Re: Security UI is hard from Andrew Bransford Brown on 2017-01-16 (public-webpayments@w3.org from January 2017)

From: Andrew Bransford Brown <andrewbb@gmail.com>
Date: Mon, 16 Jan 2017 11:47:31 -0500
To: Adrian Hope-Bailie <adrian@ripple.com>
Cc: Web Payments <public-webpayments@w3.org>
Message-ID: <CAPS+YFLOEpKwvi1JSnN1Ty=2UZySfJOfad52M1Bzowuf3qtiHQ@mail.gmail.com>

Over the last 15 years, browsers have been compromised.  What was
considered hacking 15 years ago is standard today.

Did you know that a website programmer can change any link with no feedback
to the user?  When you hover over a hypertext link, the browser displays
the destination in the bottom left of the browser.  That can be changed in
a click event.  The browser doesn't protect its own variables.

For example, it's spooky when you see a PayPal link, click it, and it goes
to a site you've never heard of.

Andrew B. Brown
(512) 947-8282
http://KidsCourtyard.com

On Mon, Jan 16, 2017 at 9:14 AM, Adrian Hope-Bailie <adrian@ripple.com>
wrote:

> An excellent column that everyone involved in the browser work should
> read: https://textslashplain.com/2017/01/14/the-line-of-death/
>

Received on Monday, 16 January 2017 16:48:04 UTC