Q & A
1. What is the point?
- Many business owners have had their bank accounts wiped out (via wire xfer). They do not get deposit insurance (it's only for individuals)
2. Why Linux and not something else?
- Linux is free. OSX is a good alternative, but it ain't free.
3. Why CD and not USB?
- CD is read only. Just a little extra precaution
4. Why not use those little FOBs that show a different password every 30 seconds? (Two factor auth)
- Cause you can get around those. Trojan can create Firefox plugin. Rewrite bank website homepage so you put in account number and password on homepage (instead of split over multiple pages). Trojan transmits this to its master, then logs you into bank. I've even seen trojans that will rewrite your bank account balance info so you don't know your money is gone til it's too late.
5. Why can't I run linux in a virtual machine in windows?
- Key loggers
6. But the LiveCD won't always be up to date
- True. But we're talking about using Linux and Firefox to browse only your bank's website. And your bank should send you a new disk every 3 months or so.
7. What about Windows PE off a CD?
- I guess. But I'd feel safer with Linux.
8. What else?
- DNS poisoning might be a problem. You might want to consider an old school dial up connection directly to your bank
- Make sure you close your browser immediately after logging out of your bank session
- If your BIOS gets rootkitted, you are SOL