Comments on: Security Common Sense

By: CG

CG — Mon, 24 Dec 2007 05:24:41 +0000

valid points but the fix, just like in life, isnt by taking responsibility for their actions AWAY from the monkeys, its making the monkey’s responsible for their actions.

i dont have technical way to accomplish this but we dont have a way to accomplish this in life either but we certainly need both!

By: Shoaib Yousuf

Shoaib Yousuf — Wed, 19 Dec 2007 03:14:29 +0000

I agree with your thoughts pdp, The best example is when we goto ebay.com, paypal.com or any of our financial intitution website to login..All saying same stuff; Our organization will never send any email asking about your credentials…

Still ppl are replying to phishing emails and still getting victim. I liked your idea of Security Common Sense. Doesn’t matter whatever we do, if we will not use our common sense we will continue to support bad guys indirectly.

Cheers
Shoaib

By: Thomas Roessler

Thomas Roessler — Tue, 18 Dec 2007 18:22:38 +0000

Well, seems like this is “there’s relevant W3C work” comment day for me… There’s a Working Group going on, called the Web Security Context WG, that tries to attack precisely this point – security usability, for the kinds of security interactions that commonly go on on the Web. We indeed train a bunch of monkeys to click the “yes” button these days — in particular since we ask the user precisely in those situations in which a decision may be really hard to make. Unfortunately, these are the situations in which things are usually even worse for users than they are for browser developers, and in which users will be unable to either understand the consequences of what they do, or to understand how they should even make a decision. What remains, then, is the feedback whether or not “it works”. Of course, “it works” when people click “ok”, and “it does not work” when people click “cancel”. Guess what they do.

Working Group home page: http://www.w3.org/2006/WSC/
Current Working Draft: http://www.w3.org/TR/wsc-xit/

Enjoy!