Seamless Lessons & Security (commentary)
hmurray at megapathdsl.net
Mon Jul 7 16:50:46 EDT 2008
> That's precisely the seam that Michael and I wrote about in his
> previous message to the thread. The opposition he and I have is
> towards allowing single-click actions to cross security barriers
> without the system _ensuring_ that the user is informed of the
> The way to do it is to throw up a (system-, not Browse- rendered!)
> warning dialog indicating that a security boundary is about to be
> crossed, and allowing the user to stop the action -- unless this
> particular boundary traversal was specifically approved ahead of time.
Is that good enough? I think it would work fine for paranoid security geeks,
but what about school children?
Does the typical student know anything about computer security? (What grade
will kids be in when they understand that area?)
How many kids and adults will just ckick "OK" because that did the right
thing last time? Or they are tired and didn't read carefully? ...
How hard will it be to social-engineer somebody into clicking on something?
(The trojan installers have a pretty good track record. I'd call it mature
These are my opinions, not necessarily my employer's. I hate spam.
More information about the Devel