Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Browsers, phishing, and user interface design
Scott Granneman, 2006-06-05

Phishing works for so many reasons, we need to rethink browser and user interface design to provide some real-life security to the average user who doesn't see or understand the security cues.

Comments Mode:
Sure. Lots of ideas... 2006-06-05
Anonymous (2 replies)
Your First Statement Is Right 2006-06-06
Anonymous (1 replies)
Re: Your First Statement Is Right 2006-06-07
Anonymous (1 replies)
Re: Re: Your First Statement Is Right 2006-06-08
Anonymous
Re: Sure. Lots of ideas... 2006-06-24
Anonymous
Browsers, phishing, and user interface design 2006-06-06
Anonymous
Browsers, phishing, and user interface design 2006-06-06
TJ
Browsers, phishing, and user interface design 2006-06-06
Anonymous (1 replies)
Re: Browsers, phishing, and user interface design 2006-06-06
Anonymous (2 replies)
Re: Re: Browsers, phishing, and user interface design 2006-06-08
Anonymous
Re: Re: Browsers, phishing, and user interface design 2006-06-16
Anonymous
Browsers, phishing, and user interface design 2006-06-06
infamous41md
Browsers, phishing, and user interface design 2006-06-06
Todd Knarr
Email should be as in the begining: text ONLY 2006-06-07
Anonymous
Well, lets hope we find White Hats 2006-06-07
Anonymous
Education & Two-factor authentication 2006-06-07
Wolfy
Browsers, phishing, and user interface design 2006-06-07
GeeksAreSexy
Browsers, phishing, and user interface design 2006-06-07
Anonymous
Browsers, phishing, and user interface design 2006-06-07
Andydread
Browsers, phishing, and user interface design 2006-06-07
Glenn
Send them to AOL 2006-06-07
Anonymous
Browsers, phishing, and user interface design 2006-06-08
Anonymous
The article tells tells you atleast one simple answer 2006-06-08
Matthew
Stop babying people 2006-06-09
Anonymous
Browsers, phishing, and user interface design 2006-06-09
Ron Jennings
Wrong end to start patching 2006-06-12
Thomas Nilsen (1 replies)
Re: Wrong end to start patching 2006-06-12
Anonymous
Browsers, phishing, and user interface design 2006-06-14
Andre
Ingredients of possible solutions 2006-06-16
S. Lo Presti
Users ignore alert messages... 2006-06-20
Anonymous
...because they try to explain, in a single popup with a nice "OK" button in the middle, what the whole story behind that alert is all about.

Consider this: the user is just trying to browse a site and the browser comes up saying "wait a moment: I have to tell you a long but interesting story".

Sure the user is going to answer "Ok, ok, but now let me just see this nice site my friend told me about".

Maybe alert messages could be more effective in... well, alerting the user if they were short and simple, like "Caution: malicious site. For more info click _here_" (a link to the whole story for those - not many, it seems - who'd like to understand what's going on).

But I guess this would feel too much like IE's alerts, which are ineffective as well...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/405/33743#33743
simple: 2006-06-24
ailaG
Browsers, phishing, and user interface design 2006-07-03
wurzlsepp







 

Privacy Statement
Copyright 2007, SecurityFocus