I reckon this would be a support nightmare. Old PCs, BIOS configuration and broken cup holders would hamper adoption and you'd end up fielding general support calls.
I'm currently using a chip and pin device to authorise online banking transactions. Are there any current malware sophisticated enough to counter this? Seems to be a tried and trusted solution. Jim On 21/10/2009, PJ McGarvey <[email protected]> wrote: > > I didn't read the whole article, but I wonder if this would be best suited > for large transactions, say over $1000? The bank could use some other > means to verify the user is using its live cd, before allowing the > transaction. Or what if they integrated some sort of bootable distro on a > usb fob that has a certificate built-in for use with two-factor > authentication? Even combine that with some out-of-band type of > authentication, like a PIN sent to your cell phone. > > > > Of course, if the banking session were still compromised, and the Bank > states there is no recourse if you use the live CD, then you're SOL... > > > > Bruce Schneier has written some stuff about "authenticating the transaction" > > > > -PJ > > > Date: Mon, 19 Oct 2009 08:49:07 +0100 > From: [email protected] > To: [email protected] > Subject: Re: [Pauldotcom] Latest trend - Linux Boot CDs for Online Banking > > > > > 2009/10/18 Dale Stirling <[email protected]> > > This is definatly a short term fix as I this becomes a major trend it > will just shift the attackers focus to the OS's on these live CD's. > > Then we are in the same position that we are now having users that > have a false sence of security from a quick fix that had a limited > life span. > > As said before I think a patched system and user education are the way to > go. > > > > > > > I can see where the banks are coming from with this, since it may be > possible to safely use a computer infected with current banking trojans > when booting from a live CD. Penetration into the market will probably be > low so malware pushers may not target this platform. However, even if this > were an minimal environment which auto-updated on boot up I reckon this > would be too slow for Joe Blow. I have doubts whether people would reboot > into a different OS in order to gain some additional security. > > Jim > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
