[18546] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Defending users of unprotected login pages with TrustBar

daemon@ATHENA.MIT.EDU (Amir Herzberg)
Thu Sep 22 10:10:02 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 22 Sep 2005 09:13:13 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
Reply-To: herzbea@macs.biu.ac.il
To: Adam Back <adam@cypherspace.org>
Cc: John Gilmore <gnu@toad.com>, cryptography@metzdowd.com
In-Reply-To: <20050920223910.GA662@bitchcake.off.net>

Adam Back wrote:
> I would think it would be safer to block the site, or provide a
> warning dialog.  

Before we do the first redirection, we do ask the user. However, since 
TrustBar is really part of our research on secure usability, we are 
aware that asking the user is a very problematic mechanism. Namely, we 
expect most users to simply click `yes` and forget about it. That's why 
I referred to it as default.

Seems that I must repeat my request: a lot of you seem to agree that 
current browser security UI is broken, here are we developed a seemingly 
usable tool trying to fix it, takes 2-3 minutes to install - why don't 
you spend that time and then tell us how to improve (or to stop wasting 
our time as well as your 5 minutes)? Of course, what we'll really love 
(for our usability data) is for you also to get some non-expert users to 
try to use the system... someone who really uses e-banking and cares 
about the (very real threat) of spoofing/phishing...

(This is what I was expecting when I started reading
> the head post; I was bit surprised at the interventionism to actually
> go ahead and "fix" the site, maybe that would be a better default
> behavior).
Actually, from other feedback we got, I think we may extend the 
mechanism to be even more active, to protect also these pages which are 
not in our list of `known` unprotected login sites with a protected 
alternate site. What we may do is to archive a copy of these sites in 
your machine, and redirect you to the archived copy if/when the site 
`really` changes. This is a bit tricky as we need to ignore these small, 
insignificant changes that many of these sites do.
> 
> 
> btw Regarding unadvertised SSL equivalents, I have noticed if you
> login to gmail, you get SSL for login, but then http for web mailer.
> However if you edit the URL after login to https, it appears to work
> ok over SSL also.
cool, this may also be something we can do for users (essentially 
requires us extending the auto-redirection features with wildcard 
functionality).

-- 
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: 
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post