@Angel: what you did wasn't intentional, so good interaction design should
have 'warned' you in some way. From a Service Design point of view such
"excessive-usage"-fees should be forbidden :-)
Designing around unintentional misusage isn't the same as fighting
intentional abuse. The first can be p
What gets me is the system was designed to behave in that manner.
I was unable to open a bank account in Sweden. I was curious to how
everything worked over there. The POS in transportation systems were like
american fisher price toys, 3 very distinct big colored buttons.
Thanks for the input.
On
Yes. Security is great, but good interaction is better.
And there is such a thing as self-defeating security, also.
Take AKO's (Army Knowledge Online) password requirements:
2 or more lowercase letters
2 or more uppercase letters
2 or more numbers
2 or more symbols (*&^...@!,.;< so on)
And at le
On 8 Jan 2009, at 15:11, a...@amroha.dk wrote:
[snip]
Dr. Thompson talks about an airline incident where he was able to hack
into a system due to boredom. He believes that the developers forgot
to
see the "abuser" point of view.
Interestingly I often see the opposite problem. Folk take the
Hi Alan,
There is no problem with separating scenarios into those that result from
malicious intent versus actions with no true malicious intent. From the
perspective of the owner though the results could be the same from
intentional or unintentional behaviors. My thought is that we need to
consid
Would this account for abuse:
http://mypfblog.blogspot.com/2007/05/excess-activity-fee-at-wamu.html
This was about a month ago and the web UI allowed me to deplete my account
of over 75.00 of fees in one sitting with absolutely no destructive
confirmation screen.
The excessive fee was enforced ri
On Thu, Jan 8, 2009 at 3:01 PM, Chauncey Wilson
wrote:
> Designers need to consider misuse scenarios in planning.
I tend to agree but I think we need to separate two concerns:
One is "how should the system respond to out-of-bounds information".
Putting a heavy child on a postal scale, for exampl
Designers need to consider misuse scenarios in planning. Here is brief note
that I wrote up about misuse (and related) scenarios for my class on
scenarios:
"While many scenarios focus on actions leading to the successful or
unsuccessful completion of user goals, there are also scenarios that you
Both of their books are excellent reading. They're short and to the
point, with line staff and QE managers as the target audience, not
security professionals.
a...@amroha.dk wrote:
I am watching a discussion with Dr. Herbert Thompson:
"Dr. Herbert Thompson is an internationally renowned exp
I am watching a discussion with Dr. Herbert Thompson:
"Dr. Herbert Thompson is an internationally renowned expert in application
security testing, research and training. He was Security Innovations
second employee, joining Founder Dr. James Whittaker in 2002. Dr. Thompson
earned his PhD in Applied
10 matches
Mail list logo