, 2006-06-05
Phishing works for so many reasons, we need to rethink browser and user interface design to provide some real-life security to the average user who doesn't see or understand the security cues.
Expand all |
Post comment
Sure. Lots of ideas...
2006-06-05
Anonymous (2 replies)
Anonymous (2 replies)
Your First Statement Is Right
2006-06-06
Anonymous (1 replies)
Anonymous (1 replies)
Browsers, phishing, and user interface design
2006-06-06
Anonymous (1 replies)
Anonymous (1 replies)
This problem relates to issues that are studied in the field of "trust", for example "feelings of security".
You're here digging into one of the most difficult issue, the one of bridging the gap between the objective aspects of trust (well-known security, website design, browser cues, etc.) and its subjective side (how those things are mitigated in the light of the task at hand, the time to do it, the social trend to take security for granted, etc.).
Education is a necessary ingredient, and I would suggest that there are many ways to do this (e.g. when the browser is installed, the user should go through exercises to assess its "security awareness") and also that it would apply to security people (security visibility, being more in contact with the security-unaware users).
But I think the biggest efforts are in secure (or, better, trustworthy) design, and this is similar to what happened years ago due to the lack of software reliability. This should ideally lead to standards that would ensuer consistency throughout the field, including the various browsers (think about the tricks that some hackers were playing using Firefox's tabs).
Lastly, I would like to insist that the solution is as diverse as the problem itself, you cannot simply rely on a single element to solve this, you have to combine many, and provide even more.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/405/33734#33734