ISSUE-101: Create "visiting known site that is now malware" use case as per ACTION-275 [Note: use cases etc.] from Web Security Context Working Group Issue Tracker on 2007-08-10 (public-wsc-wg@w3.org from August 2007)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 10 Aug 2007 18:31:44 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070810183144.2549A47BA3@mojo.w3.org>

ISSUE-101: Create "visiting known site that is now malware" use case as per ACTION-275 [Note: use cases etc.]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Ian Fette
On product: Note: use cases etc.

In Action-275 I asked that a use case be added to the Web Security Experience, Indicators and Trust: Scope and Use Cases document. I heard support and no dissent, as such I would like to have this added in.

The following is the use case I would like added:

Betty tries to connect to a web site at <http://www.example.com/>. She visits this site frequently to read various news and articles. Since her last visit, the site example.com has been compromised by some method, and visitors are now being infected with malware. A blacklist used by her user agent has since listed example.com as a known bad site, what warnings should Betty be presented with?

Destination Site
- Known, Prior visit
Navigation
- any
Intended interaction
- Information retrieval
Actual interaction
- software installation
Note
- This is slightly different than use case 19. It still deals with how to present results obtained from reputation services, but in the case of a user returning to a site that they believe to be "good" when that site is now believed to be compromised.

Received on Friday, 10 August 2007 18:32:08 UTC