I agree. It is very short sighted. I read Krebs articles for quite some time now and find his work to be fascinating and educational, but often slanted against Windows. Regardless of OS' bias, I think he is doing his readers a disservice with this article.
Yes - Linux is less targeted and there are less cross platform trojans in the wild but I would consider using a live CD as the solution. In addition to not being patched, it doesn't necessarily going to supply any protection from an unsecured or compromised network, browser side attacks, spear phishing, etc.. etc... etc.. I do know many who use dedicated VM's or systems for online banking, etc... but again these are fully patched, on trusted networks, etc.. Glad someone else caught the article and questioned it. Tim On Tue, Oct 13, 2009 at 10:55 PM, Keith Pawson <[email protected]>wrote: > Seems that a few people in the public arena have started spreading the word > about using a Linux Boot CD is the most secure way to do Internet Banking > now :-0 > > Not just one source either: > > http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne > t-banking.aspx<http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne%0At-banking.aspx> > http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589 > http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036 > > http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b > ank_on.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b%0Aank_on.html?wprss=securityfix> > > http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d > own_non.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d%0Aown_non.html?wprss=securityfix> > > http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking. > html<http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.%0Ahtml> > > Am I right in saying this is actually a bad thing? > > I've listened to Paul and the gang go on about using live CDs such as > Backtrack and so forth is a bad thing due to components being out of date > and vulnerable - use them in a test network for research and education. > > So imagine people doing this and not updating the live CD for say 6 months > or never and suppose they leave the thing running for a week or even worse > all the time. In addition this does not mitigate against DNS spoofing, > browser XSS and so forth, right? > > What do you guys think about this latest trend and what do you think the > risks really are with this scenario? > > Cheers > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
