FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 02-07-2008, 02:37 PM
Neil Bothwick
 
Default Horribly off-topic linux distro question...

On Thu, 07 Feb 2008 15:27:51 +0100, Michael Schmarck wrote:

> > In the context of online banking, where Windows of some flavour is the
> > desktop OS, I see a substantial risk arising through spyware and/or
> > viruses. I suspect that a neat way to mitigate this would be to run
> > an OS from a CD which offers nothing more fancy than a basic
> > web-browser.
> >
> > Is there anything like this already available?
>
> DSL should come fairly close.

Dillo doesn't work with the online banking sites, and many others, that I
tried.


--
Neil Bothwick

If it ain't broke, wait a day or two!!
 
Old 02-07-2008, 04:21 PM
Florian Philipp
 
Default Horribly off-topic linux distro question...

On Thu, 2008-02-07 at 15:37 +0000, Neil Bothwick wrote:
> On Thu, 07 Feb 2008 15:27:51 +0100, Michael Schmarck wrote:
>
> > > In the context of online banking, where Windows of some flavour is the
> > > desktop OS, I see a substantial risk arising through spyware and/or
> > > viruses. I suspect that a neat way to mitigate this would be to run
> > > an OS from a CD which offers nothing more fancy than a basic
> > > web-browser.
> > >
> > > Is there anything like this already available?
> >
> > DSL should come fairly close.
>
> Dillo doesn't work with the online banking sites, and many others, that I
> tried.
>
>

Last time I tried, DSL came with Firefox 1.5.*
 
Old 02-07-2008, 04:42 PM
"Andrey Falko"
 
Default Horribly off-topic linux distro question...

On Feb 7, 2008 9:04 AM, Steve <Gentoo_sjh@shic.co.uk> wrote:
> In the context of online banking, where Windows of some flavour is the
> desktop OS, I see a substantial risk arising through spyware and/or
> viruses. I suspect that a neat way to mitigate this would be to run an
> OS from a CD which offers nothing more fancy than a basic web-browser.
>
> Is there anything like this already available?
>
> --
> gentoo-user@lists.gentoo.org mailing list
>
>

Try Knoppix, it will have everything you need to do you online banking.
--
gentoo-user@lists.gentoo.org mailing list
 
Old 02-07-2008, 05:05 PM
7v5w7go9ub0o
 
Default Horribly off-topic linux distro question...

Steve wrote:
In the context of online banking, where Windows of some flavour is the
desktop OS, I see a substantial risk arising through spyware and/or
viruses. I suspect that a neat way to mitigate this would be to run an
OS from a CD which offers nothing more fancy than a basic web-browser.


Is there anything like this already available?



My preference is using a safe browser (Opera with plugins removed) on a
QEMU/Hardened Gentoo VM - on a USB flash stick. It presents the user
with a window in which the Linux OS boots up and in my case, presents a
Fluxbox desktop.

- The VM (actually, a qemu emulator in "virtual" mode) will start up
without privilege - say, while on the road at a public library.

- At the end of the session, there are no relics that I can find, except
for a single, minor note in the windows registry.

- The SSL connection is established within the Linux VM, so all the
host sees is an encrypted connection to your bank.

- IIUC, today's biggest banking concerns, besides pharming and phishing,
are Trojan/Keyloggers. This kind of VM is -probably- immune from most
kinds of spyware on the Windows host, though not hardware loggers on the
keyboard or Terminal. Workaround is to have passwords handled
automatically by the browser within the Linux OS - so that passwords are
neither typed nor displayed.


- Other banking concerns are pharming, DNS poisoning, and XSS attacks.
So I go to my banking site with FireFox first, confirm that the DNS is
correct (or do your own lookup at Sam Spade), and have NoScript confirm
that everything is o.k. Then use Opera (safer browser) to consummate the
transaction.

- If you go this route, do a little research and get a fast and quick
USB flash.

HTH




--
gentoo-user@lists.gentoo.org mailing list
 
Old 02-07-2008, 05:32 PM
Mick
 
Default Horribly off-topic linux distro question...

On Thursday 07 February 2008, Neil Bothwick wrote:
> On Thu, 07 Feb 2008 15:27:51 +0100, Michael Schmarck wrote:
> > > In the context of online banking, where Windows of some flavour is the
> > > desktop OS, I see a substantial risk arising through spyware and/or
> > > viruses. I suspect that a neat way to mitigate this would be to run
> > > an OS from a CD which offers nothing more fancy than a basic
> > > web-browser.
> > >
> > > Is there anything like this already available?
> >
> > DSL should come fairly close.
>
> Dillo doesn't work with the online banking sites, and many others, that I
> tried.

Basic web browsers do not have the javascript, Java (and soon enough flash?)
functionality that the majority of banking sites require. Wouldn't Knoppix
with its Firefox and equivalents do the job for you, after you set root and
knoppix passwds? BTW, Konqueror will also work with many banking sites, but
you may need to change the browser agent identification, treatment of cookies
and so on. YMMV.
--
Regards,
Mick
 
Old 02-07-2008, 06:26 PM
Jan Seeger
 
Default Horribly off-topic linux distro question...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 07. Feb, 7v5w7go9ub0o spammed my inbox with
<snip insane security paranoia>

Actually, at that stage, you should be more worried about the hardware. Slip a little hardware
keylogger in there and all that is for nothing. And try to do online banking without entering
anything... If your bank doesn't require something like a TAN (transaction number) or ITAN (indexed
transaction number), I wouldn't use it at all. So it would probably wiser to get a laptop and take
good care of it.
Regards
Jan Seeger
- --
thenybble.de/blog/ -- four bits at a time
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFHq1tTMmLQdC6jvocRAjmJAKCeg5QqD7386NTmbHN4gn ACjYiCcACeIVmI
ecAYIlfgyzbNN6xCG5OrP5M=
=9/oh
-----END PGP SIGNATURE-----
--
gentoo-user@lists.gentoo.org mailing list
 
Old 02-07-2008, 06:50 PM
7v5w7go9ub0o
 
Default Horribly off-topic linux distro question...

Jan Seeger wrote:


<snip insane security paranoia>


insane? What's insane: Presuming the windows host is compromised? or
having your computer on a USB flash drive? or using two browsers to
confirm the integrity of a site? The procedure is quite easy, once
you've done it once or twice.


But go ahead and do something less; it's easy to do something less cautious.



Actually, at that stage, you should be more worried about the hardware. Slip a little hardware
keylogger in there and all that is for nothing. And try to do online banking without entering
anything... If your bank doesn't require something like a TAN (transaction number) or ITAN (indexed
transaction number), I wouldn't use it at all. So it would probably wiser to get a laptop and take
good care of it.


Definitely agree. Laptop is easily the best choice. (But I still check
for DNS poisoning and XSS attacks at the destination) :-)


-> However, maybe Steve doesn't have a laptop! At any rate, he is
discussing a solution for use at a windows pc.


(And I wouldn't mind entering a TAN via a library keyboard if the
primary authentication (initial phase of a two phase identification) was
hidden from the hardware - it alone won't compromise my account.)


--
gentoo-user@lists.gentoo.org mailing list
 
Old 02-07-2008, 08:17 PM
Håkon Alstadheim
 
Default Horribly off-topic linux distro question...

Mick wrote:

On Thursday 07 February 2008, Neil Bothwick wrote:


On Thu, 07 Feb 2008 15:27:51 +0100, Michael Schmarck wrote:


In the context of online banking, where Windows of some flavour is the
desktop OS, I see a substantial risk arising through spyware and/or
viruses. I suspect that a neat way to mitigate this would be to run
an OS from a CD which offers nothing more fancy than a basic
web-browser.

Is there anything like this already available?


DSL should come fairly close.


Dillo doesn't work with the online banking sites, and many others, that I
tried.



Basic web browsers do not have the javascript, Java (and soon enough flash?)
functionality that the majority of banking sites require. Wouldn't Knoppix
with its Firefox and equivalents do the job for you, after you set root and
knoppix passwds? BTW, Konqueror will also work with many banking sites, but
you may need to change the browser agent identification, treatment of cookies
and so on. YMMV.

I've had some success (one of two sites) with the opera browser. Free as
in beer.

--
gentoo-user@lists.gentoo.org mailing list
 
Old 02-07-2008, 10:43 PM
Mick
 
Default Horribly off-topic linux distro question...

On Thursday 07 February 2008, Håkon Alstadheim wrote:
> Mick wrote:

> > Basic web browsers do not have the javascript, Java (and soon enough
> > flash?) functionality that the majority of banking sites require.
> > Wouldn't Knoppix with its Firefox and equivalents do the job for you,
> > after you set root and knoppix passwds? BTW, Konqueror will also work
> > with many banking sites, but you may need to change the browser agent
> > identification, treatment of cookies and so on. YMMV.
>
> I've had some success (one of two sites) with the opera browser. Free as
> in beer.

The original post was about security rather than browser compatibility, but
for what it's worth Opera can leave fewer traces behind than other browsers
do. I also use Opera to check online banking sites and have similarly had
success with more than a couple of them. However, I had to mask the user
agent as MSIE, or lately Firefox for it to work properly.
--
Regards,
Mick
 
Old 02-08-2008, 02:22 PM
Hans-Werner Hilse
 
Default Horribly off-topic linux distro question...

Hi,

On Thu, 07 Feb 2008 13:05:00 -0500 7v5w7go9ub0o
<7v5w7go9ub0o@gmail.com> wrote:

> - The SSL connection is established within the Linux VM, so all the
> host sees is an encrypted connection to your bank.

Wrong: It will also see all the virtual memory the virtualized machine
is using, including those parts containing your precious unencrypted
data. All you win by using a VM is that you don't need to boot into the
OS (which might be impossible on some public terminals while running
qemu might work).

-hwh
--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 01:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org