Slashdot Mirror

← Back to Stories (view on slashdot.org)

Knoppix Used in Internet Banking Solution

Posted by samzenpus on from the open-banking dept.

renai42 writes "Australian company Cybersource says it's currently talking to two domestic banks about providing Knoppix-based bootable CDs to consumers to ensure Internet banking security. The company says at least one bank will probably use the CDs in at least one sector of its operations. Cybersource envisages that banks will re-brand its product and provide the CDs alongside other marketing material."

9 of 263 comments (clear)

  1. This will be viewd as a great idea.. by nfs3hp · · Score: 5, Insightful

    until the network administrators find a serious vulnerability and have to burn/press about 35602638023862 new cds to patch it.

  2. Um, what? by Anonymous Coward · · Score: 5, Insightful

    I can hardly keep track of an ATM card, now you're expecting me to carry around a big honking CD all the time?

    Pass

  3. news? by mnbjhguyt · · Score: 5, Insightful

    ...says... it's talking... one bank will probably use... envisages...

    and from TFA: Banks eye bootable Linux CDs

    wake me up when something happens, ok?

  4. Credit Card CDs would be better by LiquidCoooled · · Score: 5, Interesting

    Boot from a tiny partition of Linux on a CC sized cd. Give it duel use and let all customers have it available.

    The other security features on the credit card could be put onto the CD to ensure authenticity.

    --
    liqbase :: faster than paper
  5. Interesting idea for a very tough problem by brendano · · Score: 5, Insightful

    This sounds like a great idea, provided that the Knoppix can be user-friendly enough to figure out how to boot up.

    There's really no surefire way to ensure that a user's harddrive-installed OS is secure for banking. Considering the staggering variety of adware/spyware/viruses on machines today, it must be quite easy for a malicious malware creator to make a program that hijacks name resolution (change DNS servers, or the HOSTS file) for perfect phishing, or they could install a keystroke logger, or whatever else. If they got their bank-website-hijacking malware on machines in whatever way all today's adware stuff gets on, they could easily phish thousands of bank transactions every day.

    The prevalence of malware seems to indicate that people can't control or trust the programs on their own hard drives. If that's the case, they can't trust any of their online interactions. Since Knoppix kills your harddrive and all its flexibility, it's much more secure.

    What would be funny is if more and more institutions started demanding the use of bootable OS's. Our PC's would be reduced to a BIOS, monitor, and keyboard ... reminds you of the Apple II days, where you had to boot half of the operating system off a floppy every time you turned on the computer.

    --
    -Brendan
  6. Using knoppix in a bank..... by cheezemonkhai · · Score: 5, Funny

    Public Service announcement:

    All ATM's will now dispense Kash the new qt improved version of cash.

  7. Dutch Banks by Anonymous Coward · · Score: 5, Informative

    Hi, I'm not informed much about American and other foreign banks, but here in The Netherlands it works the following:

    (Almost all) The banks over here use a kind of calculator device. You insert your pass into it. Your normal pass you use for withdrawal from ATM's....

    You type in your PIN code and hit 'OK'. On the website of the bank you have to type 2 things. Your account number and the key generated after you hit 'OK' on the device. This key is different every X seconds (I don't know the interval).

    This matches with the interval the bank has running. This combination of pass ID, PIN code, account number and the interval is key to have access. You need all of them to get in.

    The websites session times out after about 2 minutes when there is no action anymore.

    If you want to transfer money, you get another screen. You have to insert the number shown on the screen into the device. After you hit 'OK', another number is shown on the device, you type this in the inputbox of the website. After it is verified, the transfer will be processed.

    If the amount to fransfer is higher than X, you have to process 2 numbers on the device and submit the generated numbers on the website.

    This is all done on HTTPS and works with most browsers.

    I believe this is one of the most secure methods I can imagine. It is not flawless maybe, but it works and there is much needed to hijack information from the sessions. Without the device, the pass and the account number one can do nothing. Without the PIN you still go nowhere....

    The device is small, portable and lightweight. Internet cafe's, at the office, at HotSpots, anywhere you can use 'safe' banking this way. As long as the banks website is online and within reach (no stupid proxies or whatever).

    Just my view on banking online....

  8. Re:Could be good, probably will be bad by Flendon · · Score: 5, Funny

    Does the average user know how to boot from a CD?

    Sure you just go into your bios and set your...I said your bios...You reboot and hit the...reboot...you know that thing Windows makes you do everyday...
    Um, that would be a no.

    --
    chown -R us ./base
  9. Dear CitiKnoppix Customer by DingerX · · Score: 5, Funny

    Dear CitiKnoppix Customer,

    For security reasons, we need to verify your personal information and update your CitiKnoppix(tm) software. Please send us your mailing address and we will send you a new CitiKnoppix(tm) CD-Rom. As an added bonus for taking part in this experimental customer service program, we will credit your account with $1000.

    Sincerely,
    CitiPhishing.