the "boot from CD" option in the BIOS (which in many cases the spyware could easily do). Or in many cases (especially internet cafe's etc), this is already the case. Then the hard disk is booted (which is infected with spyware/malware) which then sees that the Knoppix (or other CD) is in the CD drive, and then boots it instead of booting the operating system on the hard drive.

    I'm not saying this is easy, and I'm not saying the CD solution is not 100 times better than the current state. What I'm saying is that when your computer is compromised, you should be REALLY REALLY careful.

  8. Not just for banks, but for everyone by usurper_ii · · Score: 2, Interesting

    I have posted about this before...but I think bootable CDs w/ a Read Only HD while you are online is going to be what everyone will have to be doing to bypass the virus problems we are facing now.

    Having used Ubuntu Live and mostly loving it, I agree with this post about problems with the modem, though. Even though it is possible to get the right drivers and get a winmodem going, bootable CDs are not really going to take off until all modems are picked up and configured correctly on the first try. When that happens, people will see that they can surf safely and Linux Live CDs will breakthrough to the general public.

    Again, modem support should be the number one focus of Linux Live CDs. When people boot up, they should enter the phone number to their ISP and logon. It should be that simple.

    Usurper_ii

    --
    Ron Paul
  9. The love/hate relationship with Knoppix... by EmagGeek · · Score: 3, Interesting

    At my company, they recently fired someone one the spot for possessing a Knoppix CD. My company views Knoppix as a hacker toolkit and nothing else. Anyone caught possessing or downloading Knoppix is fired immediately, complete with security escort to the door.

    Other places LOVE it... it's handy, useful, and easy to transport.

    I think one thing that would help this idea a lot would be if the CD booted into a VM. That way users would not have to do a hard restart.. just load the bootable CD into a VM and kill the VM when they're done...

    1. Re:The love/hate relationship with Knoppix... by Sven+The+Space+Monke · · Score: 2, Interesting
      Sweet merciful Zeus, what company do you work for that is so paranoid that it will fire employees for posessing a KNOPPIX disk?!? LiveCDs are by far the handiest trouble-shooting tools I've got for fixing borked XP installs. I'd hate to be in an IT dept that told me I wasn't allowed to use Knoppix simply because "hackers also use it".


      If you don't wanna say, you could always post it as Anonymous and say something like "Well, I dunno who the GP works for, but MY company [company name] is like that" :)

      Slightly OT, any ./'ers out there work for companies that have similar buttheaded rules? I don't want to work for or do any business with such companies. That level of paranoia makes corp cultures unbearable for employees, and I don't want to support that kind of behaviour.

      --
      A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
  10. GPL? by Anonymous Coward · · Score: 1, Interesting

    They say that they've taken the Knoppix source and combined it with IceWM for a 'simpler solution'.

    Don't they have to release this under the GPL? Would be interesting to see what they've done....

  11. Re:Convenience vs. Security by natrius · · Score: 4, Interesting

    Didn't someone mention a live CD that could autorun itself in QEMU when inserted in a Windows computer? That seems like it would be the perfect solution to me. No need to worry about hardware variability, and you'd be able to do all your banking in a virus-free virtual machine.

  12. Great Idea by Anonymous Coward · · Score: 4, Interesting

    I have been using Knoppix for all our banking since AVG found a Keystroke logger on my Wife's PC. KNOPPIX ROCKS. I also use it at Hotels where they have Business Center PC's.
    Knoppix is not just a good start, it is a GREAT start to solving the problems of infected Client PC's. Every boot is a clean install, and user settings CAN be saved to the HD if you really want.

  13. What I got from TFA by Anonymous Coward · · Score: 1, Interesting

    Most of the article described how hard a time the company involved was having to get their services used by banks. If I had bothered to read the article without someone pointing out the Knoppix angle to me, I would have missed it. Does the mere mention of Knoppix make us go gaa-gaa (how do you spell that?) or am I missing something profound?

  14. Flash Drives, No need to reboot by Eatmorecake · · Score: 0, Interesting

    http://johnhaller.com/jh/mozilla/portable_firefox

    Can anyone tell me if the idea of a USB Flashdrive browser would be any less secure?

    They would be more expensive, but surely a 56MB flash drive for secure online banking would be worth the equivalent of about $12 U.S. to someone who really wanted to do their online banking.

    Besides that, it would solve the update problem that everyone is rightfully griping about.

    --
    Don't you mean.. BIZZARO! ..Signature?
  15. Re:Fatally flawed by nmg196 · · Score: 2, Interesting

    If you hear that your bank will be sending out CDs and then you receive one, I think pretty much anyone might be fooled into trying it - even most techys. After all it's not like it's a common way to distribute a trojan, so you won't be expecting one. I mean, would you scan a Knoppix CD that you got from the front cover of a Linux magazine? Probably not. But who's to say that someone hasn't replaced the cover CD for one of their own? After all - the magazine's just been sitting there in a public place for a few days with no "firewall" on it - anything could be on that disc.

    You can't validate the CD even if you want to unless the bank has the bank has put the MD5 sum on their homepage. Add to that, the fact that no users will receive any kind of virus/trojan warnings and you're going to get a far higher "return on investment" that would by just spamming. For that very reason, you don't NEED to send out 1,000,000 CDs - just a few dozen to some people who have got some money. Even if only 5% of them fall for it (unrealisiticly low I think) it's still way more than the 0.01% of people that fall for phishing scams (or whatever the latest figure is).