Re: [News] Banks Look into Online Banking with Live CDs

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: [News] Banks Look into Online Banking with Live CDs

Subject: Re: [News] Banks Look into Online Banking with Live CDs
From: Mark Kent <mark.kent@xxxxxxxxxxx>
Date: Sat, 14 Jun 2008 20:22:32 +0100
Cancel-lock: sha1:uQZVXbxDRIpVfFmuGDvsOVUj1CU=
Newsgroups: comp.os.linux.advocacy
Organization: albasani.net
References: <2464448.DBorPLs1JN@xxxxxxxxxxxxxxx> <A5h_j.9233$DZ6.323@xxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: slrn/0.9.7.4 (Linux)
Xref: ellandroad.demon.co.uk comp.os.linux.advocacy:652361

7 <website_has_email@xxxxxxxxxxxxxxxxxxxx> espoused:
> Roy Schestowitz wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> Practical Linux home security
>> 
>> ,----[ Quote ]
>> | Indeed, some banks have even been looking into Linux Live CDs for their
>> | customers to use. In this circumstance, Internet banking users would
>> | boot their computer from the Linux CD and then perform their online
>> | banking within a Linux environment. If you already use Linux then this
>> | is not really necessary, but it is a testament to the perception of the
>> | security and safety Linux offers end users over Microsoft Windows.
>> `----
>> 
>> http://www.itwire.com/content/view/18411/1143/
> 
> 
> That would be the best thing they and a very many other security
> conscious organisations could possibly do in my opinion.
> 

I completely agree.  It would be quite interesting for banks to issue
LiveCDs to customers which are sufficiently well locked-down that they
can only access the bank's own websites.  This would completely and
permanently end the phishing attack.  If the bank were even more clever,
they could send out, separately, a USB key, only usable with the CD sent
to the proper customer (swap keys, like ssh does), which the customer
could keep on a keyring, and insert once the LiveCD has started-up in
order to authenticate at the bank.  

Once the bank has asked the pertinent question, "what's your name",
the CD and USB key could be validated, and off you go if all is well.

If the CD, USB key or name are not correct, then transactions could be
halted.  Similarly, the customer could telephone the bank should any of
these go missing.

By encrypting the data on the USB key and perhaps using an encrypted
filesystem, the whole thing could be made very difficult indeed to crack.

<snip>
> 
> Time to move everything over to Linux to protect company assets
> and government assets.
> 
> http://www.livecdlist.com
> http://www.distrowatch.com
> 

It would be much safer than chip & pin.

-- 
| mark at ellandroad dot demon dot co dot uk                           |
| Cola faq:  http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/   |
| Cola trolls:  http://colatrolls.blogspot.com/                        |
| Open platforms prevent vendor lock-in.  Own your Own services!       |

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index