Archives
- March 2010 (1)
- February 2010 (1)
- January 2010 (2)
- December 2009 (1)
- November 2009 (2)
- October 2009 (5)
- September 2009 (1)
- March 2009 (3)
- February 2009 (1)
- January 2009 (2)
- October 2008 (1)
- September 2008 (5)
- July 2008 (1)
- June 2008 (5)
- March 2008 (1)
- January 2008 (1)
- December 2007 (5)
- November 2007 (8)
Categories
Blogroll
-
ADSL Viettel
-
adsl viettel
Solutions to ‘Man in the browser’ online banking security threat
As reported by Computer World UK malware is shifting towards intercepting traffic inside the browser – a kind of man in the middle attack, rather than keystroke logging or phishing. This style of malware would intercept the password entered on the webpage using exploits in the browser. How about this solution to combat this?
Banks should offer their own applications to use for online banking – for instance, a virtual machine that saves it’s state running something like damn small linux + a web browser. This could be packaged with qemu.
You’d boot the virtual machine, use your banking, then when you closed it off, the virtual machine wouldn’t save changes, so it would always be the same.
This could be distributed on read only flash memory, or even plain old CDs to avoid malware modifying the image.
So: how do you do this?
1. Download DSL Embedded edition
2. Unzip it, and click dsl-base.bat
3. Up comes DSL linux, it boots using QEMU in a matter of seconds
4. Use your online banking as you wish (Ctrl – Alt releases the window so you can get back to your other applications)
5. That’s it…
The protection of using both Linux and a virtual machine in windows in 5 steps!
Now, if only banks would redistribute this, you can imagine how easy it would be to rebrand DSL, and to auto open firefox on the correct page.
Comments?
Random Posts