Duane wrote:
http://computerworld.co.nz/news.nsf/UNID/FCC8B6B48B24CDF2CC2570020018FF73?OpenDocument&pub=Computerworld
Up to 300 BankDirect customers were presented with a security alert when
they visited the bank's website earlier this month — and all but one
dismissed the warning and carried on with their banking.
I think that's the biggest security problem of all. We can't help users
who simply never pay any attention to security warnings.
All of the recently proposed efforts to change UI for security (most of
which make error indications LESS obtrusive and LESS likely to be noticed IMO)
will amount to no security improvement for the 299/300 in that survey.
We only increase users security when our (UI's) actions cause them to stop
doing things that harm themselves.
Maybe we're trying to prematurely solve these problems. Maybe we should
let the bad guys run rampant, until John Q Public finally understands
that he has to stop HIMSELF from giving away his assets.
self-issued certa and "oppotunistic encryption" do NOTHING to help out
those 299/300 BTW. They don't need more encryption. They need to know
when to stop.
--
Nelson B
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
