Slashdot Mirror
Washington Post Says Use Linux To Avoid Bank Fraud
christian.einfeldt writes "Washington Post Security Fix columnist Brian Krebs recommends that banking customers consider using a Linux LiveCD, rather than Microsoft Windows, to access their on-line banking. He tells a story of two businesses that lost $100K and $447K, respectively, when thieves — armed with malware on the company controller's PC — were able to intercept one of the controller's log-in codes, and then delay the controller from logging in. Krebs notes that he is not alone in recommending the use of non-Windows machines for banking; The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of booting a Linux LiveCD to do their on-line banking." Police in Australia offer similar advice, according to an item sent in by reader The Mad Hatterz: "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows."
A little two factor authentication would be nice to see in American banks. Passwords just aren't adequate any more.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Why not just a VM running whatever OS you want?
title says it all
You could also avoid getting in a deadly crash by using the city's free buses to get to the bank, instead of driving your Jeep. My hole-filled analogy to online banking is that you don't necessarily need to drop the entire operating system in order to be safe while banking online. There must be a ton of idioms that support me on this.
How about BSD?
Or even better, how about a modified build of BSD underneath a GUI based on a 25 year tradition of Human Interface Guidelines?
(Just askin')
I can see the fnords!
Ya, it stops key loggers, and that's great, but it aint going to do much for your browser security unless you keep your LiveCD up to date, and hey, who says your CD burning software isn't infected - implications on trusting trust and all.
How we know is more important than what we know.
Its not just "linux vs Windows" but "trusted boot": All you need to rely on is that the live CD is OK and your BIOS is not corrupted and you can effectively safely connect to your bank.
I use it myself for my Schwab account, with the added bonus of there is enough math to show active traders lose big, so don't trade active, which goes into play here.
Test your net with Netalyzr
"Washington Post Urges Thieves To Distribute Linux LiveCDs"
A few racks full of CDs in a highly visible place, or even cheap preloaded USB drives delivered right to the mark's front door along with a friendly letter explaining how running Linux would help improve security and thwart The Bad Guys could make your job of stealing from the clueless even easier than before.
It would be great if a Website would give it's IP Address on every login prompt and not direct to any other domains for it's login process. Then with NoScript, allow what Applecodescript to execute and what domains may interoperate on the page. Instead, Washington Post gives a false generalization that a Linux live CD will defeat all Phishing attempts.
Typical dead-beat wrong journalism. The next thing you'll know, the New World Order crowd will arrive to demand everyone get a License to use a computer, and then I'll start the GNU World Oder crowd that will dispel the New World Order crowd's false legal representations of Statutory law.
Well, don't do online banking.
Or, use a totally separate computer to do online banking. Only use the web browser to access one's bank account.
Or look for those "freeze" type software, which makes the harddrive essentially read only.
Also, it doesn't hurt to check which processes you are running, and whether any of those are unusual.
My bank implemented a system that asks you for three numbers from a physical card in addition to your regular password. This is so sucessful at blocking phishing attacks that such two-factor authentication has all but wiped out such security breaches to the point they now made it mandatory for all online banking. I have the inside word that they have not had a single case of sucessful (conventional) phishing since this has been introduced.
There is nothing special about a "Linux LiveCD" that ensures that the programs on it can be trusted. Most distributions still include binary blobs in their corresponding source code that can bring the kinds of problems for which Microsoft Windows is advocated against in the article. Thankfully at this point, you can get machines that run a free bios, support wireless, and run 100% free software. Depending on the value of your target and the determination of your attacker there is a software solution for you.
What about financial sites which use Akamai and javascript?
And require you allow javascript from Akamai....
The browser on a LiveCD may be out of date. How about a USB flash drive that can save your ISP settings and can update the browser? Banks could distribute them for the price of the flash drive as a safer option for online banking.
Twinstiq, game news
Devil's advocate here:
Of course, a diskless system running Linux would reduce the chance of malware on clients, but perhaps if a company is dependent on Windows, almost as good security (and I state almost) would be obtained from denying admin access and using something like DeepFreeze, Windows SteadyState, or similar?
Combine DeepFreeze with AppLocker, some decent enterprise antivirus utilities, BitLocker, and the usual physical and BIOS protection on a machine, and one can make a decently locked down terminal that can cleanly run Windows apps. Should additional software be needed, no need to install it, just use something like VMWare ThinApp and have it runnable from a central location.
There is nothing wrong with a diskless system and booting from a CD-ROM. However, unless one creates a custom image with reliable enterprise level auditing tools, it becomes difficult to extract data from a group of PCs (and this is important for larger businesses come tax season, or regulatory compliance), and it is definitely an issue to add or update software without a reboot, unless it is a precompiled binary on a central server that people run.
Also, instead of running live CDs, why not consider going to a vendor like Wyse and going with truly thin technology? This way, there is little to no fiddling with the client side. If a thin terminal has a problem, just swap it out for another one, chuck the old one in the RMA box and be done with it. This is arguably a lot easier than the cost for maintaining standard PCs [1].
[1]: I'm primarily intending enterprise level here. For some SMBs, it is a lot cheaper to go with a boot CD and a generic PC, but for larger companies, it may mean more futzing around with stuff for their IT staff, especially on the scale of thousands of endpoints. If I had a startup with a call center of 5 people, PCs are a lot more economical. However, 500 to 1000 people in a non-technical call center, then I'd take a serious look at thin terminals and a beefy internal network fabric.
Also, honestly, how many people do you think check the MD5 sum on an ISO? Hell, I've never had a RedHat/Fedora disc that passed its self-check. I gave up on that ages ago.
Please help metamoderate.
Out here in Singapore, DBS gives everyone a secure token. Its by far the safest way to bank online. No one save the most sophisticated of hackers could subvert a random number dependent login (definitely secure enough to keep away all the script kiddies).
A bank with any technical savvy would be immediately preparing a LiveCD/USB distro that boots as quickly as possible into a browser pre-configured with the bank's portal page set as the home page. The distro would contain nothing extraneous -- just enough for fast, safe banking. It would, of course, be thoroughly branded, but completely legit vis a vis source code and license notices. Give them away in the mail, or even sell USB drives.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
"Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows."
I mean look at this a cop is saying something reasonable and sensible. That quote is obviously faked and it calls the rest of the article into question.
In the immediate term, that seems like a terrible plan. Akamai are a reputable outfit; but they carry stuff for all sorts of people. Any domain-level trust/validation mechanism isn't going to tell you very much about something from them. Barring a fix, the financial site should host their own javascript.
In the broader term, it might be worth looking into further cryptographic mechanisms. For instance, with debian packages, you can safely download from an untrusted mirror or an http mirror that might be subject to man-in-the-middle attack because the packages themselves are signed by the original distributor. Cryptographically, putting forged packages on a 3rd party mirror would be as difficult as man-in-the-middle attacking an SSLed connection to the original distributor. At worst, you disclose the fact that you downloaded package X to a hypothetical adversary(that isn't optimal; but it is far less than it might be).
If, for economic reasons, web sites that need to be secure wish to use 3rd party hosting for some of their material, a similar signing mechanism might be employed.
I connect to https://www.hypotheticalbank.com/ SSL assures me that I am in fact talking to the right people. hypotheticalbank.com says "Please obtain 'functionsandstuff.js' from '3rdpartyhosting.org', 'functionsandstuff.js' has been signed with our key and has SHA-1 hash XYZ, verify before loading." This would still be incrementally less secure than pure 1st party hosting, since 3rdpartyhosting.org can, by looking at my requests, infer that I am likely accessing hypotheticalbank.com at a given time; but it prevents an attacker, even if they control 3rdpartyhosting.org, from mucking with the code that my browser will end up executing.
Tinfoil Hat Linux may be your best choice. THEY ARE WATCHING YOU.
Since a LiveCD doesn't save anything between reboots, it doesn't have a random seed that it keeps changing. Therefore the random number generator is initialized to the same state every time a system is booted (and probably to the same state for all computers using a specific LiveCD image). When the random number generator is in a predictable state, isn't the security of SSL essentially gone? To work around this, one can add some randomness to the random number generator on boot, but it is extra hassle. Something like "echo ssj s lsl sfi random hits on keyboard shdflsh sl fhlinaw nvnai dnsi >/dev/random"
Nothing is safe, even with Linux. The banks however can do much more to prevent attacks by improving their processes, not to mention educating the common user.
Comment removed based on user account deletion
Seriously. How in the WORLD was a keylogger installed on a bank machine?
This isn't rocket science. Securing Windows workstations is a problem that has been solved. Where are the IDS/IPS systems? Why are the users allowed to install ANYTHING? Why aren't they filtering the download of *any* executables from non-trusted sources?
The problem isn't Windows, the problem is the VAST majority of businesses that are running Windows aren't concerned about security. At least, not enough to pay for it (as in, paying competent admins and paying for the hardware/software necessary to secure the network).
In fact, in my experience, your average banks have some of the most insecure, cobbled-together, waiting-to-be-hacked systems around.
I agree, make people use linux, that way they wont know how to do anything!
Less users on the internet = less botnets.
I see what your sayin, I got yer message.
If you're relying on a seed that's saved from boot to boot your random number generator is vulnerable anyway. At least use the startup time to provide all or part of the seed.
LiveCDs are far to insecure to even consider using. Tin Hat Linux is an improvement but it's still far too unsafe for me to use; not with the Illuminati hiding around every corner waiting to perform cold boot attacks. That's why I choose to live in the Google opt-out village.
So if this is the future...where's my jet pack?
I suppose I'm gonna get modded a troll for that...
My ism, it's full of beliefs.
Huh? Random number generators can be seeded with other data from your hardware, such as the system clock time, reading PCI devices, or some random data off your hard drive. Every single time you reboot your system clock has changed. If you have a hard drive, the data on there has probably changed too, so you can just read some information off the drive at the block level (you don't need to mount it). Every user who uses a live CD has different hardware.
The problem is trivial at best to solve. It may not be the absolutely perfect solution, and probably not good enough if you need a true random number generator, but good enough for this purpose. You definitely won't be in the same state every time you reboot (at the very least the time changed).
Not Linux. Randomness comes from the time (hardware, persistent), but also from the randomness of network traffic and other driver miscellanea such as HDD head seek times, mouse movements, keystrokes, CPU temperature data, electrical noise on the power supply (with the right hardware)...
I can't say for sure, but I think Linux actually has the most secure random-number generator of any OS - excluding dedicated hardware. Enough that it can probably be fairly called true RNG instead for PRNG, as long as you use /dev/random instead of urandom.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
I've seen tellers browsing MySpace in IE on the terminals where they process deposits.
I never use Windoze for online-banking, can't even trust it with my files. First preference is Linux (simply because that is my desktop OS) and then Mac. Been doing this for years.
A live cd's a good idea but whats stopping an attacker from an ssh drop in? If you really need to be secure go into a teller!
Once your machine is compromised whatever you do with it is never secure. All someone has to do is install something like VNC and watch you log in. Copy your keys, snoop your keyboard, record mouse clicks, whatever. Two factor authentication won't help at that point.
This secure CD idea is probably more effective advice.
Weaselmancer
rediculous.
My battery is dead, you ignorant clod!
Actually, something like that happened at the Montreal Casino. The machines were shut down every day, so they would end up generating the same sequence of numbers. A guy named Daniel Corriveau noticed, played the numbers, won $600,000.
He initially claimed that he used chaos theory, and the casino claimed it was a bad random number generator. The reality was that the cmos batteries had been removed during development to make testing easier, and nobody put them back in, so every day, they started with the same seed. Simple incompetence. They paid the money after 2 weeks.
I really hate it that they always do this, blame it on windows. Instead of insinuating people on how to use windows and stay secure instead of distrusting it without good reason. I code for a living so I'm not unfamiliar with Mac OS X and several Linux distro's. And I know that both of them are as insecure as Windows if the same people use it without good knowledge of how to work secure with it.
I'm from the Netherlands, here 90% of the payments go by a debit bank card instead of credit. The advantage here is that fraud is a lot harder, since it is required to have a special device, my bank-card and my PIN number before being able to do an online transaction (some banks require a cell phone instead of this special device). Where as using a credit card only a 16 digit number and a 3 digit confirmation number are required, no hardware or secret code that is not on the bank card. So in my opinion usage of a credit card is way to simple and fragile and that's why there's so much fraud and it's so easy to catch by a simple key logger. (Using a key logger gives you only a small advantage in trying to fraud my debit card)
Trying to prevent fraud would be easier if banks came up with a good solution and stop using credit cards. It's great that using a credit card you can make an online transaction with just a few clicks but it is less secure and makes you spend money much more easier!
Just my 2 (or more) cents....
China is already doing this. Nearly all of the hardware arrives with spyware.
They have an optional system you can sign up for called SafePass. With this you either get a credit card sized smart card, or you use your cellphone (or both). When you want to perform an activity you've specified as needing SafePass (you can set what, including login) you have to enter the correct code. The card is one of the "push the button to get the code" things, the cellphone it sends a text message to. The code is valid for that login only.
It isn't the best two factor system I've seen, but it is pretty good and easy to use. It also has the additional confounding factor that your password is just a HTTP field, the SafePass code goes over Flash so there's two different systems for the different authentications.
Other banks may have it too. Don't assume they don't unless you've looked in to it. They often don't push it, but it is available. Another company I know that does it is Paypal. They'll sell you a key fob to secure your account if you want one.
So in the case of a properly designed security token, it ISN'T just data on the Internet. The reason is that it isn't as though the "something you have" is a card with a number on it or the like. If that were the case then yes, discover the data and you are good. However they don't work like that. There are two related systems that I've seen:
1) A card that gives you a number. What happens is when you want to log in, you push a button on the card/device and it hands you a number. However the number isn't fixed, it changes with time. You need the right number for the right time. The way it works is a crypto system. It uses the time and a key in the device to provide the output. The other end then can calculate the correct number needed. The only want to get the number is to have the device, or find out what the key is on the particular device.
2) A challenge/response system. Here you plug in a USB key or smart chip. The device you are connecting to then sends a challenge to your device, usually something in the form of "Sign/encrypt this message." Then again, public key crypto comes in to play. Your device encrypts the challenge or signs it or whatever and sends it back. The server checks that result against what it ought to get. If the answer is right, in you go.
In either case, the only way to get the data is to either find out the key, or to get your hands on the device. A simple intercept won't do it.
As for your "gun to the head" thing, well of course that gets around it. There is NO SUCH THING as perfect, unbreakable security. I think some geeks delude themselves in to thinking there is because you can build a computer that is at least seemingly perfectly secure. However in the real world there is no such thing as perfect security. There is only security that is better than what anyone is going to try.
I mean I can secure against your gun to my head thing: I hire armed, trained, guards. You try to come at me with a gun, they take you out. So you can counter that, you get trained snipers to kill them at long range. So I counter by traveling only in secure armored vehicles, so you counter by kidnapping my family, so I counter by securing the too, and so on. However at some point, I got past what you could reasonably do, and more importantly what you'd reasonably do. In fact, with good two factor authentication, I am already past it. You will not come and put a gun to my head to get at my bank account. The money isn't worth the risk. So I don't need to worry about that kind of attack. My security is good enough.
That's all it is ever about. That's even what it is in the case of extreme security. The government does not delude itself in to thinking that having tons of armed guys around, say, the CIA headquarters makes it impervious to attack. There are always ways to attack it. So why bother? Because it makes it impervious to any attack that anyone might actually be able to try to pull off. Yes, in theory you could find a way to kill all the guards, take the right people hostage, etc, etc. In reality, you couldn't even come close, you know this, and thus you won't even try.
It is secure against REAL threats, and that is what matters. Same deal applies to your bank account, however since you are protecting a small amount of money and not national secrets, two factor authentication and some vigilance on your part will suffice, armed guards are not necessary.
Here comes the issue of trusting the code that is distributed. Obviously, any program included onto the CD itself won't help.
For example, Mainland China, where all banks use the super-secure ActiveX technology to build their own authentication systems...
if your computer's already compromised, your computer's already compromised. But that doesn't mean banks shouldn't properly authenticate. Most of us are presumably not already compromised with keystroke loggers and whatnot.
I can see a whole new market for "Live banking CDs".
Hell I'm thinking of making my own, complete whith keylogger and spyware.
[you need] a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible
Yep, sounds like Linux to me :P
To make sure that you can use your computer for online banking without any data being read/written from/onto your harddrive, you might check out "Bankix" from Germany-based "Heise Online" (of H-online.com fame). They modified an Ubuntu-Live CD to keep the system from accessing the hard-disk using a modified kernel. Heres the original description (in German, of course). Follow this link, if you prefer a robot-translated English version.
Be broke like me. Have very little money in there.
Yes the title says it all.
We need to keep it simple people.
Facts:
1. Banks are keeping their costs down, they are not issuing hardware to all of their customers to generate one time keys.
2. Most people (more than 90%) run windows.
3. That the average user can not be sure that their computer running a Microsoft OS has NOT been compromised in some way.
4. A Linux LiveCD is able to solve the problem.
Put the CD in, reboot the computer, open Firefox, type in the URL for the bank and enter your user name and password. Simple and secure. Reboot and you are back to Windows. Nothing stored, nothing cached, and nothing saved.
When I say simple and secure. I am talking real world Joe six-pack security. If you have decided to bank online you have already given up worrying about DNS poisoning, compromised routers, man-in-the-middle attacks. If you don't want to spend the money for a Mac or a new PC just for banking, a Linux Live CD is a great choice. Not to mention you know it is secure, because you can't infect a live CD.
vi +
I am no expert. This should work just fine, right?
All a bank would need to do is set up their own live CD. All ACPI type stuff disabled and a boot menu that makes it easy to try normal video or framebuffer. Use a lite desktop like xfce, icewm or lxde and configure it to look as much like XP as possible. They could even use a custom firefox skin, have firefox autorun and the banking site set as the homepage. They can set custom DNS servers. Have a 2nd tab on the browser set up for "Help, with videos that show how to log into the bank, how to set up a printer if they want to print. How to save a printout as a pdf and save it to a drive or email it. The bank can keep them behind the counter where folks can't put altered CD's. Run a few Ads on the radio, have a few banners hung up in the bank. The CD should make note that there is NO SUPPORT if it works for you it is safer than windows and use it, if it does not work for you then don't use it. The CD jacket should also recommend a few CURRENT usb wireless adapters that will just plug-and-play with the LiveCD.
vi +
My bank (Bank of America) has optional two factor authentication. The way it works is you specify what it is used for. So login is an option (off by default when you get it), login on an unrecognized computer is an option (on by default when you get it), money transfer, adding a new bill pay recipient and so on. Now it asks you each time for the code when you do any of these things. So if you had everything on and logged in from a new computer you'd have to enter the code first to validate the new computer (along with answering a question). Then you'd have to enter a new code to actually do a login. You'd have to then enter a third code to add someone new to billpay. You choose when it asks (and for that matter if you want to use it in the first place).
So they already do as you suggest. Really, two factor security with banks is pretty good. It's not perfect, but no security is. However, it'll stop nearly all the attacks you can think of. You have to get MUCH more complex to get around it. Well, the harder you make a target, the less tempting that target is.
After all if someone has $5000 in savings and you can steal that with a 4 line Perl script, a thief probably find that worth it. However if to get the same $5000 you need a series of extremely complex custom programs that aren't even guaranteed to work and maybe increase your risk of exposure, well perhaps that $5000 isn't so worth it after all.
Compare it to money on the street. If there's a $100 bill laying on a bench with nobody around, maybe you just pocket it. Easy, risk free money. If that same $100 has a camera watching it, a strong guy by it, and a snarling dog on a chain near it, you probalby give it a miss. Could you take out the camera, guard, and the dog? Maybe, but it probalby really isn't worth the risk.
We use the old "Amish" type protection, almost full proof, but not so good on bad weather days...most MS windows users would not have a clue but the rest of you may know what I am talking about !
What in the holy hell do people who make costumes have to do with any of this?
If you are going to rob a bank anonymously you absolutely need a costumer. The costumer is the person who dresses up the bank robber in his archetypal stripped shirt and handkerchief mask. Costumers are typically blond with big... ideas.
"No fear. No envy. No meanness." Liam Clancy
And that they have it to hand when they're doing the transfer. I suppose you could say that anyone who's doing internet banking is likely to have one but even so, it seems a bit presumptuous.
One thing that might help would be to ban the import of desktop and laptop computers without smart card reader slots. Spyware can't take PKI data off of a smart card and there is only a small cost to add a chip to a bank card. If all computers had readers, banks would have a difficult time explaining why they don't use smart cards. My Dell keyboard has a reader and it works fine with PC/SC when I ssh to a remote computer. It also works fine to sign email, etc. This would limit the risk to an active exploit when the card is in the slot and a pin has been entered.
Yes, a hardened single-purpose Windows machine is almost as resilient as a Live CD. Almost. It is also infinitely harder to set up correctly and significantly less useful all those times you aren't banking. It is understandable why it is not the solution recommended for non-technical users or people who only want one computer.
...you might have a point.
Live CD's only exist because of the open (with a capital "O") nature of Linux.
I haven't really been keeping score recently, but this is still very much a case of "Linux 1 : Windows 0"
If booted from a relatively modern (and hence a bit faster and bigger) USB stick, to a OpenBox-like lean&mean window manager, no bells and whistles, right down to an open browser session window, that would do it. It will probably boot orders of magnitude faster than their crapware-ridden Windows box anyway. In fact I think that will turn heads faster than Steve Ballmer throwing chairs.
Beyond multi-factor authentication, there's another fundamental problem with many Bank websites. They only work in IE. It's difficult to convince non-power-users to drop a bank and go with another that works in Konqueror or even Firefox. This is especially a problem in a non-US country where every bank has the same problem.
Keep the security software on your Windows PC up to date.
That's why I have a subscription to Norton Internet Security, and I was able to download and install Norton Internet Security 2010 for free. NIS 2010 constantly tracks and stops all the major types of malware (viruses, worms, spyware and keyloggers) and also includes monitoring to stop you from entering known malware and phishing sites. And NIS 2010 constantly updates itself with the latest malware definitions if you're connected to the Internet.
Also, look at how you configure your home network router. It's possible that with proper configuration, you can stop a LOT of these malware attacks before it is stopped by a Internet security program.
If a Windows machine is hardened correctly, the security issues between it, and a Live CD would be almost identical. Someone using a malformed app to get to root/Administrator and then reflashing the BIOS, a nvram change to point to a hidden hard disk or the network, etc.
For more security, I would give the nod to the Live CD in this case. In theory, some malware could get in as a user, find some privilege escalation vulnerability, disable DeepFreeze's state process, and then be able to store persistent data, all the while running under a vetted program's process image that is whitelisted under AppLocker while being able to defeat ASLR and other security mechanisms.
I'm confused, are you supporting or disagreeing with my post?
Not Linux. Randomness comes from the time (hardware, persistent), but also from the randomness of network traffic and other driver miscellanea such as HDD head seek times, mouse movements, keystrokes, CPU temperature data, electrical noise on the power supply (with the right hardware)...
If you start the LiveCD only to use online banking there isn't much time between the startup and the time you need randomness for a secret key. The question is if there is enough time to gather sufficient entropy from the environment.
Others have suggested to seed with the current time, but that is easy to guess for an attacker. Netscape's original SSL implementation was broken because the PRNG used only the current time (in microseconds) and the PID as a random seed ([1], [2]).
[1]: http://marc.info/?l=bugtraq&m=87602167418753&w=2
[2]: http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html
The Commonwealth bank in Australia (and probably many others) sends you a random code via SMS to your phone
Chase.com does that when I log in to an online bank account from a computer that I haven't used recently. Except Chase.com can be set to use voice instead of SMS because some people still prefer a land line instead of exclusively using a cell phone or paying two phone bills.
This really isn't news, many companies, organizations, and even individual users are using Linux because of the slew of issues with Windows. Just look at the huge list of 34 issues that came out this month from Microsoft. Granted, there are many issues with Linux, too, but when you look at security issues with Windows/Linux, the number for Linux are far fewer. Personally, I use Linux for both my personal business and at home for everything I do. I only fire up my Windows XP VM in VirtualBox when I absolutely need to, which is hardly ever. I've found an open source program for each and every proprietary Windows program I used to use, and I couldn't be happier. Now, I can focus on using the computer instead of maintaining Windows and wasting time/money. http://members.apex-internet.com/sa/windowslinux
I boot into my Linux Live CD, but then I don't have any of my favorites. I just login to my email and use the link that my bank sent me
But the banking system here, requires the use of single use numbers for each online banking transaction. Your bank provides you with a unique sheet of them and if you lose it, you have to request a new one. Nor are credit cards popular with German consumers. Sites such as Amazon.de allow payment by bank transfer (Uberweisung). You can manually complete the transactions slip and give to your bank or do the same thing with your online banking. Any issue and the transfer has to be reversed. There are an awful lot more banks too - one just around the corner from me and at least three within a few minutes walk with real people working there and very, very friendly managers - if you're liquid!
Posts, MyBio or Sig, may contain satire, sarcasm, bolded nouns be sardonic or even witty & be Church of SD
We need a bare-metal virtualization solution for computers, so we can easily switch from OS to OS without rebooting. I'm not talking about a guest OS running on another host OS, as others have already pointed out the flaws in that, but really something like ESX for desktop computers (ESX would itself be perfect, except that it does not have a usable console). I'ld say they should have this feature built in to the BIOS of every computer, that way malware can't infect the hypervisor.
If you are trying to be safe, you have to realize that 'safe' is a probability, not a certainty. What is the frequency of this vulnerability relative to the frequency of compromised computers? If you want absolute safety,well you can't. If you decide to bank in person, you have to drive to the bank - risking your life by getting behind the wheel. If the average user has a choice between using his 'regular' browser that was downloading free porn and free photoshop via some torrent, or using a clean browser from a bootable CD, I'm willing to bet long odds that the frequency of attack will go way down with the live CD option. A frequently updated Live CD would seem to be a fairly practical solution for most users. I would also suggest that a bank supplied live cd that prevents surfing to other sites would be even better. The CD could have a jailed browser and a jailed 'something you have' key/value map that allows the bank to ask you for the value for their key. There may still be attacks, but the frequency with such a 2-factor authentication must be quite low, but not zero.
Think global, act loco
...we could get the bank employees to do that, so that I can be sure my money is safe. I'm not worried about my own use, but those that control my information, that's downright frightening.
The very worse I can see from what my bank lets me do on the web would be to transfer money from one of my accounts to another or maybe pay a utility bill for an exceedingly big amount. There is no way they can steal any money unless they can register as a bank approved billing and then pay themselves like I would be for the utility company.
1) firefox + adblock plus
2) effective spam filtering
1 is in the user's control. 2, hopefully handled well by the mail provider.
Of course, it's all about education, but the above two things will stop a lot of the cruft coming in, regardless of being on windoze or linux.
And if you're using a Windows system (locked down and using SteadyState or DeepFreeze or something similar), you can then easily print statements and results, save them locally, etc.
You can't do that (well, easily) with a Linux LiveCD.
And yeah, this Windows system isn't useful except for those times you're banking, contacting ADP, or other high-risk online activities. But it doesn't need to be anything high-horsepower. Any 5 or 6 year old used/surplus system you picked up for $100 (or if you're an established business, any of your old systems) can handle this. Add a $20-30 kvm to your main system.
For an individual, this setup is expensive or technically challenging. For a business with at least a semi-decent IT department, it should be easy.
(But I'd still want to a *REAL* two factor password system to make it proper!)
Of course, a diskless system running Linux would reduce the chance of malware on clients, but perhaps if a company is dependent on Windows, almost as good security (and I state almost) would be obtained from denying admin access and using something like DeepFreeze, Windows SteadyState, or similar?
Combine DeepFreeze with AppLocker, some decent enterprise antivirus utilities, BitLocker, and the usual physical and BIOS protection on a machine, and one can make a decently locked down terminal that can cleanly run Windows apps. Should additional software be needed, no need to install it, just use something like VMWare ThinApp and have it runnable from a central location.
Excellent idea. Once you have finished paying for all that, you might reflect you could have had as good or better security for the cost of a download and a CD, or alternatively just a single magazine purchase, most Linux friendly mags include a LiveCD of one sort or another.
I don't believe the article was aimed at enterprise level solution and costs, but rather how Joe Noob can access his online account safely.
You must use a security token and you MUST make the bank account number of the recipient (say for any transaction bigger than 'x', and put a limit on the number of transactions per day, etc.) part of the cryptographic challenge the security token answers.
Do that, and it's good-game lowlifes.
There are banks in western Europe doing that as of today.
If it's done correctly, good luck hacking that. Basically you need to break cryptography as we know it today to defeat that scheme.
How retarded are the developers/managers/etc. in all the banks that do not have that implemented yet?
Sure they exist. And none of the common attacks use them.
Oh, and using a standard PC (like people do now) is also vulnerable to hardware loggers, so this isn't a step back.
Get friggin real. One can always come up with a hypothetical attack on any security system. It doesn't mean that you've weakened your security or that it's a step backward.
This posing as semi-technoliterate doesn't move things forward, and that's where we need to be.
Instead, Washington Post gives a false generalization that a Linux live CD will defeat all Phishing attempts.
How is that a false generalization? If you are using the LiveCD (any OS), and do not use it for ANY purpose other than directly logging into your banking web site... then you're immune to phishing simply because you are not exposed to it on that LiveCD.
which bank? This is a huge sale point. I am looking to switch banks soon, so this would be a huge influence on which I choose.
I thought the target audience of the article was small businesses and consumers running Windows who need something simple. For many medium and large businesses, the things that you describe are becoming common practice anyway.
Please tell this to my bank. The ONLY reason why I still have Windows running on my laptop is because this stupid bank needs me to use a USB device (from Gemplus) that is, by the way, recognized by Linux. The issue is that the site uses a stupid ActiveX to check for the internet token. What is my alternative here? Change bank? Thanks, but no thanks ...
Let's see (even for the enterprise), $0.10 cent cd (max $50 deployment cost for stack of a thousand cds) vs thousands of dollars in hardware, software, and support. All that money and time, and it is not clear exactly how those solutions would still solve the security problem. I might go so far as to buy some sort of virtual machines with read only images, and the cost of just one machine in the office dedicated to being the secure machine.
I think I would rather be the guy in a board room pitching the $50 solution rather than the $1,000,000 solution.
Personally, I went with an all linux / opensource office from the start.
Living in Chile
Well if a linux live cd works, why not have each bank build their own live cd and certified application? Add in a required token as well while you are at it. Drop the web browser completely. Only give the discs out through the bank teller visit, never by mail and iterate that fact.
Even better, completely eliminate the disc (to keep random thieves from mailing random cds to random people for phishing) and make a secure boot from usb iron key type system with it's own processor that can verify upgrades and a separate authentication dongle. Since the iron-key can be securely writable, have it written at the bank teller a user id that has no use but for authentication internet banking already entered.
Much better, develop a bank pad.. Like a crunch pad but does nothing but banking. Require a usb dongle to plug in to authenticate. Export data by email if needed but otherwise offer no other way to access.
We mostly dont want to trust the operating system that can be compromised.
Consider yourself blessed if you are sneezed on by a dragon and only get wet, it could have been a fireball.
I'll be that you can't think of a single attack against a live-cd that isn't applicable to a normal PC.
So put up or shut up, dude.
On the other hand, I can think of a number of attacks which are prevented by this.
But the bottom line is that you're passing out extremely bad security advice.
Sure, your burning software may be infected. It could've been infected by malware on the intarwebs, the developers who coded it may have infused it with malware. Your BIOS EEPROM in your brand-new computer could've been corrupted with malware by a delivery guy, someone in the store, or even someone at the computer factory. Your imagination is the only limit as to the ways anything might be somehow corrupt and be a security risk. Regressive arguments, assumptions, and circular reasoning are the way with security, nothing illustrates the Münchhausen Trilemma better.
So no, there's no way you can ever be 100% confident you're secure. You simply have to take reasonable precautions, make reasonable assumptions, and hope you're not overlooking something that's reasonably possible.
Just wondering.
IANAL but write like a drunk one.
People with no cell phone can go screw themselves.
If your bank advertises "free checking" but requires that each account be associated to a unique mobile telephone service contract, what is the law about false advertising in Australia?
The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.'
This is not the success of Linux, but the utter failure of... I blame all involved... to deliver a secure eCommerce platform.
When yahoo will render a perfectly forged email from "ebay.com" in two thousand-fuckity NINE, you know the Internet is a joke. SSL certificate policies are jokes. Web apps are a huuuge joke. Web browsers are a joke... it's just a really big toy. God I hope it dies. How about some GD regulation instead of proving once more that left to itself, the 'market' is a nice word for lots of greedy people who don't give a fuck.
I hope my grandchildren can use computers for business and pleasure -safely- without needing to understand the technical underpinnings of the entire electronic ecosystem. Usability needs to trump the desires of computer nerds. When you ask, "What will this be used for?" "Anything" is the wrong fucking answer, _EVERY_ _TIME_.
Like I suggested in August: http://slashdot.org/comments.pl?sid=1347481&cid=29198657&art_pos=4
The banks should distribute a locked down version themselves. Then they can even build in extra authentication in the browser and minimise other programms with possible weaknesses
---
Make a bootable Ubuntu click drive and boot your windoze PC from it to do on-line banking. If you dare.
Instead of trying to get people to use a LiveCD, why not simply package a LiveCD as a VMware Player (or similar) appliance? Speaking from a support perspective, I think the feasibility of getting your average user to comprehend downloading and burning an ISO, figuring out how to select the CD as the boot drive, getting networking up and running, and understanding that there's no "Big Blue E" to click on in Linux is significantly less than what the author of the article thinks it is. An appliance with a hardened OS would eliminate three out of those four problems, and if banks would customize appliances for their users, then the operating system could be configured to automatically open Firefox and direct them to the online banking site.
You can get Windows live CDs, though you either have to build it yourself with tools like BartPE or download a pirate copy from somewhere.
Http://www.tntshoes.com
we are a prefession online store, you can see more photos and price in our website which is show in the photos. ,sunglass.
All of our product is best quality, but the price is so cheap, we are selling all new nike shoes, t-shirt, handbag, hats
we accept paypal as payment service , and offer free shipping. T-shirt : A&f polo lacoste coogi Bape evisu D&g BBC LRG ed hardy JUICY etc $11-$17free shipping If you are interested please chat with me or email me by , we open a online shipping store, hellow our website is see our website in the photos attached, you will find all we have in our website and the price for them.
OUR WEBSITE:
YAHOO:shoppertrade@yahoo.com.cn
MSN:shoppertrade@hotmail.com
HTTP://www.tntshoes.com