[Pauldotcom] Latest trend - Linux Boot CDs for Online Banking
reswob10 at gmail.com
Wed Oct 14 16:07:46 UTC 2009
Good points about the dangers of using a LiveCD. If the user doesn't create
an updated LiveCD every few months or so, they could be in just as much
danger as if they used their own machine.
However, even with an out of date LiveCD, the risk of persistent malware is
removed. That would eliminate the threat of keyloggers and such, right?
Unless they surf somewhere else besides the bank web site or read email
before doing their actual banking... Unless, of course, the malware has
infected the bios.
Sigh. Maybe I should just actually GO to the bank from now on. Reality
banking is on its way back.
On Wed, Oct 14, 2009 at 8:52 AM, Tim Mugherini <gbugbear at gmail.com> wrote:
> Again I agree but why use unpatched anything? As the risk would be lower if
> either system was patched.
> I think I am concerned more with the message to the end user more than
> anything (aka dont worry about patching is a quick fix and your good to go)
> On Wed, Oct 14, 2009 at 1:21 AM, Matt Lye <lyematt at gmail.com> wrote:
>> Overall the risk is lower comparing unpatched Windows with unpatched
>> Typically as long as the live CD is a recent version I wouldn't see much
>> wrong about this method.
>> -Matthew Lye
>> You can do anything you set your mind to when you have vision,
>> determination, and and endless supply of expendable labor.
>> <No tree's were harmed during this transmission. However, a great number
>> of electrons were terribly inconvenienced>
>> On Wed, Oct 14, 2009 at 12:55 PM, Keith Pawson <keith at winnetworks.com>wrote:
>>> Seems that a few people in the public arena have started spreading the
>>> about using a Linux Boot CD is the most secure way to do Internet Banking
>>> now :-0
>>> Not just one source either:
>>> Am I right in saying this is actually a bad thing?
>>> I've listened to Paul and the gang go on about using live CDs such as
>>> Backtrack and so forth is a bad thing due to components being out of date
>>> and vulnerable - use them in a test network for research and education.
>>> So imagine people doing this and not updating the live CD for say 6
>>> or never and suppose they leave the thing running for a week or even
>>> all the time. In addition this does not mitigate against DNS spoofing,
>>> browser XSS and so forth, right?
>>> What do you guys think about this latest trend and what do you think the
>>> risks really are with this scenario?
>>> Pauldotcom mailing list
>>> Pauldotcom at mail.pauldotcom.com
>>> Main Web Site: http://pauldotcom.com
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> Main Web Site: http://pauldotcom.com
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pauldotcom