Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Found this article on using Live Boot Devices to do sensitive tasks such as onli

ID: 661196 • Letter: F

Question

Found this article on using Live Boot Devices to do sensitive tasks such as online banking. While the article discusses the benefits of avoiding a possibly compromised host OS, it doesn't mention lower-level threats. Given increasing prevalence of sub-OS malware (e.g. BIOS, NIC, etc.), is there still a substantial increase in security from using Live Boot Devices?

My understanding of the issue is that regardless of the OS you're booting to, compromised hardware has the potential to log and exfiltrate your activities. While the susceptibility of your personal machine may be less than public hardware (for instance, a hotel terminal), the security gained from a Live CD seems to be marginal.

Basically: Are Live Boot Devices worth the bother? Is BIOS malware as common/dangerous as I have heard?

Explanation / Answer

There can be security benefits of using something like tails for example

keyboard logger - having an on-screen keyboard can get around this, and recording the monitor feed is impractical (lots of data + processing), but possible

network monitoring/injection - using TOR and ONLY secure connections, you can be pretty secure from snooping, although it depends on what encryption you use. note: this is more secure than the "standard" use a VPN/SSH, as there you have to be careful about any potential metadata leaks such as DNS requests that aren't tunneled properly

hard-drive/memory analysis: if you have something super-secure, you don't want anyone to be able to get it from a left-over paging file or memory remnants, which is why it's important to never write anything to the hard drive, and clear the memory upon shutdown

but really, pretty much all of this is overkill for your typical consumer banking customer with less than 250k in their accounts

not sure about specific bios/nic tracking possibilities, as those typically don't have much to work with - really aside from the hardware keyboard logger, I don't think any of these are likely to be encountered, especially not compared to software exploits in the host OS

Related Questions

Fossa Road Paving Company is considering an investment in a curb-forming machine
Question #2505200
Fossil Fuel Resources Fossil World Annual WorldDepletion Reserves ConsumptionTim
Question #2306141
Fossil Preservation and Trace Fossils Exercises 285 4. Exunine this photograph f
Question #288380
Fossil fuel combustion and artificial agricultural fertilizer combine as the pri
Question #802414
Fossil fuel data from the DOE EIA for 2011 is presented. (a) Please update the s
Question #1868068
Fossil fuel data from the DOE EIA for 2011 is presented. (a) Please update the s
Question #2088322
Fossil fuels are a classified as organic sedimentary rocks (even though particul
Question #298671
Fossil fuels are used everyday, but can pose large hazards to the environment. T
Question #296589
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Found some more help so I\'ve made it mostly through this problem. Not sure how
Next
Found this one in my Text book and need some help, could you please answer me th

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.