Jesse Ruderman pointed to a slideshow by Peter Guttman, longtime security guru at the Auckland University CS department (not far from my office). It's nominally about phishing, but really it's about psychology and user engineering for security. It has the most pointed attack I've ever seen on "security warning" dialog boxes --- the "ARE YOU SURE YOU WANT TO GET YOUR WORK DONE? [OK] [Cancel]" boxes that you, I and everyone else blindly click through every day. It's a must-read for just about everyone who works on software or Web sites. I found it interesting, disturbing, thought-provoking and enraging (the latter especially regarding the near-malicious design of US banking websites).
I am nominally on holiday this week. Actually I'm going to be rather busy catching up on work at home and also a few things at the office. However I do reserve the right to ignore anything unpleasant! The highlight of my week will probably be my talk at the Auckland University Computer Science department on Wednesday at noon. Thanks to the CS department for hosting me.
Yes, security is really frustrating.ReplyDelete
I spent a couple of years doing internet security consulting (and installation) for companies. That was the job that finally made me give up all faith in the marketplace and retreat to academia.
Vendors selling un-usable products to people who can't figure out how to use them. And other vendors selling products that do their best to subvert any security you actually have in place.
The only real end result is that a lot of money moves from one place to another.
I strongly believe "Educate the Users" has been the wrong solution for a very long time. Unfortunately no-one else seems to agree.
page 25 of the pdf:ReplyDelete
Like WW2 German superguns
Working on it diverts resources away from solving the real problem
hmm, what was the "problem" Germany was trying to find a solution to in WW2?
seems to be a choice of words with an unintentional double-meaning. :p
Your last two posts aren't on planet.mozilla.org.ReplyDelete