CHI -- Security Papers

I'm in the CHI papers session on Security.

The first paper is 'Why phishing works.'  Interesting point: both security designers and phishers use user interface techniques to accomplish their goals. Three basic categories of reasons why phishing works:

  • lack of knowledge ( e.g. about URLs, security indicators)
  • visual deception (e.g. 'vv' istead of 'w', overlaying windows,embedding fake address and status bar in page )
  • bounded atention (i.e. inattention to secuirty indicators) 

In their study of whether people can correctly identify real and phishing sites, participant knowledge and use of security indicators was the best indicator of success in correctly identifying the sites. Though in walking through the examples, the reasons why people made mistakes were all over the place.

Interesting suggestion: that product teams 'spoof' their own design in the testing of their web sites, to see how easy it is to convincingly phish your site.

Another interesting design point: address bar prints the URL in small type that's hard to read; can you re-size the text to make it bigger and more readable?

Second paper: Secrecy, Flagging and Paranoia: Adoption Criteria in encrypted E-mail. There is an argument that people should encrypt all of their email. Conventional wisdom is that people don't encrypt email because it's too hard. Their user study showed that in fact people often don't encrypt email because there is a social meaning (in fact, a negative stigma) associated with encryption that they don't want to convey. People will use it for financial information, and for protecting secret planning information. But recipients think that if it's encrypted it must be important -- so encrypting all email would send the wrong message (no pun intended). This was a pretty limited study and it's unclear how much it can be generalized, but it's an interesting thought.

Third paper:  Do Security Toolbars Actually Prevent Phishing Attacks? There are many browser toolbars that try to help identify phishing sites. The categories of toolbars:

  • neutral info: domain name, date registered, country registered
  • System-decision: propose whether the site is OK or potentially fraudulent
  • SSL-verification: presents a logo if it's a verified site.

Recurring point: security is almost never the user's primary task and we don't want to make it the primary task, but we do want the user to be motivated and engaged to make good decisions. Their results are that secuirty toolbars are not as effective as one would hope in preventing phishing attacks. The study reinforces the notion that users don't understnad or know how to parse URL's. Interestingly, anecdotal comments suggest that false-positives in spam filters cause people to expect anti-phishing spoolbars to be wrong some percentage of the time. In other words: often the phishing web site looks more credible than the toolbar. Also, since security is a separate, secondary task, people's desire and focus on getting the primary task done overrides the focus on the secondary task. This is a bizarre dilemma: we don't want to make security the primary task, but then users will often override security in favor of the primary task and open themselves up to phishing attacks.

 

 


read more:


You Searched for

Adoption

Click Adoption to go to Orphan Art Inc
SEARCH RSS NEWS USING THE WORDS BELOW

Adoption | Adopting Orphans | Orphans and Hope | Art Therpy for Orphans | Sailing to see Orphans | Travel to Costa Rica | Therpy and Art | Helping children deal with stress | War and children | Orphans of Uganda | Orphans Of India | Orphans of Costa Rica | Orphans of War | War Orphans | Orphans of Thailand | Orphans of the War | orphans of the world | Changing Lives | Changing your live | Street Children Living In dumps | Images Of Orphans | Orphans Pictures | Orphans Hearts | Orphanages in Thailand | Orphnages in Cambodia | Orphanges in Burma | Burma and it sOrphans | Thailand and its orphans | India and its Orphans | Orphanages in Cuba | Aids and Orphans | Orphan Helpers | Aids making Orphans | World Wide help | Helping World Wide | Things to change your life | Changing the World | Why Help Others | Helping Children Grow | Helping Kids with art | orphans And Art | What to do to help Orphans | Where to go to change your life | Kids Souls | Forgotton Kids in Burma | Kids are our Future | kids of the world | Kids Helping Kids | worlwide help for Orphans | Help for the street kids | India needs help | The children of India Needs help | I went there and saw the horror | Kids living in dump sites | Kids and ther future | Kids and painting | Kids and Paints | Sailing to Cuba Alone | Cuba and its Orphans | Orphan Art | Orphans Art | Art by orphans | help for orphan kids | Street orphans Atrt work | Orphan Art | Helping Orphans | Kids Art Prints | Kids Art Work | Orphaned children | Kids Christmas Cards | Visit Orphanges | Brice Keller and orphans | Travel to see orphans | kids around the world | Cuban Orphanages | Cambodian Orphan | Thailand Orphan | Burmese Orphans | Karen Orphans | Vietnam orphans | Adoption of orphans | Helping street orphaned kids | Going to see orphans | Travel to Orphanages | Panamas Orphan | Ugandas Orphans | Kids and artworh therapy | Art Work for sale from Kids | Orphans and art | Art And Orphans | Kids in Asia | Kids living on the street | Travel to Cambodia | Traveing To Cuba | Traveling to Thaialnd | Traveling To Panama | Karen Refugees | Refugees in Burma | Hope for orphaned Kids | Children without parents | Adoption |



www.orphanart.org

(c) Copyright 2005 Orphan Art Inc.
© 2001-02 Orphan Art, Inc.
The Orphan Art site is protected.
By viewing this site you agree to not copy, extract, or manipulate any of the contents within this site.