Overall the risk is lower comparing unpatched Windows with unpatched Linux. Typically as long as the live CD is a recent version I wouldn't see much wrong about this method.
-Matthew Lye You can do anything you set your mind to when you have vision, determination, and and endless supply of expendable labor. <No tree's were harmed during this transmission. However, a great number of electrons were terribly inconvenienced> On Wed, Oct 14, 2009 at 12:55 PM, Keith Pawson <[email protected]>wrote: > Seems that a few people in the public arena have started spreading the word > about using a Linux Boot CD is the most secure way to do Internet Banking > now :-0 > > Not just one source either: > > http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne > t-banking.aspx > http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589 > http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036 > > http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b > ank_on.html?wprss=securityfix > > http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d > own_non.html?wprss=securityfix > > http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking. > html > > Am I right in saying this is actually a bad thing? > > I've listened to Paul and the gang go on about using live CDs such as > Backtrack and so forth is a bad thing due to components being out of date > and vulnerable - use them in a test network for research and education. > > So imagine people doing this and not updating the live CD for say 6 months > or never and suppose they leave the thing running for a week or even worse > all the time. In addition this does not mitigate against DNS spoofing, > browser XSS and so forth, right? > > What do you guys think about this latest trend and what do you think the > risks really are with this scenario? > > Cheers > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
