Slashdot Mirror
Can Ubuntu Save Online Banking?
CWmike writes with a pointer to this ComputerWorld mention of an interesting application of Live CDs, courtesy of Florida-based regional bank CNL: "Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu bootable 'live CD' discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL's Web site. 'Everything you need to do will be sandboxed within that CD,' [CNL CIO Jay McLaughlin] says. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking." (But what if someone slips in a stack of doctored disks?)
(But what if someone slips in a stack of doctored disks?)
What do you mean, like a disk that would boot Microsoft Windows instead?
Tequila: It's not just for breakfast anymore!
What about infecting the BIOS?
Isn't the point of online banking that it is convenient? And easy? For me, booting from a Live CD may be a piece of cake, but for a lot of people, it's far from that.
Even if it is a great idea, 98% of the population won't latch on to something like this, and the 2% who might are probably already running linux
This isn't a bad idea....
I do something like this for some of my clients that are concerned with security. ... that is unless I can convert them to Linux on a permanent basis :)
The majority of users I have contact with resent having to enter passwords/user-verification at all. With banks they do, often at least, appreciate the value of the process. But they still take every opportunity to minimise the process, so what're these users to do when they can't have Firefox (et al) save their username/passwords?
Personally, I'm thinking they'll go back to using Windows, which can't be reasonably prevented by the institution, without cutting off a large user-base. Still, a nice -and, to me, novel- idea.
(But what if someone slips in a stack of doctored disks?)
The important question is will the entire endeavour decrease the amount lost through fraudulent OLB transactions, and if the cost (producing the disc, customer dissatisfaction of having to use them etc.) is worth it for the expected decrease in fraudulent OLB transactions. In order to understand this you'll have to analyse a whole bunch of 'what if' questions, and the one above should certainly be one of them.
(OK, sure in reality the bank might expect to see a benefit from appearing to go out of their way to protect customers from fraud, even if the solution has no net value)
That doesn't stop local software-based keyloggers from just logging the keys someone punches on their keyboard introduced by some virus/trojan/malware and then later just logging into the account.
The desktop and when I restarted my computer the file was gone. Where did it go?
So it sounds like some of the point of this is that it's on a static iso9660 filesystem, and so viruses/malware cannot be downloaded to it, but what about security upgrades? With the news about webkit hacks today, and the Firefox security bugs recently, I'm not sure I'd trust my online banking to an unpatched OS from months ago.
I suppose a quarterly release by mail might alleviate some of the concern, but how much damage could a botnet owner do to a few million identical unpatched systems in 3 months?
Lots of Utah state government employees who work from home (for example, people who do data entry for Dept. of Workforce Services). It's worked pretty well, bypasses a lot of problems.
THL phish sticks
I don't think its a question of difficulty. It would be a total pain in the rear if I had to reboot every time I wanted to get on my bank's website. Or do I keep a dedicated bank terminal ready to got at any instant?
Actually, yes, you could have a "dedicated bank terminal". Take the old PC that is getting replaced, boot from the Linux cd-rom, use it for banking, and let the family screw up the new computer with trojans and malware while you enjoy relative peace of mind. I know a few families that have gone this route. They could care less about FOSS and its philosophies or politics, they just like the practicality of the solution. This is how FOSS can make inroads to the public, through practicality, not through ideological conversion.
How is cross-domain XmlHttpRequest() a good thing, although, how is it a bad thing?
signature is pants
Surely if its a one shot thing, a customer version of webconverger or maybe slitaz?
The problem isn't online banking per se, it is the ease with which even savvy users can be duped into fraudulent online transactions. The solution must be much more general. Also, if every place we need to do a secure online transaction requires the booting up of a LiveCD or similar, gods help us. To say the least, that is not a scalable or generalizable solution.
The majority of users I have contact with resent having to enter passwords/user-verification at all.
Yeah, personally I'd prefer to use a custom-built USB key for this purpose. An USB key provided by the bank, that doubles as a crypto device to proof you are who you say you are (because you have that particular device). Perhaps in combination with something simple like a PIN number that people use anyway. Built-in software maintained by the bank over secure connection, read-only when running, perhaps a small user-area that's only writeable after authentication.
Problems come when people want to use it for more than just banking. What if you want to do online shopping with it? Find your deal, reboot, make payment, then reboot again to continue shopping? That wouldn't work. So the bank-provided USB key would have to support basic web browsing. Add some more use scenario's, and you need a lot of things that users have on their computer anyway - and many of the same maintenance headaches (for the bank, in updating that USB key).
So if you can limit the functionality enough to minimize maintenance headaches & still be practical at the same time, it just may work. If included functionality would keep ballooning: dead end.
What if, after the banks discover this as a way to increase security, software companies start to use this approach to provide a dedicated environment to make their software run even better? We'll spend half our lives waiting for live-cd's to boot.
It also doesn't allow security update to the Live CD, so if banks start giving these out on a large scale, then "security by obscurity" goes out the window
All your 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 are belong to us
In theory it is a fantastic idea to promote security and virtually prevent problems. In reality, here is what you face: 1. User inertia to do this because it removes some of the convenience of online banking. Maybe Joe and Jane Smith who would be using this would be less savvy than your average computer user and still find a way to bungle things up despite this being totally sandboxed. 2. The fact that this is openly downloadable - Criminal networks can now simply obtain CNL's distro and systematically look for a weakness. A weakness with Linux is generally in order of magnitudes harder to find than Windows. It might work if, you have a system where you must be a customer of the bank and the distro you download comes with a unique certificate tied to your identity. But the reality of online banking is that it is an inherrent security risk. But even then, it is not quite perfect.
Similarly, you could build an customized VMWare image and package it with free VMWare player offering.
But you'd need a Windows license if you want a Windows image.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
What I have had in mind for a long is something even more mobile - a credit card sized micro computer with a number pad and a simple LCD display. Sortof like a calculator.
The OS on that has the public key of the bank and it has it's own private key for the owner (and the bank the corresponding public key). Thus it could use any medium to communicate with the bank, no matter how insecure. Maybe via a USB-dongle which you attach to the PC you are using. For online banking, you just go onto the bank site, no login there, and when asked for credentials you enter these on the card. Transactions get shown on the display of this unit, "You are about to transmit $349 to someShop.com, enter PIN" etc. As long as customers know to only trust their cards you could use the most malware infested PC in an internet café and nothing would come of it. And even if some phisher convinces the hapless user that their card is broken and they have to enter the PIN on some phishing website, they still don't have the public key and thus can't do anything with it.
You could also use that in your grocery store, and prepare offline packages (with your public key) "pay $56 for this meal to the owner", enter your PIN and the waiter sticks the card somewhere it can communicate with your bank.
Did I just solve online banking security? :)
Did the banks adopt your idea?
Nerd rage is the funniest rage.
But if the Live-CD is *only* used to access the "safe" bank site and it's only On ten minutes every couple of days it would be much harder to attack.
Personally, I won't need this: my bank uses SMS confirmation codes.
Dilbert RSS feed
Since when does online banking need saving?
If I was into phishing I'd build such a CD (pre-set to my spoofed bank site of course) right away and mass-mail it out to everyone with instructions on how to use it. Pick a big bank and you should get enough hits to make it worthwhile the CD printing cost!
Or, how about let's not do this? Technical "solution", social problem. Good luck...
If this works (and it is at least creative) it will have little to do with the security of linux or of a live CD. It will be in getting customers to change their online banking behavior, being willing to take an extra, obtrusive step, reducing convenience in the name of security. Which is quite the opposite direction that banking has been going for a while (ATMs, online banking, mobile banking). Which then begs the question, what about mobile banking?
DVDs are cheap enough that just putting up a message "Please pick up a new DVD." would work.
The rebooting is a bit of a pain, but probably worth it for those running XP. For Vista or Windows 7 users with adequate security, I think it is possibly less necessary.
Included instructions on how to print statements/receipts to PDF files (say, on a USB stick) would be handy.
Also, why stick with Ubuntu? I find on an increasing amount of machines that the newer versions of Ubuntu do not 'just work' - especially since 9.04 and it takes forever to boot up a liveCD on any older system. I've found that 9.10 in particular tends to fail on anything slower than a dvd-rom, plus who needs all the bloat of a Gnome desktop? Better perhaps to configure Puppy linux with Firefox to boot up in full screen mode with sites limited to the online banking site. Boots up in hardly any time at all and can boot off a thumb drive. Far better solution in my thinking.
sudo mount --milk --sugar
That was my first thought, but I'm also old enough to remember having to drive to the bank and wait in line. It's far more convenient to reboot with a CD in your PC than it is to go to even an ATM machine. With the proper marketing this could go a long way towards reducing online fraud.
The point of the LiveCD is that there it is rather difficult for hackers to compromise (owing to the physical, unalterable nature of the disk image). It has nothing to do with obscurity--the point is that each time they boot a verified, trusted disk image and then go straight to the bank's website--without a keylogger in the motherboard there aren't really any useful attack vectors.
That's a great idea.
Especially since the technology for building your own pre-owned version of Ubuntu, writing it to a CD-ROM and then printing a bank logo on it is very complicated and expensive and thus completely out of reach of all but the most well funded banks and governments, so we won't ever see anyone tampering with this process.
Simply brillant.
This might be a cheaper method by far, but wouldn't it make more sense to send your customers an authenticator (fast one time key to enter along with your user name and password). It would be far less technical than the live CD and filter out the majority of key loggers. I don't know how well the live CD idea would stop phishing attacks, most users will simply click on the link in the email to "confirm" their account information rather than booting into the secure operating system only to find out that that there is no area of the site asking them to confirm all the information that was in the email.
Microsoft has cut a deal with China Construction Bank, the second largest bank in the world [by market capitalization.]
Microsoft China on March 23 inked a MoU with China Construction Bank, the nation's biggest real estate and mortgage lender, on strategic cooperation.
Under the MoU, both sides will build a new generation online banking IE browser on the base of Windows Internet Explorer. In addition, they will jointly solve problems regarding to certificate management, browser safety monitor system allocation, multi-language version and etc. The new generation USB Key will own non-clink consumer installment function.
CCB expects to top China's online banking market and the cooperation with Microsoft will help improve its online banking service further, said Fan Yifei, vice president of the bank. Microsoft will continue boosting China's online banking market, pointed out Simon L. K. Leung, chairman and president of the company for the Greater China region.
Actually, it is not the first time for the Chinese bank to cooperate with Microsoft. In order to promote online banking software, Microsoft cooperated with a list of commercial banks in China before the launch of Windows 7 and CCB is one of the latter.
Microsoft, CCB to Build Special IE Browser
CCB has 16,000 domestic branches, and has expanded overseas to Singapore, Frankfurt, Johannesburg, Tokyo and Seoul. In June 2009, CCB opened its New York Branch and a wholly-owned subsidiary in London.
What about OS and application security updates? It's kind of hard to patch a read-only CDROM :P
Unless they plan on sending you a new Live CD every time a new Firefox or Linux kernel security bug is patched, many users would be vulnerable to attacks within a few months of this CD being released. A smart phisher will eventually construct an effective "man in the middle" style style attack using whatever security holes are discovered, and the bank would probably take at least a week to develop, test, and ship new CD's that have the issue patched.
There's a ton of unpatched vulnerabilities in IE. There's even some in Firefox (and if you start adding plug ins, which you have to do to use the web, there's lots). I've gotten viruses from embedded PDFs in youtube comments.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
You could use token authentication and just allow the disk to keep a cookie that logs them in with minimal interaction (either nothing or a short password like their pin).
Also, just thought you might like to know... Et al. is short for et alii and translates literally as, "with others." etc. is short for et cetera and translates roughly as, "with other objects". There is a people/things distinction. So if the other stuff is people, "et al." and if the other stuff is things, "etc.".
Not necessarily, there are ways of doing this, such as doing an MFS style image with signed patches downloaded as need be with a CD being provided from time to time as the patches get larger. Additionally the only meaningful difference between a BoA disc and say one from BECU would be where the homepage linked to. There's no particular reason why the discs need to be bank specific.
this would be a reasonable use for a trusted computing platform. It is ironic that the big companies discredited the method by not protecting the user and his rights but getting wet dreams about doing drm (and then fucking it up even for the people willing to live with it).
Seriously. Booting from a CD without an additional authentication mechanism does not solve the problem. Ii is just a fix to the fact that on nowadays computers, the way which code gets installed in the system is still an pretty undefined one. We have heard of malware flashing viruses or hiding in firmware. How many users would recognize it (or could - that is given rise by hidin the diagnostic screen with a non-informative advertisement of the manufacturer) if the computer does not boot from a cd but first from the hd and then the CD? Especially if the user normally does not see linux booting.
Moreover, putting users in an unknown environment usually increases their susceptibility to social attacks, also because they already have the feeling that they are "doing a lot". During all my live as administrator i always ezperienced that users like snakeoil. The more curious and unknown it is, the higher their feeling of security. People ask me: Do you use Linux because its *more secure* than windows, which makes me laugh. While i appreciate the better control on linux (using it since 1995 and as my only desktop operating system at home since 2000) and believe that you *could harden* it more than you could, for example windows 98, i am not sure if a hardened version of windows xp (not that MS would allow everybody to do something like that; and i dont consider windows vista or windows 7, because they are out too short) would be less secure. Most of the security of linux was tested in a server-setting, and many features on the desktops are implemented with a high fundamental security cost. So if i would be a criminal, knowing that the ditributed CD is probably not updated as often as it should be, i would probably try to social engineer attacks on "how to open an excel file in the linux distributed by then bank", congratulating that this is perfectly save because its not windows. Opening an excel file is not normal you say? I say it is. Many people keep their financial data in spreadsheets. Knowing the exact version and the fact that the user will be even more helpless than usual and that Linux will not write on the harddrive (no logs!) you probably get him to click on anything.
So, yes i believe there may be an good effect in the beginning. Until the method becomes widespread. And then it will even be more nasty, with users getting rid of all responsibility.
I have another suggestion. In indonesia i have seen that the cheapest Nokia phones sell for about 30 Euro. They have GSM, a CPU (enough for signing a document of a kb i guess) and a display and a smartcard interface. if you want to have it secure, give these to customers some hw like that (in one shape or the other - if you like you can also make a low-cost version without battery and gsm to use usb for transfer and power) with a firmware doing a token and signing the transaction displayed - upon the user pressing the button on the token. Let the users use the PC, then let the transfer confirm on the mobile and they can use safely practically everywhere.
Or just do your online banking from your smart phone. Sure, it might have come pre-infected with a botnet, but it still probably doesn't have a keylogger running.
If the banks simply created a custom disk for every customer, that included things like passwds, accounting software, etc. It would not be such a pain and people would try it. The feeling of security that the bank and the customer would get out of it would be worth it.
The only downside is that the disk itself could be stolen, but then so can your bank card or visa. The other obvious problem is that people may think that the reason the disk is safe is because it's Ubuntu and just install it on disk, and then use it just as insecurely as they do windows.
once more into the breach
You mean, like civilized Europe and WoW players have, but US banks still don't issue? *sigh*
What a great Idea
no matter how good it is, it is human nature always wants to make things better
Honestly, I just read that entire thing. :\
Better yet, is it possible to create a cd with virtual machine or emulator that could be bootable OR just run from windows automatically? and run a minimal linux/BSD distro, directly to a web browser, to the banks' website.
Work like you don't need the money, love like you've never been hurt, and dance like you do when nobody's watching
Aye. With a static /etc/hosts to avoid DNS hijacking/mischief *, the bank making their own CA which is the only one included in the browser's configuration, and client SSL certs, you're pretty much safe.
* Downside is that of course any IP change will require new disks to be sent out.
Get your own free personal location tracker
Unless they plan on sending you a new Live CD every time a new Firefox or Linux kernel security bug is patched, many users would be vulnerable to attacks within a few months of this CD being released.
Er, no. If you've got a distro with no open ports, firewalled as well, that can only get to a single IP address on port 443, which doesn't let you connect unless the remote server's SSL cert is signed by the bank's CA which is the only one in your browser's CA list - where does the vulnerability come from?
Get your own free personal location tracker
If you are going to go to the expense of creating and distributing physical media, just implement two-factor authentication.
SECURITY NERD RAGE! RAUGH!
In my opinion, pressing a little button on your bank-branded, credit card-sized PIN generator (such as the ones I have from Bank of America and PayPal/eBay) you keep in your wallet next to your credit cards and ID is waaaay easier than trying to remember what bullshit answer I gave to yet another off the wall "security" question. It's clearly much more secure.
obviously no deficiencies vs. no obvious deficiencies
Here's the chief reason why Live CD's probably won't work:
CNL is seriously considering making available free Ubuntu Linux bootable "live CD" discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL Bank's Web site.
The entire purpose of online banking is to allow its subscribers to conduct their usual transactions in a way that integrates with their daily workflow. This runs completely against that goal, since the customer would have to reboot their computer (which is an impractical solution in some situations and an impossible one in others) just to check their balances. Completely unacceptable.
The approach that I think is more practical (along with others here) is virtual PC access. It would be killer if each online banking customer got a small, special-purpose Linux-based virtual PC that can only be controlled by their own Java clients and can only access their regular online banking web site. Of course, it would probably have to be on a completely isolated network to be more effective. That would be both isolated enough and practical enough to be a secure alternative to the way we bank online today, though I'm sure this is hardly trivial to implement...
SMS? As in text messaging? You mean a completely unencrypted plain-text signal broadcast for miles in every direction that can be traced to your identity with a reverse phone book look-up and with known data-mining operations operated by criminal organizations, police and intelligence services throughout the world?
Should I shut down my Ubuntu and boot Ubuntu instead?
I made something like this in the past just as a proof of concept with openSUSE 11.1 and the use of SUSE Studio.Was not to hard to make and with a bit of effort could be done much better.
Boots into GUI with Opera as GUI. It was just a proof of concept, because will you trust the following?
Disk Image for e.g. USB stick
WMware Image
Life CD Image
So trust might be one reason not to use it. Another reason is that unless you run VMware, it is pretty inconvenient to reboot your PC to do banking. People who will use this, will most likely already be aware of what security is and thus not really need it.
Don't fight for your country, if your country does not fight for you.
What about users with Quicken or Microsoft Money? Or even GnuCash? With a live CD, I can't store my financial software on that CD. And making the Live OS capable of writing the downloaded transactions to a computer is more trouble than most users will want. LiveCD is a great idea for *looking* at stuff, but it won't accomplish much else.
A VM is not safe from the host.
Where do you folks get this stupid idea?
Lots of idiots have so far suggested, and I want to know where it comes from. Is there some sort of "we post on slashdot, but don't know a fucking thing about computers" club?
If you're distributing your own discs, you could just use DNSSEC and include the cert needed for verification on the disk itself. Similarly, making your own CA isn't really a good plan if you want to serve customers who don't have this disc, but the disc can have no CA certs installed on it and just have the verification data for your site.
What can the bank do for me?
why not have peck create a custom version of their "email" device that can only interface with a specific bank?
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
There are solutions out there for this, all of which will be secure even if someone deliberatly set up a system with the goal of capturing bank account info (such as hacker messing with machines at an internet cafe):
Little calculator type devices where you enter transaction details and it gives you a 1-time-use code that goes into the online bank form
One-time-use codes sent by SMS or snail mail (or by picking them up directly from the bank)
Keyfobs that display codes you enter into your online bank form
USB keypads where you enter your ATM PIN (possibly inserting your chip enabled card into it also), the data encrypted by the keypad and sent to your PC via USB that then sends it on to the bank.
One of the best systems I have seen is PassWindow which doesn't require extra hardware.
http://www.passwindow.com/ (no I have no connection to these guys, I just really like their product and think its far more secure than the methods most banks are trying like challenge questions, pictorial passwords/challenges whilst not having the extra costs of PIN pads, keyfobs or calculator devices. Its more reliable than the one-time use codes (SMSs may not always make it through, people may accidentally erase the SMS and loose the codes, people may misplace the physical letter with the codes on it, whatever)
And it can work on essentially any device with a full web browser that can display images including mobile phones, games consoles, internet kiosk terminals, locked down corporate PCs
All of these solutions (with the exception of the USB pin pad) do not require any installation or use of software which mean they can be used for internet cafes/kiosks, locked down corporate PCs or anywhere else where internet access is available but using "unauthorized" software or hardware is not permitted.
This "live CD" solution will only work in situations where the end user is able to run whatever software they like (and where the PC has an optical drive). And it assumes that the "live CD" has drivers for all the hardware in the PC its being used on (given the state of linux wireless, I doubt its even possible, especially if you need support for WEP, WPA etc)
First how are they going to support all their customers PCs configurations ?
I mean, it was hard enough to get my PCI wifi card to work with linux. (Well, maybe they can work with those wifi chip company to finally open their specs...)
And some already mentioned that some people dont even have a CD drive anymore ? So they should probably think about USB...
In any case, I will still want to do my banking on my smartphone, so not even a usb thinkgy will help... but I might trust a dedicated signed app on a (non-jailbroken) iphone a little more than just safari. Oops... behold the power of the closed system like the iphone!
Why is Ubuntu so synonymous with Linux? Don't people know there are alternatives, or are they all too "geeky" for normal users? I've tried lots of Linux distributions and they're all very nice and usable. Couldn't they base this on Debian, or Fedora, or even just make their own distribution? Basing it on Ubuntu would only add unnecessary bloat; just give people something like Parted Magic or D@mn Small Linux (or something similar with maybe a more appropriate name for banks) and don't reinvent the wheel. "Can Ubuntu save online baking?" why not "can Linux save online banking"?
"Our country is not nearly so overrun with the bigoted as it is overrun with the broadminded." -Archbishop Fulton Sheen
No.
Slightly less short:
Save online banking from what? Security, schmecurity. Online banking is here to stay.
A better question:
Can Ubuntu save US FROM the problems of online banking?
People 'got' the idea of a cartridge - you had a home appliance, that did a number of interesting things, based on physical actions you took. Nowadays with any modern OS, there's so much background crap, nobody really knows what their computer does.
I want to delete my account but Slashdot doesn't allow it.
The only thing this protects against is spyware running on the computer being used to access the site. Ok, fine. However that doesn't help for phishing e-mails or any of the other ways to get info. Also, as noted, it would be easy for someone to replace the CDs with ones that have spyware built in. What is really needed? Two factor authentication. Just get an authenticator token and you've stopped nearly all of these threats.
My bank has this. I've got a little credit card sized thing with a display on it. It gives me a 6-digit number to log in with when I push the button. A new number is also required to do anything really important like add a new place to pay bills to, transfer money to an account that isn't mine or change information on the account. So, even if I was on a spywared system and accessed my account, and that spyware could allow the person remotely to take control so that they could use the session, they STILL couldn't get any money out of my account.
That is useful security. This CD idea is more security theater. It might give the illusion of security, but really you haven't helped anything.
Make live CDs available, and give some sort of reward to your customers when they use it. They can tell what kind of system you are running when you connect. One possible benefit would be reduced fees or more interest or something. People are lazy, but people largely like to save/make money. Give people a monetary incentive and you'll see lots of people learning. Of course, all that would take money; the end goal is to reduce credit fraud and theft.
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
Biran Krebs, the former "Security Fix" blogger for the Washington Post, recommended this approach back in October 2009: http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
All linux distributions have been rooted at one time or another. A live disk of Ubuntu can be compromised until rebooted, but since ubuntu Live disks are root by default lets not pretend that ubuntu live disks are safe. Firefox plugins can still be compromised or users could be unwittingly instructed to do something that could compromise their system.
I just hope that they create a custom(ubuntu based) bootable disk that only runs a browser, with limited packages and no browser plugins and only allows you to go to the website with the banks certificate. Anything less would provide a false sense of security to those who don't understand the risks.
I suppose something that could do screen captures (without showing up in a program called Process Explorer) could still take down my pants. I'm not too worried, though.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
i wonder how long until a malware coder finds a way to do the filter thing in software, and so can intercept the code image.
this sounds like me like the "spy codes" that used to show up in kids comics around the 70s-80s, where you could mail in some coupon to get a "membership card" that would decode the message for you. Sad thing was, unless one was color blind, one could often make out the message without the card. Basically, a captcha of its day.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Ummm no. The other SMS.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Wait til it's figured out by the masses that you can use these disks to view porn with out the wife being able to spot it in the history. Banking has never been so exciting!
Everyday You see me is the worst day of my life -Office Space
Easy fix - don't use DNS, hard code the IP address instead. Provide some means by which the user can change that if needed upon instructions over the phone. Realistically there is no reason why you want this image to be able to access anything other than that IP address, so set up your iptables to prevent any access to other sites. This is not supposed to be super-convenient, it's supposed to be secure. Strip out everything from the image that you can so that it boots ultra fast and pops up the bank login screen. The bank would have to run an update server, with the sole purpose of providing security updates only, and only for iptables (maybe the kernel too assuming it exposes a security hole that iptables can't limit).
And by "strip out everything" I meant *everything* - take out basic system tools like ls. Provide the most bare bones shell you can dream of, in fact perhaps you can completely remove the shell since there's no need for a user to be able to execute anything custom.
This is a pretty neat idea though and I hope to see real online banks start considering it. Like mine, for example, which uses that weakass cookie based authentication scheme. I wish they would just sell me an RSA key.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
Aside from "branded consumer experiences" and all that stuff that gets the marketing guys excited, the one reason to make the disks bank-specific is that it makes security a lot easier.
If all the disk has to do is go to https://mybank.com/ you can do all sorts of draconian but secure stuff: Disable loading any non-SSL page or element. Trust only your own cert/CA. Remove any option to approve an exception. Configure the firewall to block any and all traffic that isn't either a DNS(SEC, preferably) lookup for mybank.com, or communication between the host and mybank.com
If you have to coordinate between a bunch of banks, things get harder. Either you take on a big institutional verification task, enrolling reputable banks in your list of trusted sites and cert/CAs, and hopefully not having some front group sneak one in there for some XSS action, or you throw up your hands and just build a generic "browser liveCD".
The generic browser liveCD is still a good bit safer than Joe user's computer, since it needn't be a general purpose machine, or capable of running Limewire, or have every infection picked up in two years of browsing(since the max lifespan of a liveCD session will probably be a few hours); but it is still substantially less safe than a dedicated one. If there are any available exploits for the browser used, the user has a nonzero chance of picking one up while poking around and having it still resident if they bank after doing that, and before rebooting. There would also be the basic issue of cross site/cross tab stuff. Exploits of those sorts of flavors are discovered all the time. If you give up on the goal of having a general-purpose browser, you can neutralize most of them without even discovering them or patching the browser. If your browser has to be general purpose, you have to do the security the hard way.
1. Get one of this bank's distribution CDs as if I were a customer.
2. Create an identical copy of it, right down to the packaging, and snail mail it to random old people in Florida. This version, of course, does what I want with their personal data.
3. Profit.
-David
Is that necessarily true? If you build a bare-bones linux install that does nothing but start a web browser and uses iptables/pf/whatever to restrict access to anything but the bank, I would think you could remain pretty secure long-term. Strip it all down for a five-second boot time, don't install anything you don't need... at worst provide firewall updates from your own server, and if anything else needs updating, just send out a new CD. They're cheap and the user won't mind updating (oh, I should put this new CD in instead of the old one? okay.).
The hard part is convincing the user to validate your new CD somehow. Put a sticker with their username on it before mailing, or teach users to call to verify it's really from you?
Just my $0.55 (US inflation, 1774-2008, for $0.02)
heh
Damping absorbs vibrations. Dampening is caused by moisture.
This will still leave you vulnerable to DNS/ARP spoofing, for example if someone is on your wireless.
http://www.abc.net.au/tv/newinventors/txt/s2622746.htm Finally, something smart out of Australia!
"Anonymous could not immediately be reached for further comment." - International Business Times
(But what if someone slips in a stack of doctored disks?)
Frank Abagnale Jr, the famous con-man of Catch Me If You Can fame, was known to print deposit slips with his own account's number and randomly insert them into stacks of blank slips at the bank. The unsuspecting patron fills out the "compromised" slip and the money goes into the unintended account. It seems like somebody could fairly easily modify the disk image to include a keylogger/MITM, replace disks with compromised copies, and put them back into circulation.
Will it be more secure? Maybe... for some period of time. Long term, they're just moving the problem of keeping an end user's PC secure to repeatedly shipping physical media.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
There already is such a "switch", the user in the example above just failed to use it...don't leave the USB drive connected. Whoever can't be trusted to remove the drive also can't be trusted to toggle a switch. Nice try, though.
Momentarily, the need for the construction of new light will no longer exist.
XSS and CSRF attacks notwithstanding, the real problem is that it's casual web surfing and email that pose the risk of infection, so we're really talking about all the OTHER web use (i.e. everything that's not logging in to your bank or other high-target sites) that it would really benefit the average user to run the Live CD for. Windows would be fine to use for banking sites if that's *ALL* you were ever use to it for. For the above-average savvy, an Ubuntu/Fedora/whatever desktop install, fully patched and running, say, VirtualBox with 2 VMs, one for casual web surfing/email and one for online banking/etc. is about as good as one can do. Bonus points for read-only guest disk images and FF/noscript.
I use a national ID card which is a smart card. This is called two-factor authentication. You got to have something (a key) and know something (a pin) to do anything. If i use a cardreader with an external pinpad, it is very hard for malware to sign any traffic or bank orders with this card. If you do not have an ID card already in your pocket, it should be quite feasible to a bank to use its own smartcards.
I won't reboot my computer each time I have to connect to my bank. I'd move my money to another bank with a more convenient online banking instead.
Am I missing something, or is this the stupidest idea on slashdot all year long?
How do they propose to patch the software? Or are they going to distribute perfect software on the first try?
I realize of course that you can't persist the malware (leaving aside the possibility of modifications to the firware of various peripherals or a 'Deep Door' style attack), but that's hardly all that matters. And even still, you could achieve the results better by using a VM with automatic disk-undo.
As a number of e-banking systems don't work with Firefox, Safari and even Opera.
Problems range from stuff to be weirdly displayed to missing buttons and menus.
You actually need IE, possibly version 6 or maybe 7.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Q & A 1. What is the point? - Many business owners have had their bank accounts wiped out (via wire xfer). They do not get deposit insurance (it's only for individuals) 2. Why Linux and not something else? - Linux is free. OSX is a good alternative, but it ain't free. 3. Why CD and not USB? - CD is read only. Just a little extra precaution 4. Why not use those little FOBs that show a different password every 30 seconds? (Two factor auth) - Cause you can get around those. Trojan can create Firefox plugin. Rewrite bank website homepage so you put in account number and password on homepage (instead of split over multiple pages). Trojan transmits this to its master, then logs you into bank. I've even seen trojans that will rewrite your bank account balance info so you don't know your money is gone til it's too late. 5. Why can't I run linux in a virtual machine in windows? - Key loggers 6. But the LiveCD won't always be up to date - True. But we're talking about using Linux and Firefox to browse only your bank's website. And your bank should send you a new disk every 3 months or so. 7. What about Windows PE off a CD? - I guess. But I'd feel safer with Linux. 8. What else? - DNS poisoning might be a problem. You might want to consider an old school dial up connection directly to your bank - Make sure you close your browser immediately after logging out of your bank session - If your BIOS gets rootkitted, you are SOL
Ubunutu is being used precisely because it is not expressly associated with Linux.
A CxO will hear the word "Linux" and demand your geekery be banished from his mahogany throne room. Ubuntu has been working of the marketing front for some time and will be a much easier sell to the clueless CxO's of the banking world then a more secure and leaner version of Linux.
Once something like this passes the bowel of upper management the engineers will decide to custom build their own from RedHat, Debian or whatever but as far as the CxO's are concerned it's whatever name they signed off on.
Calling someone a "hater" only means you can not rationally rebut their argument.
Too bad their network won't work because of missing drivers for wifi card as it usually happens on Ubuntu. Maybe the fact that internet won't work for customers is the ultimate security feature.
You can then do online banking directly from the host OS (if you deem it secure enough), or from a different VM.
Been in favour of of that for some time now: http://slashdot.org/comments.pl?sid=1403461&cid=29754057&art_pos=28
They could add extra security such as make sure Firefox will only go to pre-configured ip-adresses
---
I suspect VMware ACE is pretty much made for this sort of thing. At least as far I can tell this was the kind of thing it was made for.
Yeah, I had a sig once; I got bored of it.
And folks were incredulous of the feasibility of banks handing out even just web certificates...
I guess once you've hurdled the barrier of handing someone an object, there's a lot of opportunity.
If you read the site and understand the way PassWindow works you would see that it is not possible to correctly decode the PassWindow without the exact combination of lines that is present on the physical PassWindow enabled card.
I'd go the route of having my own CA in addition to a Verisign or whatever certified cert, and offer the users of the bootable option more enhanced and comprehensive security. I may even go as far to impose the bootable method for certain users, perhaps users that have already had ID theft happen to them, or perhaps impose it for large personal transactions.
Maybe even offer users more insurance against ID theft if they use this system, that should be a relatively good offer for consumers as well as the bank. Anyone who really knows write once bootdisks, knows that security doesn't really get much better. So the bank would make money because it should experience less insurance payouts on ID theft. Consumers win because they aren't victims of ID theft.
As for driver support, as others have mentioned, the bank(s) and Ubuntu can only support a certain set of WIFI cards and in limited cases even ethernet cards. However, if they offered a bonus to customers who use the system, as I mentioned earlier, they could simply say the issue of your hardware not supporting our system is your loss. If many banks adopted this system, how quickly would PC makers jump on the "online banking ready" bandwagon. Even existing hardware might have Linux drivers contributed for it, if consumers complain to their OEMs enough. This could be the push that Linux needs to make it so OEMs support it. Banks would try to one up each other by offering the same/better ID theft protection, and PC vendors would one up each other via Linux support.
All in all I see this as an amazing win for opensource and as a win that has the potential to be the win that keeps on giving. Or it could be a complete flop, but it is still awesome/well deserved PR for Linux/opensource security.
Geeks don't grock information, they grep it.
My other Dutch bank ABN/AMRO uses some kind of calculator thingy that provides a transaction number based on a value you receive from the banks webpage.
The same ING bank also provides a very simple system where you have a sheet of paper with transaction numbers, and the webpage just asks you for your next TAN code.
What do all these have in common? Right, a separate transaction authorization outside the browser. How hard is that?
Standard Modular System? Security through obscurity indeed!
.sig withheld by request
supplying bootable SD cards with no switch (locked in read-only mode) should solve that. I wouldnt be surprised if there are already manufacturers which make read-only sd cards..
hell, you could even make ROM-based SD cards if you dont trust the switch mechanism
People, what a bunch of bastards
German computer magazine c't started a very similar project called http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html (German) a few years ago. It's not set up for any one bank, obviously.
The biggest extra hassle for me would be the need to log in to my wireless network. I have a long random string as my router's WPA2 password, and would need to type the whole damn thing in every time I booted this thing up, since the CD would have no way of remembering it. Or make the network less secure by choosing a simpler password.
.sig withheld by request
Sounds like what they really want is Chrome OS, then. (When it'll be out, that is.)
When ideas fail, words become very handy.
That's why you need read-only usb drives. But they're really hard to find nowadays.
Around here to do more than a basic limited sum transaction you will need to have a smart-card that has your identification and signature certificates, the first for connecting to the banking site and the second to sign the transactions. Even if somebody got my pins for the certificates, they cant empty my account because they don't have the physical card used to encrypt my communication and authorize transactions and if I lose the physical card it is blacklisted just like bank cards Nad its safer because breaking RSA keys is not subject to social engineering. That's how real security works.
anything made by humans can be broken by humans. Especially when it depends on the transmission, interpretation and retransmission of data.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Among the several distinct ways to alter Knoppix, the one likely to be of broadest interest is remastering, during which you can substitute your own software for a portion of that on the standard Knoppix CD-ROM
Except the vast majority of phishing attacks are throug malware being downloaded in email attachments and clicking on URLs in Internet Explorer.
This is a terrible idea really and reading through most of the comments I haven't seen anyone mention it. What if you release bootable CD and 3 months or even a year later, there's some vunrablity in the software on that CD? Update it? Um nope? Have fun issuing a whole bunch of new CDs when you find a problem with it. Cause we really need to throw more stuff in the garbage dump?
I looked at my small town bank's online offering, and the amateurish site looks like it was probably done by the bank manager's brother-in-law over a weekend between six-packs, using the finest swiss-cheese Microsoft has to offer. I'll be sticking with dead trees for now.
I love tech, but committing to all-electronic financial transactions with no actual paper just feels like it could go very, very wrong.
But seriously -- the vulnerability of services like online banking is a huge elephant in the room where Windows is concerned. ("Let's take the cruddiest, most exploited modern operating system you can find, install it on 97% of PCs with no choice, and don't tell anybody they can't trust it to keep anything private." What could possibly go wrong?)
There is no way that your average PC owner can keep Windows free of malware for very long. This must be snowballing into a massive future class action.
you had me at #!
This is a great idea. Unfortunately for me, much of what I do with 'online banking' is download activity into my Quicken register. That would not be compatible. duke out
Even if its crackable somehow, its a LOT more secure than current systems based on passwords and "secret questions" and costs a lot less to implement than keyfobs and other similar external hardware devices.
Plus, if it does get cracked in a way that renders PassWindow vulnerable (rather than a crack that allows access to just one PassWindow card), it can be changed to make it more secure (just as many other security mechanisms that have been cracked have since been upgraded to be more security)
Regarding the 'reboot' arguement, I guess that if you're smart enough to be using your PC to do online banking, then you should be smart enough to figure out how to reboot from a live CD.
My main point tho; Many people using online banking, via their PCs, also use their banking data; ranges from simply reconciling stuff in Excel to complete software packages...
Would the liveCD provide access to USB or other storage, (thus risking compromising security), for this?
Would I be able to logon to my account to retrieve data, using my 'normal' system, but then only make transfers using the liveCD?
Sounds complex...
It's about the easiest thing to attack, they give it away at the bank, so it's as easy as walking in and picking up a copy. Worse, you know exactly what people will be doing with it when they log in, and because they are directing to a specific bank, you know exactly how they are accessing their bank.
I usually just walk into the lobby, but I'm an analog kind of guy. Never had a problem with keyloggers yet.
Tequila: It's not just for breakfast anymore!
Of course not, RSA security is fine. It's the clients machines that get infected.
Right up until someone actually tried to use it.
Then you've got bank staff trying to step 'Grandma RobDude' through downloading the windows driver for her wireless card, installing ndiswrapper, and then you still have to explain to her that, since her wireless card isn't 'good', at best, even with all the hacking, she can't enable any encryption on her wifi.
Which pretty much defeats the whole, 'it would be more secure' angle.
And for the record; I'm not trolling. I'm a computer programmer, reasonably tech savvy, and I've tried to install two different versions of Ubuntu in the last two years. Both resulted in multiple pages on the Ubuntu forums and ultimately ended with 'Well, ummmm, buy something new!'.
I don't get the problem. Can somebody explain what this is really about? To me it really looks like a solution looking for a problem. Or are most banks outside the Netherlands still living in the early 2000's when you were required to use IE for their online stuff?
-- Cheers!
This kind of thinking is exactly the reason why Identity Thefts biggest source of names and information, is the Banking/Finance business. All the reasons others have mentioned, and thousands more, are why so many stories are not told, about how many hundreds of MILLIONS of names have been taken, world wide (Just one hit can get 100,000 in seconds... let alone just sitting there for days)... Banking for many years only kept 'physical' security as a standards...\ Although changing sloooooowly... they are paying millions to have 'security' but blow it with this kind of thinking. Want to imagine how many bank computers use 'USB' and have not figured out that is what 'thumb drives' use...
Single Mobility System? How is a military transportation tracking system going to help? Though I suppose it would be fairly secure.
No disrespect intended, but this is a rather naive point of view. Let's set aside the gaping security hole this leaves for hackers to do a targeted attack by either slipping in trojan disks in the bank or simply mass mailing a "New, more secure" DVD to bank customers. The bigger problem is security vulnerabilities on such hard live-CD. Imagine that every time today you see "there is a Firefox update" you would not get "Sorry, the live CD is of date, take a hike to your local bank to pick up a new one". How is that for customer experience? The more likely scenario is that people will continue to use the old live CD's, which leaves them open to a bunch of hacks (let's say you are still using firefox from a year ago, you'd be vulnerable to a who slew of SSL attacks, like the NULL prefix, etc. etc). Using such live-CD's is like disabling the security updates for all customers - hackers will love you!
None of which matters if the CD directs straight to the bank page (and especially if it whitelists only that url).
None of matters, how? Because you say so? And you state it with such authority too. Such naive "authoritative" views is why we have such bad security ideas go ahead. Direct URL prevents users from catching a virus from their free porn site, but is still totally vulnerable to so many attacks. E.g:
1. I can spoof your DNS and have your browser connect my server instead of the bank's
2. I can ARP spoof your gateway and pick from a choice of man-in-the-middle attacks (if you are using 1 year old version of Firefox, I can go download ready-made programs to perform those attacks, I don't even need to understand them - there is even one which lets me execute arbitrary code on your machine).
3. I can use attacks like sslstrip, most users won't notice
4. etc, etc.
Do some research on SSL/TLS attacks, HTTP attacks, etc.
No, it can't. Not even my mobile provider knows my name. It's a pre-paid card with no contract, like most here in Europe.
And a criminal organization that can both install a trojan in my computer *and* intercept my SMSes is more likely to be interested in more hefty sums than the numbers in my student account.
As for the police (and intelligence), why would they care about a one-time pad used to make a specific transactions? They can probably just ask the bank for my account transaction history. Hell, if SWIFT had passed (thanks EP!) even USA authorities could do it.
Dilbert RSS feed
The concept of biometrics? Don't most notebooks nowadays have a fingerprint scanner? Why aren't the banks (or any such site) using that? It's such a common thing now, at least for laptops. It should at least be an option. I don't mean the provided PC s/ware which manages your passwords, I mean something like a Flash(?) app which communicates your swipe directly to the site.
Or did biometrics become redundant since the swipe data can still be phished anyway? So for Web stuff it's really no more protection than a typed password?
Tha's what happened to me a week ago: I logged in my bank's account just to find out how poor I am when not only appeared my 3 accounts but 14 more to which I am not related at all.
I use linux exclusively and also I update the system every week.
Of course I call my bank to aware them but nobody could explain me what the error was and why did it happen.
Quite strange...isn't it?
Unless the VM was perfect, you never used the host OS for anything except running the VM, and you restored the VM from a backup on non-rewritable media whenever you used the bank, it wouldn't provide the kind of security a live CD would. And if all of these conditions are met, usability is less than that of a live CD.