[widgets] View modes security considerations from David Rogers on 2009-11-03 (public-webapps@w3.org from October to December 2009)

From: David Rogers <david.rogers@omtp.org>
Date: Tue, 3 Nov 2009 02:10:02 -0000
To: "public-Webapps@w3.org WG" <public-webapps@w3.org>
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0601E5F330@exch-be14.exchange.local>

Hi there,

 

As promised and discussed this afternoon, some basic text for a Security
Considerations section in the widgets view modes spec:

 

 

"

Security Considerations

 

Implementers of this specification are asked to take into account and
design appropriate measures to deal with the following points for the
purpose of user security:

 

Widgets could be intentionally designed to visually dupe or confuse the
user for social engineering purposes. Some methods that could be used to
do this could be:

 

*         widgets that the user cannot see (full-screen invisible
widgets in front of other things on the screen, such as a PIN-code
entry)

*         widgets that have a size smaller than the user can reasonably
see (e.g. a 0.00001 x 0.00001 widget)

*         widgets that have no chrome that could masquerade as some
other existing object on the screen (for example a lock and key)

"

 

Thanks,

 

 

 

David.

 

 

David Rogers
OMTP Director of External Relations

Received on Tuesday, 3 November 2009 02:10:49 UTC