Can Ubuntu Save Online Banking? 462
CWmike writes with a pointer to this ComputerWorld mention of an interesting application of Live CDs, courtesy of Florida-based regional bank CNL: "Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu bootable 'live CD' discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL's Web site. 'Everything you need to do will be sandboxed within that CD,' [CNL CIO Jay McLaughlin] says. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking." (But what if someone slips in a stack of doctored disks?)
Reply (Score:5, Funny)
(But what if someone slips in a stack of doctored disks?)
What do you mean, like a disk that would boot Microsoft Windows instead?
Re:Reply (Score:5, Interesting)
Hence, if you're too lazy, don't have the knowledge or it isn't economically viable to get someone in that can secure and configure your computer system, this seems like a sane alternative that makes it a bit harder for a black hat to come in and pillage your account.
Re:Reply (Score:5, Insightful)
Re: (Score:2, Insightful)
I believe you, obviously a technical person, are free to set up a VM.
However, Joe Average won't care to setup or purchase a VM for his current operating system, but will settle for rebooting and losing maybe 30s of productivity for it.
Re:Reply (Score:4, Funny)
Re: (Score:2, Informative)
Then boot the live cd in a VM... Jeez...
Re:Reply (Score:4, Informative)
I'm wondering: If I'm running WIndows, and setup the bank's Linux in a VM, am I still vulnerable to windows's trojans and keyloggers ? I would guess Yes, because keystrokes go WIndows -> VM manager -> Linux VM ? Or not ?
Re:Reply (Score:4, Informative)
A VM is just a program, so any keystrokes will be sent to both the VM and whatever other program feels like it needs them. What you won't have, however, is contextual information - it's not as easy to tell when you're typing in a password in the VM from the host.
Re:Reply (Score:4, Insightful)
Bullshit, the infected host just watches the guests network traffic to see when it goes to mybank.com.
VM guests are not secure from the host.
Re:Reply (Score:4, Insightful)
All banking sites use HTTPS. So simple traffic listening won't help you.
You'll need to do man-in-the-middle attack, and that's not simple. On Windows you'll have to do it in the kernel level, probably even below the TDI. Doable, but extremely hard.
Re:Reply (Score:5, Informative)
DNS is not encrypted. All they would have to do is record the dns requests and they would know when you are looking at mybank.com.
Re: (Score:3, Informative)
No, they'll still be unencrypted. DNSSEC just signs the data so you know it hasn't been tampered with.
Re: (Score:3, Interesting)
OSK, eh? I don't know about modern keyloggers, but Back Orifice took posturized screenshots 128px square centered around the mouse at each click without users noticing in the days of dialup.
Re: (Score:3, Interesting)
1> Keylogger screenshots are faster than Javascript taint/redraw cycles
2> increase from 128px squared to full client area which has click focus. Even if redraw were faster than screenshot, you'd get a view of each OSK layout paired with cursor position. The correct OSK key is either under the cursor this screenshot, or last screenshot.
From a size perspective, you can grab WSXGA screenshots at 12kb per change base (tiff group 4) and 5-7kb per frame (gif) which may have been hefty in the nineties but ma
Re: (Score:2)
It's ultimately probably a better idea to have to boot into it rather than using something else as it makes it more of a deliberate process. A bit of a pain, but more deliberate in nature. Anybody that can't figure out how to work around the reboot limitation shouldn't be doing so anyways.
Re:Reply (Score:4, Informative)
You do realize that all Virtual Machine guests are not secure from the host right? or that it would be trivial to screencap/input capture the guest?
Re:Reply (Score:4, Insightful)
At some point, at least for banks and accounts with real money in them, it will become economic to ship dedicated appliances and skip the LiveCD/reboot/hardware incompatible/etc problem entirely. There are several possibilities: Imagine, for instance, something like the Beagleboard [beagleboard.org], but stripped down(no need for that fancy CPU or most of the I/O, something cheaper can load the bank website), and locked down: sealed in a tamper evident plastic box, CPU has on die verification of the bootloader, bootloader will only load signed system image, etc. All that tivoization stuff that gets the Trusted Computing Group excited. Should be under $100, possibly even under $50, in reasonable volume and nigh impossible to crack by software means(and hard to crack by hardware means without the target noticing. It doesn't really matter much if some hobbyist manages to crack his own, with prolonged physical access, that is his business). Just plug in a monitor, ethernet cable, keyboard, and mouse, and away you go.
For the terminally clueless(no pun intended), for whom peripheral hookup is a bit daunting, there would be nothing stopping you from charging a touch more and shipping a whole netbook. Even full x86 netbooks can be found at ~$200 with fair frequency, and nasty little PDA-in-a-netbook's-body offerings have been under $100 for a while now.
If even networking is too much of a challenge, you could go the Amazon route of baking in cell access: with proper caching and/or the use of a dedicated application preloaded on the client, the amount of data transfer for most people's banking needs would be tiny(and banks love adding monthly fees, so I'm sure they could find some way to recover the cost).
Re: (Score:3, Interesting)
Re:Reply (Score:5, Insightful)
"Gives the user something physical to insert"
Except the netbook owners, whom have no optical drive.
Re:Reply (Score:4, Informative)
USB drive then?
Re:Reply (Score:5, Insightful)
>USB drive then?
If you're going to do that, then you might as well just make an intelligent crypto token that generates a sequence of numbers according to some known algorithm. The device should have a set of buttons (akin to a small PIN pad) where the user enters a known sequence of buttons on the device itself. Online bank software either queries the device directly as USB (which may introduce other security issues) or has the user enter a set of numbers from an onboard display, in addition to their username and password. A single PIN entry allows a single login session. For extra security have the user press a "confirm" button on the device and perform another verification every time money is transferred or other sensitive operations take place.
Prevents access via software keyloggers, because the buttons are on the device itself. Provides two-factor authentication, making phishing attacks a little bit tougher if done correctly. Should be reasonably cheap. And it's a lot more convenient than booting into another OS to do your banking.
Re: (Score:2, Funny)
You replied to that post without a smutty joke.
Congratulations!
Re: (Score:2)
You're doin' it wrong!
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Uhhh - wait a minute here. Ubuntu doesn't "just work"? The most problems I've had were getting video cards to work like they are supposed to. Damned ATI drops support for this card or that, then you have to jump through hoops to get your hardware acceleration.
But, if you're booting to a secure OS specifically for the purpose of doing online banking, what need is there for super graphics?
Next most common problem is the WIFI card. Whoever distributes the CD needs to ensure that 99.9% of all WIFI cards are
Re:Reply (Score:5, Funny)
(But what if someone slips in a stack of doctored disks?)
Well don't leave 'em layin' around on the floor and no one will slip on them.
Re:Reply (Score:4, Funny)
What do you mean, like a disk that would boot Microsoft Windows instead?
I think they meant AOL disks.
Re:Reply (Score:5, Informative)
This is rated "funny" - but it's really not. I read a story about a credit union, in Texas I think, that found a bunch of CD's had been distributed to customers. The label claimed that they were distributed by the credit union, and that they contained software with which to securely connect to the bank. And, of course, the contents were just a trojan.
I kind of thought the story was covered here on slashdot, but I could be wrong.
Ahhhh - here we go. Someone tried to pass it off as "pentesting" in the slashdot story:
http://it.slashdot.org/story/09/08/27/2331201/Hackers-Or-Pen-Testers-Hit-Credit-Unions-With-Malware-On-CD?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+(Slashdot) [slashdot.org]
Re: (Score:2)
How is cross-domain XmlHttpRequest() a good thing, although, how is it a bad thing?
Re: (Score:2)
Re: (Score:2)
But if the Live-CD is *only* used to access the "safe" bank site and it's only On ten minutes every couple of days it would be much harder to attack.
Personally, I won't need this: my bank uses SMS confirmation codes.
Re: (Score:2)
DVDs are cheap enough that just putting up a message "Please pick up a new DVD." would work.
Re:Why uses a PC to do banking? (Score:5, Informative)
The point of the LiveCD is that there it is rather difficult for hackers to compromise (owing to the physical, unalterable nature of the disk image). It has nothing to do with obscurity--the point is that each time they boot a verified, trusted disk image and then go straight to the bank's website--without a keylogger in the motherboard there aren't really any useful attack vectors.
Re: (Score:2)
* Downside is that of course any IP change will require new disks to be sent out.
Re: (Score:3, Interesting)
If you're distributing your own discs, you could just use DNSSEC and include the cert needed for verification on the disk itself. Similarly, making your own CA isn't really a good plan if you want to serve customers who don't have this disc, but the disc can have no CA certs installed on it and just have the verification data for your site.
Re: (Score:2)
Re: (Score:3, Informative)
If all the disk has to do is go to https://mybank.com/ [mybank.com] you can do all sorts of draconian but secure stuff: Disable loading any non-SSL page or element. Trust only your own cert/CA. Remove any option to approve an exception. Configure the firewall to block any and all traffic that isn't either a DNS(SEC, preferably) lookup
BIOS (Score:2, Interesting)
What about infecting the BIOS?
Re: (Score:3, Insightful)
I always keep hearing that claim. I've never found one and actually never heard of one reported in the wild.
As for the article: Online Banking has worked perfectly fine the last years.... At least for me :-) It needs no saving...
Re:BIOS (Score:5, Interesting)
They could ship you a free NetBook w/ CD.
Don't mod me funny, I'm serious. Like maybe a $100 little book running Linux, automatically set to keep itself up to date to eliminate hundreds of millions of dollars in cybercrime. The banks would own it, maybe even lease it to you for a $2 banking fee for having an online account with them. When you don't need it anymore or switch banks, you give it back to them and they would wipe the BIOS and system and reuse it.
In fact, they could probably even make the netbook cheaper by not including a hard drive. Just boot from USB or CD, maybe even a small USB traveldrive installed internally inside the case itself. The USB ports could be removed or completely disabled, no CDROM drive included, no HDD, etc. It becomes more or less a dumb terminal whose only purpose is to connect to the bank on boot. And, in addition, sandboxed to not allow any other applications to run besides the required startup items.
Just checked and it looks like Gateway sells a $49 netbook, found it on CNETs list of netbooks when I sorted by lowest price. And, that's *consumer* price, if the banks bought in bulk they'd even be cheaper than that. If they banks told them they didn't want USB ports (except the internal one), no harddrives, etc. then it would even be cheaper. I bet they could get them for $25 or so apiece in bulk for say 1000 units. That's not much cost to essentially eliminate the wholesale highway robbery of people's accounts that's been going on. The savings would be pretty enormous. Offset that with a small lease fee like I suggested above and its a win/win for everyone involved. Not to mention it would help Gateway out of its slump.
Gateway LT2016u (Verizon Wireless) Specs: Intel Atom N270 / 1.6 GHz, 1 GB, 160 GB, Microsoft Windows XP Home Edition, 10.1 in TFT active matrix, 3 lbs
Re:BIOS (Score:4, Informative)
Re: (Score:2)
People already do this with their cellphones, though the security of those is somewhat easier to compromise.
Re: (Score:2)
Link to that $49 netbook?
Last I checked those kinds of prices on atom machine were subsidized and tied to a contract with a 3G provider.
Re:BIOS (Score:4, Insightful)
I think so too, the grandparent has some issues with reading comprehension ;-)
Re: (Score:2)
Exactly, except here in this example the books are subsidized and tied to a contract with a bank.
Re: (Score:2)
"They could ship you a free NetBook w/ CD."
How many netbooks actually come with an optical drive?
Re: (Score:2)
How about a USB pen drive writing port on the cash machine?
You stick your pen drive into a USB port, type your pin and it
updates your install complete with an optional personal key?
Re: (Score:2)
That would be a subsidized price. You'd have to tack on a $60 a month data plan for at least 2 years in addition. A netbook with those specs is generally around $300.
Re:BIOS - CC sized card with on-board OS (Score:2)
What I have had in mind for a long is something even more mobile - a credit card sized micro computer with a number pad and a simple LCD display. Sortof like a calculator.
The OS on that has the public key of the bank and it has it's own private key for the owner (and the bank the corresponding public key). Thus it could use any medium to communicate with the bank, no matter how insecure. Maybe via a USB-dongle which you attach to the PC you are using. For online banking, you just go onto the bank site, no l
Re: (Score:2)
Oh god, why? Talk about over-engineering and waste of money and resources.
Just send an SMS for any operation over X dollars and send the netbooks to some poor kids.
Re: (Score:2)
Convenience? (Score:5, Insightful)
Isn't the point of online banking that it is convenient? And easy? For me, booting from a Live CD may be a piece of cake, but for a lot of people, it's far from that.
Even if it is a great idea, 98% of the population won't latch on to something like this, and the 2% who might are probably already running linux
Re: (Score:2)
Re: (Score:2)
It will be inconvenient, both for the user and for the bank. Many people do not have their systems set to boot off of the optical drive by default, so the bank would be expected by the user to provide technical support for that change. In addition, users are not going to happily accept the idea that they have to stop their music, save their work in various applications, and close down their browsing sessions to reboot (a process which for many people is not a short experience) just to check their bank bal
Re: (Score:2)
Loading Ubuntu could be easy, but have you ever tried teaching someone over the phone how to use their BIOS?
Methinks the set of people who are clueless about security doesn't overlap much with the set who know how to boot their machine to an alternate device and log in to their wireless network in Linux.
Re: (Score:2)
Possibly?
If the host is compromised the guest is worthless.
Virtualization does not protect the guest from the host in any way.
Re: (Score:3, Insightful)
How to really advocate FOSS ... (Score:3, Interesting)
I don't think its a question of difficulty. It would be a total pain in the rear if I had to reboot every time I wanted to get on my bank's website. Or do I keep a dedicated bank terminal ready to got at any instant?
Actually, yes, you could have a "dedicated bank terminal". Take the old PC that is getting replaced, boot from the Linux cd-rom, use it for banking, and let the family screw up the new computer with trojans and malware while you enjoy relative peace of mind. I know a few families that have gone this route. They could care less about FOSS and its philosophies or politics, they just like the practicality of the solution. This is how FOSS can make inroads to the public, through practicality, not through id
Re: (Score:3, Interesting)
How about an ultra cheap ARM such as the 80$ Menq's Easy PC E790 [menqgroup.com]?
With their custom OS pre-installed, I'm sure many people would like a dedicated "secure terminal" instead of having to deal with issues in their everyday PC.
Takes up much less power and is faster to boot (flash based) than an old pc. They could even try an ARM tablet or such.
Re:Convenience? (Score:5, Insightful)
Re: (Score:2)
Not to mention that many people don't have CD players in their computers anymore.
Re: (Score:2, Insightful)
And even fewer systems are set to automatically set to boot from CD automatically, and the options to change it are usually located in the BIOS.
Would YOU want to be their tech support guy, who would have to know how to modify the boot order on every model and make of PC or Mac that was built in the past 10 years? And heaven forbid getting a customer sets the boot order wrong, and then they can't get back into Windows when they remove the boot CD. You know damn well that they'll blame you for "breaking their
That was my first thought, but. (Score:2)
That was my first thought, but I'm also old enough to remember having to drive to the bank and wait in line. It's far more convenient to reboot with a CD in your PC than it is to go to even an ATM machine. With the proper marketing this could go a long way towards reducing online fraud.
Re: (Score:2)
But if all banking is done on a live CD which is only used for that purpose then attacking it will be quite difficult.
Re: (Score:2)
If the vmware host is infected the guest is not safe. A virtual machine is useless for security from the host.
Re: (Score:2)
Temporary password is pointless, if the PC is infected it could use the bank website after you login for it.
Interesting, but what about users? (Score:4, Interesting)
The majority of users I have contact with resent having to enter passwords/user-verification at all. With banks they do, often at least, appreciate the value of the process. But they still take every opportunity to minimise the process, so what're these users to do when they can't have Firefox (et al) save their username/passwords?
Personally, I'm thinking they'll go back to using Windows, which can't be reasonably prevented by the institution, without cutting off a large user-base. Still, a nice -and, to me, novel- idea.
The disk is a token? and etc. vs et al. (Score:5, Informative)
You could use token authentication and just allow the disk to keep a cookie that logs them in with minimal interaction (either nothing or a short password like their pin).
Also, just thought you might like to know... Et al. is short for et alii and translates literally as, "with others." etc. is short for et cetera and translates roughly as, "with other objects". There is a people/things distinction. So if the other stuff is people, "et al." and if the other stuff is things, "etc.".
Important question (Score:2)
(But what if someone slips in a stack of doctored disks?)
The important question is will the entire endeavour decrease the amount lost through fraudulent OLB transactions, and if the cost (producing the disc, customer dissatisfaction of having to use them etc.) is worth it for the expected decrease in fraudulent OLB transactions. In order to understand this you'll have to analyse a whole bunch of 'what if' questions, and the one above should certainly be one of them.
(OK, sure in reality the bank might expect to see a benefit from appearing to go out of their way t
Utah does this... (Score:5, Interesting)
Lots of Utah state government employees who work from home (for example, people who do data entry for Dept. of Workforce Services). It's worked pretty well, bypasses a lot of problems.
Why Ubuntu? (Score:2)
Re: (Score:2)
Wrong problem (Score:2)
Theory vs. Reality (Score:5, Insightful)
Re: (Score:2)
Great idea! (Score:2)
If I was into phishing I'd build such a CD (pre-set to my spoofed bank site of course) right away and mass-mail it out to everyone with instructions on how to use it. Pick a big bank and you should get enough hits to make it worthwhile the CD printing cost!
Or, how about let's not do this? Technical "solution", social problem. Good luck...
Technical problem (Score:2)
Re: (Score:2)
Stop using the adobe pdf reader. Why in the blue blazes would you use windows and adobe pdf reader?
Brillant! (Score:2)
That's a great idea.
Especially since the technology for building your own pre-owned version of Ubuntu, writing it to a CD-ROM and then printing a bank logo on it is very complicated and expensive and thus completely out of reach of all but the most well funded banks and governments, so we won't ever see anyone tampering with this process.
Simply brillant.
Meanwhile....back at the ranch (Score:2)
Microsoft has cut a deal with China Construction Bank, [wikipedia.org] the second largest bank in the world [by market capitalization.]
Microsoft China on March 23 inked a MoU with China Construction Bank, the nation's biggest real estate and mortgage lender, on strategic cooperation.
Under the MoU, both sides will build a new generation online banking IE browser on the base of Windows Internet Explorer. In addition, they will jointly solve problems regarding to certificate management, browser safety monitor system allocati
Security updates / patches (Score:2)
Unpatched Firefox for online banking? No thanks! (Score:2)
Unless they plan on sending you a new Live CD every time a new Firefox or Linux kernel security bug is patched, many users would be vulnerable to attacks within a few months of this CD being released. A smart phisher will eventually construct an effective "man in the middle" style style attack using whatever security holes are discovered, and the bank would probably take at least a week to develop, test, and ship new CD's that have the issue patched.
Re:Unpatched Firefox for online banking? No thanks (Score:5, Interesting)
Unless they plan on sending you a new Live CD every time a new Firefox or Linux kernel security bug is patched, many users would be vulnerable to attacks within a few months of this CD being released.
Er, no. If you've got a distro with no open ports, firewalled as well, that can only get to a single IP address on port 443, which doesn't let you connect unless the remote server's SSL cert is signed by the bank's CA which is the only one in your browser's CA list - where does the vulnerability come from?
Trusted computing (Score:2)
this would be a reasonable use for a trusted computing platform. It is ironic that the big companies discredited the method by not protecting the user and his rights but getting wet dreams about doing drm (and then fucking it up even for the people willing to live with it).
Seriously. Booting from a CD without an additional authentication mechanism does not solve the problem. Ii is just a fix to the fact that on nowadays computers, the way which code gets installed in the system is still an pretty undefined
Alternative (Score:2)
This could work, if.. (Score:2)
If the banks simply created a custom disk for every customer, that included things like passwds, accounting software, etc. It would not be such a pain and people would try it. The feeling of security that the bank and the customer would get out of it would be worth it.
The only downside is that the disk itself could be stolen, but then so can your bank card or visa. The other obvious problem is that people may think that the reason the disk is safe is because it's Ubuntu and just install it on disk, and t
FFS (Score:4, Insightful)
If you are going to go to the expense of creating and distributing physical media, just implement two-factor authentication.
SECURITY NERD RAGE! RAUGH!
In my opinion, pressing a little button on your bank-branded, credit card-sized PIN generator (such as the ones I have from Bank of America and PayPal/eBay) you keep in your wallet next to your credit cards and ID is waaaay easier than trying to remember what bullshit answer I gave to yet another off the wall "security" question. It's clearly much more secure.
My bank uses my cellphone for authorization (Score:5, Insightful)
My other Dutch bank ABN/AMRO uses some kind of calculator thingy that provides a transaction number based on a value you receive from the banks webpage.
The same ING bank also provides a very simple system where you have a sheet of paper with transaction numbers, and the webpage just asks you for your next TAN code.
What do all these have in common? Right, a separate transaction authorization outside the browser. How hard is that?
Re: (Score:2)
Actually you can install apps in and update an ubuntu live session, they just all disappear on reboot when using a cd.
Re: (Score:2, Insightful)
Sure, but who's likely to sit down and download 100mb worth of patches each time they want to check their BofA account balance?
Re: (Score:2)
No one, which is why live usb sticks that only allow install from the repositories would be much better.
Re: (Score:2)
If the only site you are visiting is the bank, I'd say the chances of getting compromised by a drive-by attack are greatly reduced.
Re: (Score:2)
Very few people will visit 'only the bank,' especially if they're just quickly checking email (or whatever), and don't want to have to reboot and log in first to do so.
Re: (Score:2)
They could issue the CDs with a small proxy (e.g. polipo) configured to just allow access to the bank.
Re: (Score:2, Informative)
Yep, security could be enforced if we made people walk into a bank with two forms of photo-id before they could do anything....
Re: (Score:2)
Re: (Score:2)
If the OS is compromised that is worthless, it can forward the keys in realtime and fake the entire bank website, or hell wait until you login and then let the phiser do whatever he wants.
Re: (Score:3, Funny)
remastering the image (Score:3, Informative)