LiveCD best way to access banking accounts?

Discussion in 'other security issues & news' started by shinysecure, Dec 12, 2009.

Thread Status:
Not open for further replies.
  1. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    I try to be rather secure and am trying to come up with some better options for my whole family by reading a lot on this site however, for the time being I have a question.

    What around peoples opinions on using an Ubuntu liveCD for banking and such.
    I have an old comp with no hard drive.. basically the plan would be turn it on... load ubuntu off the cd, go about business, restart.

    Ideally it could be used for banking and a comp for younger people in the house to mess around on.

    What about updates? for booting up and going to 3-4 banking websites only is burning a new ubuntu every 6months sufficient?

    Thanks for any opinions on the matter, learning a lot from the forums.
     
  2. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    Disclaimer: no expert

    There is something to say for a LiveCD, Ubuntu or not.

    But you also want to allow people to 'mess around on' the same computer ? How would that work, would they use Ubuntu ?

    In a way it would be safe, as long as the computer looks for the CD first (usually set in BIOS). But no harddrive ? What kind of storage medium do you use ? You would have to check for 'exits', or 'gateways', meaning no plugged-in USB sticks, non-networked computer (beware file and printer sharing), noone looking over your shoulder when you do online banking, beware of hardware keyloggers etc.

    But maybe you should check first the (legal and other) requirements of your bank, relevant laws. If something goes wrong, who is liable, you or the bank ?
    What kind of security measures are used ? Just a login and password ? That's not safe. You'd have to be careful about man-in-the middle attacks and perhaps other issues.

    I do online banking, no LiveCD, just a login, password and a 'third token'.
    As far as I know I'm not liable as long as I'm careful with those three, and there is no way to bypass those three.
    Of course, my computer is always clean, and if I suspect it isn't I just restore an image. And I always do a full reboot before and after online banking.

    There are many options.

    But if you really have a lot of money you should be careful and study the issue, perhaps refrain from online banking at all.
     
    Last edited: Dec 12, 2009
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't see anything wrong with your method. It's simple enough to use imo.

    While i don't see any immediate need to update every 6 months, it is also a simple way to ensure compatibility with new websites, or updates in said websites (new flash version needed, javascript, html, and so on).

    If it makes life easier for you, i say go for it.
     
  4. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18

    Thanks for the responses, just wanted to make sure a livecd was a legitimate option if it was not always 100% up to date but only used during the session for banking. Any other thoughts are welcomed.
     
  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Using a liveCD is comparable to using a virtual OS, though I would think the liveCD is a bit safer since it can't be "broken" out of. Of course, you have to be cognizant, as the guy above said, of MITM attacks and SSL forgeries, etc. This is something that is beyond local security.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.