An idea about safe shopping online
 

Hello,

I ve been a security-aware user of windows for many years. In the beginning I was obsessed with security, antivirus, antispyware, updates etc... I went from a novice user to one who could monitor their running processes, knew which belong to the system, learned how to edit the registry, remove programs from the start up etc. Then at some point I realized that safer surfing with the right precautions never got me any virus and even stopped using an antivirus for quite some time.

I only ever feared to get any unknown keylogger who would steal my credit card number. Because I could never be sure, I only used a debit card for my online shopping. Even if someone got the number, they could not withdraw any more money than I had loaded in it.

Now that I have been running all these different linux live cds, I realize that there is a much better way to be completely sure that your system is not compromised when you go shopping online. Nowadays that linux cds can connect to the internet, I only needed to boot from such one, buy through that system and then reboot to my normal operating system. A linux live cd would be a totally clean operating system.

Is there any catch to this? I really wonder why nobody would suggest this in security forums? Why I have never heard about this?

If this way of doing online transactions is really that safe, I could even start using online banking, which I always avoided due to security-paranoia.

Hardware (usb key based) keyloggers (more likely in public places rather than your home, obviously).

Obviously I wouldn't go to an internet cafe for online shopping. So it is a great and safe idea! :D

How about an airport ticket purchase terminal?

I do not use them. Actually, I ve never seen one. I ve only seen terminals for check-in. However, in that case, the burden of securing the terminal would fall on the airport! I don't think they would put their organization at risk by not paying attention to security. ?

Well, the reason I'm suggesting these wild ideas IS because yes, a live CD would be a pretty clean secure environment (assuming writing is prohibited to any kind of storage device on the system).

It is also worth mentioning not all distros are the same security-wise.. Take a look here for differences in upping security by the additional kernel modules (Such as Linux Security Modules or the different programs used by different distros.

I use two things:

1. A debit or credit card that I pick up at the supermarket check-out line, then charge up with an appropriate but modest amount of cash ... paying the issuing company's sometimes-serious fees for the privilege. The number goes through the system just like any other, but it's not attached to a large amount of money.
2. PayPal. Including an associated PayPal debit card.

Realistically, a credit-card number can be stolen ... even by the waiter in a restaurant. But you can limit what it can be used to do. Then, beyond that, keep careful records and actually review your statement. If you are the victim of credit-card fraud, consumer protection laws work in your favor. I've been on both sides of the merchant equation, and I can tell you that the customer's position always wins.

What you say is very interesting. In my country its a complex procedure to get a debit card, you can only get it from a bank and most banks require you to have an account associated with it.

I use that card only for online shopping and nowhere else. The thing is, periodically the banks cancel my card with the suspicion that my number has been stolen. Without anyone actually having used the card. I asked the bank for specific information, and how they would know such a thing. I told them that I need to know what stole my numbers and whether I should format etc.... But they refused to tell me. I suspect that they know nothing, they have no proof, but it is their policy to cancel cards periodically to avoid online fraud. Probably the cost to replace large numbers of cards is less than what the banks loose from online frauds. This is my theory. Security through obscurity? :P

I would never own a debit card just because I'd rather let the bank take the risk on a credit card. At least when a crook gets your credit card you only owe the amount instead being out that amount.

Also get a single credit card just for internet and you may have to even force the bank to keep the credit limit low. If you only buy $200 a month then you might be able to get a low limit like $500. Always be sure to watch out for https site authentication.

I'd also use a live cd.


Having the banks cancel your card is not such a bad thing if they do it for security. Bank cards are like passwords. You don't want to keep the same one too long.

I fought a credit card company for two years when a Russian team found a way to intercept thousands of credit cards, activate them and take $500 from each card. You'd be surprised how difficult it was to get the bank to write off that amount. They didn't want to loose that much money and they make it very difficult to defend even after I followed all the laws to defend myself. They have a team that threatens you. They know that many people will just pay it so they don't take a loss.

That sounds reasonable. They could explain that to the customers though, rather than saying that they suspect the card number was stolen. To a security aware user, this is offending :D.

I am not aware of the laws about credit cards. For example, if your card number is stolen due to your own lack of security measures (pc troyan or something) would the bank still be responsible for the loss of money? For all they know you could have given the number willingly to someone and then claim it was stolen to get the money back. It might be simplistic, but this is how I would think, without knowing how banks can tell, whether you or someone else uses the card.

Thats why I am not surprised that they did not want to write that amount off. Its also one of the reasons I am not fond of credit cards and their teams. Its too time and energy consuming to confront them :P. If they think you owe them, they will legally pursue this. Unless its sth like your case, where the law is on your side.

If debit cards are difficult to deal with in your country, then get a credit card for that purpose only. In the US, one option that is almost never talked-about (because it is practical therefore unprofitable) is a credit card that is secured with cash. Put down, say, $500 and if you have less than that on the card the bank pays you; more than that, you pay the bank. Your credit-line is some multiple of the amount of security: $500 might get you say a $1,000 credit limit and so-on.

But what you do want is ... a hard limit. In other words, if the limit is exceeded the transaction is declined.

I don't know the consumer credit protection laws of Greece.

Just turning back to the original and IT approach...

Live CD and such only guarantee the system is sane and clean at startup (and only if the CD comes from a reliable source!). It does not guarantee there are no sniffers on your network, or hardware keyloggers. Theoretically, there is no protection against booting and getting infected by a piece of malware (i.e: you boot, surf a bad website, get infected, then go banking online and have your credentials stolen before you shutdown and delete the malware.), but I have never heard about such a thing happening if you ask me.

Keep in mind that Live CD tend to get outdated very quickly -vulnerabilities are discovered, but the Live system gets no updates to patch them. Again, not something that disturbing if you take appropriated meassures, but good to keep in mind. In addition, security is not so much of a concern for many distributions, so keep that in mind too.

I have built some custom solutions for friends of mine based on Live systems, and first thing I always do is to remaster the live distribution to set a tight firewall, close some unneeded services and maybe install some security patches.

Again, it does not help very much if your cards have a limit of 1000 megabucks and you take not care of it.

By the way, I don't trust plastic money. I find most small payments are better payed in cash, wire transfer or when you get what you bargained for in the post office. Methods that have their own drawbacks, but don't put you at the risk of loosing hundreds of dollars so easily.

Megabucks :D :D :D

I feel everything I ve learned in windows security does not apply in linux. Its as if I ve learnt nothing all those years. But I am willing to make the journey again.

You mentioned a firewall. This might be completely irrational, without any evidence or logical explanation, but I have a gut feeling about firewalls. And so far only one could convince me that it was really secure. That firewall, KERIO, was discontinued many years ago. Sunbelt bought it until they also discontinued it. If linux uses firewalls I hope I can find such a great one again.

In Linux, the firewalling is handled by a kernel thing called "Netfilter", which is usually handled by an application called "Iptables", which can be managed by many interfaces the user can choose.

The short version of this is that, in the real world, users set the Linux firewall through Iptables or through an app that handles Iptables. You can have a look at "Firestarter", "Gufw" and similar interfaces. They all are different approaches to configure the same firewalling system: Netfilter. Usually, you can find Iptables in most distributions, so this is the option I recommend to learn -even when it may be harder to do so.

There are many good tutorials on the WWW. Good luck!

Note that just like a Live CD doesn't guarantee anything beyond the "cold" data state a firewall has no concept of (doesn't protect against) in-transit data capture or remote or user land (in-browser?) malware tricks. Consider adding fixed ARP table entries for local gateway (and proxy if any), an ARP anomaly logger (arphound?), static or persistently cached (pdnsd?) DNS entries and Netfilter allowed local UID plus remote IP and port (SSL!) white list, inotify-based process tracking (audit service, Samhain?), an IDS (Snort / Emerging Threats egress SSN rules?) and a tightly locked down browser. More than that you need sane network-using habits. As in "do not attribute to malice what can be attributed to PEBCAK" ;-p

And here comes unSpawn, overkilling since 2001! Or so would it be, if there was such a thing as "overkilling" in the security area...

Half the things unSpawn has outlined are beyond the reach or the will of common users, but are indeed funny to investigate at the very, very least :-D However, the most important one is:

"More than that you need sane network-using habits."

Which basically stands for "Don't fall into scam, don't accept invalid SSL/TLS certificates, don't fall into social engineering traps, don't download untrusted stuff" and so on. Usually, is easier to trick people by pure lying than by using a complex technical attack.