On 6/27/07, Dennis Henderson <[EMAIL PROTECTED]> wrote:
Fergie nailed it? Yes, once the consumer PC is compromised, all bets are off is true. Thats why I pondered about the possibility of actually performing a secure transaction while compromised. Peter did provide one solution. Any other ideas?
I am assuming the CD-OS was the solution you were referring to, as the Terminal Server app could always have screenshots taken of it. Another possible solution could be for the banks to distribute a TS/VPN client that would disconnect all other network connections for a time, before, during, and after the transaction, with the added precaution of deleting any files that were created during the "secure" transaction before returning internet connectivity to the user. P.s.: the banking app would have to be run from read only media -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
