[LINK] Banks eye bootable Linux CDs

Thu Mar 24 15:37:49 EST 2005

Banks eye bootable Linux CDs
By Renai LeMay
ZDNet Australia
24 March 2005
http://www.zdnet.com.au/news/security/0,2000061744,39185833,00.htm

Australian company Cybersource says it's currently talking to two domestic
banks about providing Linux-based bootable CDs to consumers to ensure
Internet banking security.

The company yesterday released information about its Online Banking
Coastguard solution. Coastguard is based upon Knoppix, a Linux distribution
which boots entirely from CD and is known for its automatic hardware
detection features. Cybersource has included Mozilla Firefox as the sole
browser for Internet banking.

"We've brought it to the attention of several banks, and are in reasonably
serious discussions with two of them," said Rohan Tronson, Cybersource's
Coastguard product manager. Although he wouldn't say which companies were
involved, Tronson acknowledged his company was talking to both national and
regional players.

"One of them has considered the technology, but has already made a
commitment to another technology, which is tokens. While it's [Coastguard]
not incompatible with tokens, they've already made certain agreements with
a certain company involved with those tokens. They've chosen at this stage
not to make it something that they'll carry as a major product," Tronson
said.

"However we are still in discussions with a section of that bank, to use
the technology in a slightly different area, within the bank and within a
project that the bank supports - we're likely to use something similar to
this," he continued. He said that Cybersource would be shortly
demonstrating its software to the second bank that it was in discussions
with.

"We don't expect too much action at this point from the major banks," said
Tronson, although his company has approached them with the Coastguard
solution. "We'd probably expect some of the more regional ones or some of
the providers of other financial services to be the first onboard with
something like this."

However, Cybersource may find it tough going selling its Firefox-based
solution to the major Australian banks. None of the larger players
officially support Firefox- or Linux-based access to their systems,
although various online guides exist to guide Linux users through the
process of configuring their system for each particular bank. The
complexity of each solution varies between banks, with those that provide
Java-based Internet banking (such as St George) requiring the most
tweaking.

Tronson did make it clear that if necessary, his company would customise
its product to a bank's needs, saying: "There are other browsers available
(Netscape, Opera, etc). If necessary we would be happy to replace FireFox
with one of these (subject to licensing of course) as part of the
customisation process."

Tronson claimed that the main attacks against banks and banking customers
were "not necessarily solved by alternative security measures such as
tokens and other forms of second factor authentication". Tronson argued
that Coastguard would be a better solution for secure Internet banking
because it provided "a totally locked-down, secure operating system and
applications from non-modifiable media, with DNS-lookup configurations
hardwired to secured servers provided by the banks themselves".

When building Coastguard, Tronson said, Cybersource recognised that Knoppix
"is not particularly friendly or familiar to the majority of people". So
the company took the Linux distribution and used the open source IceWM
window manager to build a "user interface that had been made to look and
behave much like the Windows XP that most users are used to".

In addition, the company pared down the Linux distribution so that it would
supply "just the tools necessary for the single purpose of online banking".
Tronson also said his company had secured the underlying Linux system and
put extra development effort into ensuring that it would "function smoothly
in a far wider variety of environments" than Knoppix normally would.

Cybersource plans for banks to put their own branding onto the product and
make it an officially supported secure channel for accessing Internet
banking services. The company envisages banks providing bootable CDs of
Coastguard alongside other branded marketing material.

-- 
I believe that banking institutions are more dangerous to our liberties
than standing armies. Already they have raised up a monied aristocracy that
has set the government at defiance. The issuing power should be taken from
the banks and restored to the people to whom it properly belongs. 
-- Thomas Jefferson

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au