-- Regards
Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390 Michael Lefevre wrote:
On 2007-01-29, Gervase Markham <[EMAIL PROTECTED]> wrote:dolphinling wrote:"The study, based on user testing, found that EV certificates don't improve users' ability to detect attacks, that the interface can be spoofed, and that training users actually decreases their ability to detect attacks."What that actually means is that the study found that the Internet Explorer EV UI (the green bar) doesn't improve users' ability to detect attacks.Indeed. But from what I've seen discussed so far though, the proposed Firefox EV UI would be similar. The picture-in-picture spoofs were highly effective - it doesn't really matter what the security UI does or looks like if it can be approximated by a web page. There was also the finding that the user training actually made people much more trusting of the spoof sites. After being told about phishing protection, people assumed that they could trust anything without a phishing warning. I don't see how that problem would be different for Firefox.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security