Good points about the dangers of using a LiveCD. If the user doesn't create an updated LiveCD every few months or so, they could be in just as much danger as if they used their own machine.
However, even with an out of date LiveCD, the risk of persistent malware is removed. That would eliminate the threat of keyloggers and such, right? Unless they surf somewhere else besides the bank web site or read email before doing their actual banking... Unless, of course, the malware has infected the bios. Sigh. Maybe I should just actually GO to the bank from now on. Reality banking is on its way back. Craig On Wed, Oct 14, 2009 at 8:52 AM, Tim Mugherini <[email protected]> wrote: > Again I agree but why use unpatched anything? As the risk would be lower if > either system was patched. > > I think I am concerned more with the message to the end user more than > anything (aka dont worry about patching is a quick fix and your good to go) > > > On Wed, Oct 14, 2009 at 1:21 AM, Matt Lye <[email protected]> wrote: > >> Overall the risk is lower comparing unpatched Windows with unpatched >> Linux. >> Typically as long as the live CD is a recent version I wouldn't see much >> wrong about this method. >> >> -Matthew Lye >> >> You can do anything you set your mind to when you have vision, >> determination, and and endless supply of expendable labor. >> <No tree's were harmed during this transmission. However, a great number >> of electrons were terribly inconvenienced> >> >> >> >> On Wed, Oct 14, 2009 at 12:55 PM, Keith Pawson <[email protected]>wrote: >> >>> Seems that a few people in the public arena have started spreading the >>> word >>> about using a Linux Boot CD is the most secure way to do Internet Banking >>> now :-0 >>> >>> Not just one source either: >>> >>> http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne >>> t-banking.aspx<http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne%0At-banking.aspx> >>> http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589 >>> http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036 >>> >>> http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b >>> ank_on.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b%0Aank_on.html?wprss=securityfix> >>> >>> http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d >>> own_non.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d%0Aown_non.html?wprss=securityfix> >>> >>> http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking. >>> html<http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.%0Ahtml> >>> >>> Am I right in saying this is actually a bad thing? >>> >>> I've listened to Paul and the gang go on about using live CDs such as >>> Backtrack and so forth is a bad thing due to components being out of date >>> and vulnerable - use them in a test network for research and education. >>> >>> So imagine people doing this and not updating the live CD for say 6 >>> months >>> or never and suppose they leave the thing running for a week or even >>> worse >>> all the time. In addition this does not mitigate against DNS spoofing, >>> browser XSS and so forth, right? >>> >>> What do you guys think about this latest trend and what do you think the >>> risks really are with this scenario? >>> >>> Cheers >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
