Fw: ACTION-128 Document current practice in terms of security UI robustness from Mary Ellen Zurko on 2007-03-06 (public-wsc-wg@w3.org from March 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Tue, 6 Mar 2007 09:05:49 -0500
To: beltzner@mozilla.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF8317359F.AE66AAD8-ON85257296.004B4B8C-85257296.004D7020@LocalDomain>

Thanks Mike. 
I've got some questions on the ones you put out there: 

> multiple indicators used to indicate status, such as SSL connections 
being indicated by different color in the URL bar, padlock icon in the URL 
bar and padlock icon in the status bar 

The theory on that is that robustness is enhanced by the redundancy? That 
it's harder to attack 2 than it is 1, and 3 is even better? 

> unspoofable UI elements that cross the chrome-content border, such as 
the anti-phishing warning bubble 

I'm unfamiliar with that that is, and why it's unspoofable. Can you 
provide a pointer or say what it is and why it's unspoofable? I didn't get 
a lot of good hits when I searched around. 

> UI controls that are disabled until in focus for a certain amount of 
time to prevent click-through and "whack a mole" attacks where users are 
encouraged by nuisance elements to continually click in a given location 

Ditto on this one. I'm unfamiliar with this, so could use a more detailed 
explanation (or a pointer) on what it does and how that increases 
robustness. I'm unfamiliar with click-through and "whack a mole" attacks. 
>From what you say, it sounds a bit more like users getting used to asking 
questions they're ignored than an attack, so I must be misunderstanding. 
Would this be an attack where a script puts up a bunch of dialogs where 
the "warning" dialog will appear, one after the other, to get the user 
hitting the click, and having them allow the attack through the warning 
dialog, and not even noticing? Nice thought. Have there be any of those in 
the wild (just curious). 

> strict cross-site scripting execution policies to ensure that content is 
being rendered from appropriate sources 

Here's a reference (in case we need one): 
http://en.wikipedia.org/wiki/Cross_site_scripting
It seems that this would be a merit of the status quo that we missed in 
the current draft of the Note. Policies against accessing data to/from 
other sites through web user agent scripting languages. 


----- Forwarded by Mary Ellen Zurko/Westford/IBM on 03/06/2007 08:00 AM 
-----
Mike Beltzner <beltzner@mozilla.com>
03/06/2007 01:16 AM


To
Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
cc

Subject
ACTION-128  Document current practice in terms of security UI robustness








ACTION-128

Took me a while to remember what we were trying to do here, but I've 
created a wiki page with the start of a list of various techniques 
used by Mozilla to render the communication channel between browser 
and user as robust and "spoof free" as possible.

http://www.w3.org/2006/WSC/wiki/NoteMozillaCurrentPractise

Johnathan (or others) should feel free to add to this list, but I'm 
going to close out the action since it was to get the documentation 
started.

This closes ACTION-128.

cheers,
mike

Received on Tuesday, 6 March 2007 14:06:12 UTC