[LINK] Banks eye bootable Linux CDs
Glen Turner
glen.turner at aarnet.edu.au
Thu Mar 24 19:39:13 EST 2005
> "One of them has considered the technology, but has already made a
> commitment to another technology, which is tokens.
The problem with the token stuff I've seen so far is that
they authenticate the connection to the bank, not authorise
the transaction.
So if someone hijaaks the PC they need merely wait until
the user initiates their banking session before nastily
draining the account. Better than the current scenario,
but not by much.
Cynics might say that it's better for the banks, since
users would find it too difficult to repudiate the
bogus transaction.
What's needed are tokens which will accept transaction
details and issue an authorisation code for that -- not
so much a token as a secure platform for banking, with
all the expensive stuff (internet, etc) being on the
users's untrusted PC.
The CD plan has issues of hardware compatibility (bank
call centers are not good at debugging hardware Linux
compatibility issues) and updating the software (the
bank needing to mail new CDs all the time to patch
Linux vulnerabilities).
More information about the Link
mailing list