Is linux safe for online banking?

Discussion in 'all things UNIX' started by StrangerGuy, Nov 24, 2012.

Thread Status:
Not open for further replies.
  1. StrangerGuy

    StrangerGuy Registered Member

    Joined:
    Jun 9, 2012
    Posts:
    18
    Hi, I want to know that is online bank is safe in linux?
    Linux os like mint,ubuntu and zorion i want to try.
    Do there any software like trusteer rapport for safe online banking in linux
    Thanks
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    As safe as it can be.
     
  3. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I bank on-line with Slackware Linux.
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi StrangerGuy,

    The question you should ask yourself is whether the Bank uses Windows software (probably guaranteed) which is what makes them crackable by the criminals that engage in thievery.

    The security of Banks which almost all use Windows is horrible - there are very many bank intrusions that are not made public. It is not whether you access your bank via Linux (if their software can handle another browser than Internet Explorer), it is whether they have already been cracked into. If you ask them - they probably won't tell you the truth - that I would not expect any local branch office to know about anyway.

    I only bank in person - never online - its a trust issue, and I do not trust banks that use Windows software.

    -- Tom
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    If they're not made public, how do you know about them o_O

    The ones that have been made public, of late anyway, are DDoS attacks, which only cause inconvenience to customers; they are not actual "hacks" as some news sources have inaccurately claimed.

    Linux should be fine to use, especially if Firefox w/NoScript is used, only allowing the banking domains.
     
  6. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    I have a dedicated card for use online, that card is a debit card so I have the ability to keep a minimal amount and fill it when I need to buy something. Otherwise like Lotuseclat, I bank in person.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I worked for Citi bank. They have massive PR teams dedicated to this stuff. It's why you don't often read about bank robberies, and when you do it's usually buried in local news. Two of my co-workers had been in robberies at separate branches, it happens quite often.

    Not sure how often banks are hacked, but they absolutely do bury stories.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    What interests me is how often they are hacked, as in directly stealing funds or customer data. Probably next to nil with reputable banks at least. I would be willing to bet that most theft of any kind is likely social engineering in the form of phishing emails and reflected XSS via emails as well.

    I see no problems banking online if the proper procedures are followed such as accessing the bank's site directly from a trusted machine, no email links, no public locations, and using some form of scripting control in the browser.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Bank security is awful. ATMS run XP Professional SP2 and are network capable. Most attacks occur through hardware that attackers have attached to the ATMs.

    I think banking online is fine. But I'd use no script.
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I see no problems with it either. For one thing, I don't think there is much anyone could do online without it being traced somehow, and secondly, I've been told by the banks that if any fraud ever did take place, they would reimburse what was taken or missing. So I think it's a non issue to some extent. If you read the bank's online info, they also "guarantee" your online safety and so on. In other words, if something goes wrong, they'll back it. How can you go wrong in that case?

    Edit: So yes, I do think linux is plenty good for online banking... :)
     
    Last edited: Nov 25, 2012
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Sure, Linux may work for online banking, but you need to ask yourself - is there a MITM (Man in the Middle) attack happening when you bank online?

    -- Tom
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Should we live in fear every day of something that most likely will never happen?
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi Kerodo,

    Your belief that a MITM attack most likely will never happen (while you are online banking) is at best naive and at worst naively dumb wishful thinking about a serious security issue.

    Do you have any evidence to back up the POV that it most likely will never happen?

    What security do you have in place that detects and prevents it?

    The issue has nothing at all to do with fear - but rather, preparation for a worst case scenario.

    -- Tom
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I have been doing online banking for over 6 years my friend, and never ever once have I had any problems or issues, and this done in Windows I might add. I'd call that a pretty good track record. And in addition to that, if anything ever did happen, my banks would replace the funds. So tell me, what is there to worry about? :)

    I realize that a lot of people here at Wilders are paranoid in varying degrees, and that's fine. I have been online for over 17 years and never once been compromised or had any virus or malware issues...

    Some like to worry, and some realize you don't need to.... To each his own, right? :)
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    When banking from home, especially on a wired network ...how so?
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    MITM attacks, while entirely viable, are not likely, as without access to things like what your ISP has access to you'll only be able to compromise specific users/ accounts.

    So your ISP/Government could MITM you. And if you're on a large public network you're more vulnerable, again. But that's not as likely as keylogging malware (which still isn't that common because keylogging is unreliable for profit).
     
  17. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    http://www.mid-day.com/news/2010/de...urgaon-notice-issued-relationship-manager.htm

    Not exactly related but still a sobering thought about so called bank security and don't forget Barings bank and HSBC in recent times.
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Makes sense, and kind of what I've figured.
     
  19. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Bank websites can be compromised. Mine was. In Windows.
    iFrame containing script to connect to a russian trojan-installing site was caught by Avast and visible in Opera's source view. Whether the trojan would succeed installing in Linux, I don't know, probably not.
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ubuntu comes with an Apparmor profile for Firefox, which I'd suggest enabling as it will prevent/restrict exploits. That + NoScript is ideal for banking.
     
  21. StrangerGuy

    StrangerGuy Registered Member

    Joined:
    Jun 9, 2012
    Posts:
    18
    Thanks all for your suggestion all I learn is better to go and pay bills at the center :D
     
  22. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    As someone who has been the target of MiTM attacks i'll say a few things. They have Man In The Middle trigger machines that make it easy to MiTM, any agency worth their salt will have them. They also have stingray's (google it) for pulling wireless information where they can intercept all communications between your local cell tower and you.

    Now they just really want to peak at what your doing, they really don't want to drain your bank account. Just peak at your email to see who your communicating with. So I wouldn't be worried about my money, anyway banks will replace the money in 99.99% of cases where fraud occurs. I also don't think western governments are allowed to by law raid your bank account unless your supporting terrorism or drugs so you should be in the clear.
     
  23. BrandiCandi

    BrandiCandi Guest

    There's a lot happening in this thread. It can all be summed up in two categories:
    -Things that you can control as a banking customer.
    -Things that you cannot control as a banking customer.

    You can't control whether your bank properly secures the web applications they use on the web page. You can't control how the bank handles your account number and password. I don't see the point in worrying too much about the stuff you can't control.

    What you can control is how you handle your password & account number and your own computer. So my advice to Stranger Guy is to just focus on that stuff:

    1. Never ever conduct on-line banking from any public or free wifi. Ever. Under any circumstances. (That will avoid the man-in-the-middle attack mentioned.)

    2. When you plan to bank on-line, first clear the internet history in whatever browser you're using. Start with a freshly-opened browser. Don't browse from Facebook to your bank. Open the browser, go directly to the bank, do your thing, then close the browser and clear the internet history again after you're done. This will reduce the chances of someone stealing your password/username through the browser. Many browsers can be configured to delete history upon exit automatically so you don't even have to think about it.

    3. Keep your operating system and software updated always (whether it's Linux or not).

    4. Like others said, you can block scripts in your browser. However, if your bank is anything like mine then they use 20+ scripts per page and it won't function properly if you don't allow the scripts. So theoretically it's a good idea to block scripts. But in practice I don't know how to do it effectively and still actually use the bank website. I had to whitelist all the scripts on my bank website in NoScripts.

    5. DON'T use a live CD for banking. They cannot be updated so they're not more secure.

    6. Make sure the password you use for your bank account is unique. Don't use it anywhere else. Use more than 9 characters (upper & lower case, numbers & special symbols) if you can.
     
  24. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425

    Disagree. A LIVE CD should be safe, if you only use it for banking. Not much you can do except MiTM a LIVE CD. You can't write to disk, can't write to BIOS as far as I'm aware.
     
  25. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677

    i disagree on 3 and 5 point 1st when i use live cd

    i go direct to my bank site so even if its old system it dosent mean its Vulnerable and its not secure if thats rule then redhat and its clones are most Vulnerable system on earth but they are exatly oppsite

    2nd i know my live cd is tamper proof because it writed even i use same cd on bank site or warez site they cant inject a rootkit in it where they can do that to updated so called fully patch system.

    but yes i agree when you do banking just boot fresh live cd/dvd and do banking nothing else i find this more safer.

    now to prove my point for shooping online banking it wont take me not more than 3-5 min let say i give you 15-20min or 30 mins and (i tell you my ipaddress) you have to find which OS i am using what vulnerabilities i have and how you attack on my system and then launch a real attack on specific target machine.

    in This case i give you my IP address but in real world you have to find my Ip too

    now i wonder can you be (Miss swordfish) i also play a background music for you if you like :D

    any hacking can be done can be done 5-6 phases on specific target by the time you can reach 5 phase it would be 2-5 hours to months/years trust me

    and i can tell because i join CEH because of inspiration of so called funny movie SwordFish where a Monkey Clicks on Keyboard and Mama Mia .............. Magic happens but in real world nothing happen LOOL

    but after that now i know diffrence between real world and movies :D
     
    Last edited: Nov 27, 2012
Loading...
Thread Status:
Not open for further replies.