Other Tags

ads
amazon
annoyances
annoying
apple
applications
aquarium
astronomy
at&t
autism
autobiography
bad_companies
bad_news
baidu
bank
banking
banks
bicycle
bicycling
biography
blackberry
blackjack
bluetooth
bontrager
book
book-reviews
bookshelf-project
business
calculus
captcha
car
cds
cell-phone
charity
china
cloud-computing
codabar
code
coding
coffee
comedy
comments
commerce
computer
cool-sites
corn
creationism
crypto
cycling
debugging
dell
diffie-hellman
discworld
disqus
diy
do-it-yourself
documentaries
documentary
drm
economics
efficiency
email
environment
environmnet
everymans-library
excel
extensions
facebook
fantasy
fedex
fiction
finance
firefox
fishing
flickr
food
free-software
fun
gadget
gadgets
games
gear
gmail
good-service
google
gps
graphic-novels
grousing
haloscan
hardware
harry-potter
hawaii
health
historical
historical-fiction
hotmail
humor
ideas
ieee
imap
insignifica
intel
internet
investing
ipod
itunes
james
japan
javascript
jokes
jott
kbps
kodak
kvm
laptop
lawsuits
legalities
links
linux
mac
magazine-articles
mail
manga
math
mathematics
max
me-on-the-web
medicine
microsoft
movie-reviews
music
mysql-woes
navigon
nerd-humor
networking
new-yorker
newspaper
non-fiction
nonfiction
nsa
nutrition
online
pdx-sf-bike-trip
ph.com
photography
physics
podcasting
poker
politics
portland
postgresql
privacy
product-reviews
productivity
prognostications
programming
projects
puzzles
python
real-estate
registry
repair
restaurants
reviews
ripoff
robots
rpn
running
science
science-fiction
seagate
security
self-improvement
shingles
sidebar
snow
software
sony
source-control
specifications
spy
storage
subway
sun
taxes
technology
television
tickets
toyota
trainster
travel
tri-met
tv
ubuntu
united
ups
usb
vacation-reads
vampire
vi
video
viral-marketing
virtualization
vista
vonage
watches
web2.0
web_design
webdesign
website
widi
wikipedia
windows
wireless
work
wusb
year-in-cities
youtube
zoho

JUL 15
2007

The Emperor's New Security Indicators is an extremely interesting (and terrifying) journal paper presented at the 2007 IEEE symposium on security and privacy.

Mandatory reading for anybody working on security, and it should prove very interesting for everybody else.

Conclusions from the paper:

Users will enter their passwords even when HTTPS indicators are absent
Users will enter their passwords even if their site authentication images are absent
Site authentication images may cause users to disregard other important security indicators
Role playing has a significant negative effect on the security vigilance of study participants
36% of study participants who were using their own personal banking account chose to login after seeing an explicit warning page saying that the connection was probably insecure

tags: security
permalink | comments | technorati

blog comments powered by Disqus