Posted on 03/24/2005 7:15:21 AM PST by N3WBI3
Australian company Cybersource says it's currently talking to two domestic banks about providing Linux-based bootable CDs to consumers to ensure Internet banking security.
The company yesterday released information about its Online Banking Coastguard solution. Coastguard is based upon Knoppix, a Linux distribution which boots entirely from CD and is known for its automatic hardware detection features. Cybersource has included Mozilla Firefox as the sole browser for Internet banking.
"We've brought it to the attention of several banks, and are in reasonably serious discussions with two of them," said Rohan Tronson, Cybersource's Coastguard product manager. Although he wouldn't say which companies were involved, Tronson acknowledged his company was talking to both national and regional players.
"One of them has considered the technology, but has already made a commitment to another technology, which is tokens. While it's [Coastguard] not incompatible with tokens, they've already made certain agreements with a certain company involved with those tokens. They've chosen at this stage not to make it something that they'll carry as a major product," Tronson said.
(Excerpt) Read more at zdnet.com.au ...
I am saying if Linux respects NTFS ACL's on files and the user reading the mail is not mapped to someone who has the rights on those ACL's youre pretty safe..
If, If, If, sure if you setup enough qualifiers, you can be safe with anything. Problem is, too many guys like Rifleman above, who swear by the security of Unix/Linux, but don't provide anything concrete like I did with the latest Homeland Security report, which actually showed it riddled with holes. That's where I start to have a problem, too much false and misleading info about how secure Linux supposedly is.
Why not just require us to stand on our heads, too?
Ah, but I can say "No magnetic media will be used". It's all under the engineer's control, and how freakish paranoid he wants the system to be. And freakish paranoid sounds just fine for banking.
Last week I had a horrible partition table nightmare on the Windows side after replacing a PC drive and motherboard at the same time. Everything conceivably went wrong that could including flaky backups that inexplicably failed to include a few files. The only thing that stopped it from being a complete disaster was DiskDrake, the built-in partitioning software in Mandrake, along with an old backup tape I found in the shed.
With OpenVMS, if you had an image backup and a good hard drive, you were always back in business within two hours.
There's the rub, guys. Knoppix does not automatically mount the local media. So clueless users would not be exposing their systems.
Knoppix does allow you to mount drives, but it requires an overt action on the part of the user.
No Linux also will run on a mainframe
I know that. Was at an introduction when IBM announced Linux would run on a mainframe series. My point stands. Linux has to have the capability of running on PC architectures which compromises it.
Ehem... you know that the code for PC architecture is not used when compiling for other platforms, right? And that architecture specific code is independent from each other and from arch-independent?
Computer code is an abstraction of the hardware. Nothing more. Designing directly for a particular hardware is old school; now one designs for needs, not hardware. If there's a capability only big iron chips can handle, it can be implemented in big iron, and other platforms either get a "sorry not implemented" or, if not too expensive, some emulation.
In short I see no reason why PC support would detriment from supporting other architectures.
Yeah, that's probably about the right ratio of Windows systems to Linux ones.
Now, WXPSP2 is _much_ more secure than its predecessors and Gates and Co are working hard to clean up their act. But until PC's were shipping with XPSP2...
Now you're being more reasonable. And in the past, there wasn't enough Linux machines anywhere for anyone to care to find holes in them. As you can see from the Homeland Security report though, times are a changin'.
That link you posted is a list of "current", whatever that means, vulnerabilities.
Yep, a list of current vulnerabilities, compiled by host O/S every week by Homeland Security. If you have a different reputable source that compares the two platforms ina similar manner, I'd be interested in seeing it. But for now, this is the best there is.
In any case, I have a challenge, build a Windows PC with all the current patches and a Linux PC with current security settings and updates, put 'em outside the firewall and see how long they last.
Well if they have all the latest patches, they should both last for quite a long while. Nowhere near a difference to compare one to a cardboard box, and the other to a safe.
When I did it, the WXP PC was infected within hours and the Linux PC never was.
Now you're making questionable statements to support your position. You're claiming you patched a box with all the latest available security upgrades, then put it on the internet, and even with all the latest patches installed, within 6 hours it was compromised?
Sounds like horsesh!t to me, Mr. Rifleman. Either that, or your network has an unusual amount of malware running on it with no patches available to stop it. I suggest you contact Microsoft and numerous other security firms, I'm sure they'd like to know more about all these zero day exploits floating around your network, with no patches available anywhere to stop them.
Actually, you and I don't disagree. I should have made myself clearer. I'm not suggesting that non-Intel architecture-specific code, say IBM System 370 code, is in any way diminished or compromised by the architecture specific code of the Intel/AMD versions. I didn't ever mean to imply that. But the PC family code is necessarily written differently than it would be if supporting PC-type interrupts and DMA and ISA derivatives and FAT-32 filesystems and partition schemes weren't such a major goal. Very clearly these legacy aspects of the PC do influence PC Linux ports -- how else could it be?
I know it is considered "old-school" to design for specific hardware. However, do not make the mistake of thinking that old school is necessarily bad and cutting edge fads are always the way to go. You'll be bleeding profusely in several areas of your life if that is your consistent philosophy. There are a lot of positive things to be said for an integrated, proprietary system architecture. Cost, of course, isn't one of them.
Ok, we agree then in that PC design, even for the same kernel source tree, doesn't influence the other architectures and won't, by itself, make the "Linux System 370" port less robust. The System 370 will simply ignore FAT, ISA, DMA... and use their own way.
Now, about "old school", I concede using the term was not necessary. I didn't had any intention to start a "old times, new times" debate.
There are a lot of positive things to be said for an integrated, proprietary system architecture.
Agreed. Still, I probably won't be able to perceive any real engineering difference (the non-PC branch almost got it anyway), and the saved time and reused code will easily make up for it.
I'd heard of people making bootable Windows CDs, but I hadn't seen it. Thanks.
Yep, I think my original message was written about midnight after a full day of writing Terri posts and it wasn't very clear.
What the hell is a modem?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.