Tag Archives: Online Banking

It’s Banking Day at the Ranch and a Linux Live CD is in the Saddle!

I’ve maintained for years, that I treat my Windows machines as if they have already been compromised – a position that has left me open to some criticism. I’ll take the criticism – I’d rather be safe than sorry.

If you’re a regular reader of Tech Thoughts Daily Net News column then, you’re probably aware that the following items from last week (below the break), are not in the least unusual. In fact, notification of security breaches, or unpatched vulnerabilities that are weeks or months old, are now commonplace.

A legitimate question is – how likely were you to have been affected by any of the unpatched flaws – as noted below – or, the scores of similar long-standing vulnerabilities published in Tech Thoughts Daily Net News over the last few years?

I’ll grant you that “not very likely”, is a reasonable assumption. Still, the question remains – how do you know that you’re not already compromised by a yet to be disclosed vulnerability? Something to think about.

————————————————————————————————–

Eight-month WordPress flaw responsible for Yahoo mail breach: Bitdefender – A cross-site scripting flaw that saw some Yahoo email users lose control of their accounts has now been traced back to a WordPress installation that was not patched for at least eight months.

Serious security holes fixed in Opera – but Mac App Store users left at risk again – It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible. But… what if you didn’t get your copy of Opera from the official website? What if, instead, you acquired your version of Opera for Mac from Apple’s Mac App Store?

Symantec denies blame after Chinese govt hacks The New York Times – After one of the world’s most famous newspapers points the finger at Symantec for failing to protect its network against a four-month long Chinese cyberattack, the security firm returns fire –

Symantec:

“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.”

I found Symantec’s response more than interesting. This is the first time that I can recall, that a major security vendor has gone on record and suggested that their product, as a stand alone solution, should not be expected to identify and contain each and every conceivable threat.

I couldn’t agree more and, I have made that point consistently, for years.

—————————————————————————————————

Initially, I had no intention of writing such a long introduction to a simple review – but, my continuing disappointment in the computer technology industry as a whole, whose overall response to an epidemic of criminal activity, runs along the same lines as that old time movie – Jaws – in which one of the plot lines revolves around keeping people in the water (despite the evident danger from a Great White shark) since to do otherwise, would be bad for business, got the better of me. Perhaps not the best analogy – but, it works for me.

I have a sign on the wall above my desk that reads – Bullshit in = Bullshit out. I can’t think of a more fitting epitaph for the current state of affairs in an industry rife with misinformation, misdirection, hype, and sheer outrageous bullshit.

I’m not a gloom and doom guy – but, market forces are such, that a little crystal ball gazing has convinced me that the status quo is as stable as the Rock of Gibraltar. In other words, if you want to be safe on the Internet, then accept the fact that you’re on your own.

—————————————————————————————————

It’s Banking Day at the Ranch and a Linux Live CD is in the Saddle!

While connected to the Internet, just like you, I face exposure to Trojans, spyware, viruses, phishing scams, identity theft, scam artists, schemers and cyber crooks lurking in the shadows, just waiting to make me a victim. Even so, the odds of me picking up a malware infection, or being scammed, are fairly low. Am I just lucky, or is it more than that?

To some extent I might be lucky – but, it takes much more than luck to stay safe on the Internet. For me – it really boils down to prevention. Preventing cybercriminals from getting a foothold by being vigilant and adhering scrupulously to fundamental security precautions, including –

A fully patched operating system.

A robust firewall.

Automatically updated anti-virus and anti-spyware software.

Increased Internet Browser protection through selected add-ons.

Encryption where necessary.

and, most importantly never forgetting toStop. Think. Click.

Despite all those security precautions though, there’s one connected activity that still concerns me – online banking. Regardless of the fact that I choose my Internet banking provider based partially on it’s low profile, I’m not entirely relying on this low profile as a guarantee that cybercriminals will not target my provider.

The inescapable fact remains; I am my own best protection while conducting financial transactions on the Internet. Frankly, I’m not convinced that financial institutions are where they need to be when it comes to protecting their online customers.

Despite my best efforts, it’s possible that malicious code may be installed on my computer – ready to pounce on my banking user account names, and passwords. Which is why, I have long made it a practice to conduct my financial affairs on the Internet via a self-booting Linux Live CD. Since a Linux Live CD is read-only media, the environment (running entirely in RAM), should be more secure than Windows.

I’m not suggestion that Linux systems are impervious to malware (I know better than to make that claim) – but, since the majority of malware is Windows specific, banking online through a Linux Live CD should offer a more secure environment.

If you can click a mouse – then, you’re good to go. It’s that easy. Today’s Linux distros are not your Granny’s Linux.

I’m not suggesting that you replace your Windows operating system and jump with both feet into Linux. That’s impractical. What is not impractical however is – running with Linux on those occasions when you do your Internet banking.

Recommended Linux Live CDs:

Puppy Linux – A complete operating system with suite of GUI apps, only about 70 – 140MB, and boots directly off the CD. I should point out that Puppy is my personal favorite.

Damn Small LinuxDamn Small Linux is a very versatile 50MB mini desktop oriented Linux distribution.

Fedora – Fedora is a fast, stable, and powerful operating system for everyday use built by a worldwide community of friends. It’s completely free to use, study, and share.

Ubuntu – Fast, secure and easy-to-use.

Lightweight Portable Security (LPS) – A Linux distro from the US Department of Defense. Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive.

24 Comments

Filed under Anti-Malware Tools, downloads, Linux, Live CDs, Online Banking

Bite Back Against Banking Bandits With Puppy Linux

image

Woof, Woof! That’s the sound of Puppy Linux as it starts. A good sound as it turns out; it reminds me as to why I’ve just booted my computer from this amazing little Linux distro – safety, security, and a substantially increased chance that I’ll hang onto the paltry funds in my bank accounts.

Puppy Linux is not a one trick pony – although, I tend to use it for one thing only (at the moment) – Online Banking. More on this in a moment*.

This is a very well trained Puppy:

Easy – Just use a CD or USB flash to boot a PC. Puppy Linux is downloadable as ISO, an image that can be burned to CD or DVD.

Fast – Because Puppy is small, it can live in your PC’s memory and be ready to quickly execute your commands, whereas in other systems, programs are first read from drive storage before being executed.

Save Money – Even if your PC has no hard disk (ex, broken hard disk), you can still boot Puppy via CD or USB and continue working. Old PCs that no longer work with new systems will still work good-as-new with Puppy.

Do More – Puppy boots in less than a minute, even in old PCs, and it does not require antivirus software. Administering Puppy is quick and minimal. With Puppy, you just have to take care of your data, which you can easily save to USB flash (Then forget about your operating system!). Your data can be read by other computers.

Do Magic – Help your friends suffering from computer malware by booting Puppy and removing malware from their PC (use antivirus that is built-in or can be installed in Puppy). Example – bad Autorun.inf is easily removed by Puppy (Just delete it as well as its companion exe program). If your friend thinks that she has lost data from her corrupted hard disk, boot Puppy and try saving her data!

Carry Anywhere (Portable) – Because Puppy is able to live in CD/DVD or USB flash, as well as save data to these same devices, you can carry your programs and data with you.

The Puppy Desktop – Not flashy; not eye candy – but functional and efficient.

image

In the following illustration, I’ve clicked on the Browser icon (SeaMonkey is the native Browser), to open this site. I considered showing my online banking connection – in a moment of madness.   Smile

image

*Not to be argumentative – wait, I will be argumentative. The Internet, and its related technologies (connected devices, and so on), has become a massive playground for outrageous hype and sheer BS. It’s like listening to a used car salesman. Nowhere, is this more evident than in the orbit of security technology.

Outrageous claims of “total protection” based on stale data; ranking security suites as if # 1 was truly more effective than # 2……

As if the premise is – system security is a static environment in which knowledgeable users operate in their own best interests.

As if cybercriminals are sitting still, and not releasing highly sophisticated attacks on a daily basis.

As if application vulnerabilities are not discovered virtually on a daily basis.

So, am I being argumentative just for the sake of it? Not bloody likely.

Qualys Inc. releases a Consensus Security Vulnerability Alert @RISK Newsletter on a weekly basis (to which I subscribe), that sets out the most recent vulnerabilities for which exploits are available in the cybercrime marketplace.

Here’s a small sampling of the latest –

Title: Trojan uses new C&C obfuscation technique
Description: The Polish CERT has observed a new Trojan spreading in the
wild via a number of different social media techniques. While not
particularly novel in that regard, this particular piece of malware is
interesting in the way that it contacts its command and control servers.
Instead of using the address provided in a DNS query response, the
malware takes that value and transforms it into a different IP address,
which is then used to contact the C&C. This technique, if it becomes
widespread, has interesting implications for malware detection at the
network level.

Title: Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow
Vendor: Symantec
Description: The host-services component in Symantec pcAnywhere 12.5.x
through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka
12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and
authentication data, which allows remote attackers to execute arbitrary
code via a crafted session on TCP port 5631.

Title: Banking trojan spreading via phishing attacks
Description: The Sourcefire VRT has discovered a new Trojan being
dropped on users via a large-scale UPS-themed phishing attack. The
Trojan, which attempts to steal credentials for several major financial
institutions
, also drops other malicious binaries on the infected
system. Its C&C communications are of particular interest, as its
authors chose to use the hexadecimal string “0xDEADBEEF” – which is
commonly used by attackers and researchers alike as a way to follow user
input through system memory – as a protocol marker of sorts.

Note: input through system memory.

It’s this last type of vulnerability (though not exclusively), which drives my need to logon to my banking site via a self-booting Linux Live CD – in this case – Puppy Linux. Since Puppy is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

Yes, I admit that it’s a pain (occasionally) to shut down and reboot just to complete an online financial transaction but, I’d rather be safe than sorry – I’m into an ounce of prevention.

Since the majority of malware is Windows specific, banking online through a Linux Live CD is my ounce of prevention. It should be yours as well.

Minimum Hardware Requirements for Puppy Linux 4.2.1:

500MHZ processor
128MB RAM
512MB free hard drive space to create an optional save file
No hard drive required to boot a Live Disc.
CD-ROM any speed

Download at: Puppy Linux

More information is available on the publisher’s site.

20 Comments

Filed under Don't Get Hacked, downloads, Freeware, Linux, Live CDs, Online Banking, Open Source

Secure Your Online Banking With A Linux Live CD

imageWhile connected to the Internet, just like you, I face exposure to Trojans, spyware, viruses, phishing scams, identity theft, scam artists, schemers and cyber crooks lurking in the shadows, just waiting to make me a victim. Even so, the odds of me picking up a malware infection, or being scammed, are low  – not 0% but…… Am I just lucky, or is it more than that?

Well, to some extent I might be lucky – but, it takes much more than luck to stay safe on the Internet. For me – it really boils down to prevention. Preventing cybercriminals from getting a foothold by being vigilant and adhering scrupulously to fundamental security precautions, including –

A fully patched operating system.

A robust firewall.

Automatically updated anti-virus and anti-spyware software

An aggressive HIPS (host intrusion prevention system).

Increased Internet Browser protection through selected add-ons.

and, most importantly never forgetting toStop. Think. Click.

Despite all those security precautions though, there’s one connected activity that still concerns me – online banking. Regardless of the fact that I choose my Internet banking provider based partially on its low profile (four branches as opposed to the usual 3,000/5,000 branches common in Canadian banking), I’m not entirely relying on this low profile as a guarantee that cybercriminals will not target my provider.

The inescapable fact remains; I am my own best protection while conducting financial transactions on the Internet. Frankly, I’m not convinced that financial institutions are where they need to be when it comes to protecting their online customers.

Despite my best efforts it’s possible (though unlikely), that malicious code may be installed on my computer – ready to pounce on my banking user account names, and passwords. Which is why, I have long made it a practice to conduct my financial affairs on the Internet via a self-booting Linux Live CD running Firefox. Since a Linux Live CD is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

Yes, I admit that it’s a pain to shut down and reboot just to complete an online financial transaction but, I’d rather be safe than sorry – I’m into an ounce of prevention. Since the majority of malware is Windows specific, banking online through a Linux Live CD is my ounce of prevention.

Recommended Linux Live CDs:

Lightweight Portable Security (LPS) – A Linux distro from the US Department of Defense.

Ubuntu – fast, secure and easy-to-use.

Puppy Linux – A complete operating system with suite of GUI apps, only about 70 – 140MB, and boots directly off the CD.

KNOPPIX – Live Linux file system on CD.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

29 Comments

Filed under 64 Bit Software, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Interconnectivity, Internet Safety Tools, Linux, Live CDs, Malware Protection, Online Banking, Software, System Security, Ubuntu