- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Thu, 16 Aug 2007 13:31:07 -0400
- To: "'Ian Fette'" <ifette@google.com>, "'Luis Barriga \(KI/EAB\)'" <luis.barriga@ericsson.com>
- Cc: <public-wsc-wg@w3.org>
- Message-ID: <004001c7e02b$3b89f160$6500a8c0@dschutzer>
I agree with the use case and the suggested additions _____ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Ian Fette Sent: Thursday, August 16, 2007 12:46 PM To: Luis Barriga (KI/EAB) Cc: public-wsc-wg@w3.org Subject: Re: New use case for malware at previously visited site Good point... I would agree that the point in time where the site has been cleaned up is yet another distinct case. On 8/16/07, Luis Barriga (KI/EAB) < luis.barriga@ericsson.com> wrote: More than that. How does Betty can re-gain trust on this site once it has been sanitized? Should the user agent just transparently allow access to the site upon visit after the site is clean? Or should the UA inform Betty? Note the life cycle difference with (temporal) malicious sites that have been created with bad purposes from the beginning. The use case below starts witha good trusted site, that was infected and untrusted, but once sanitized it would certainly want to be back in business again. Luis _____ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Ian Fette Sent: den 1 augusti 2007 23:47 To: public-wsc-wg@w3.org Subject: New use case for malware at previously visited site Hi all, I took on an action item in today's distributed meeting to add a use case for a user browsing to a known malware site which has been previously visited. I wanted to send this out to the list for comments, since I know we're trying to come to consensus on the scope and use cases document. Here's the use case I would like to add: Betty tries to connect to a web site at <http://www.example.com/>. She visits this site frequently to read various news and articles. Since her last visit, the site example.com <http://example.com/> has been compromised by some method, and visitors are now being infected with malware. A blacklist used by her user agent has since listed example.com <http://example.com/> as a known bad site, what warnings should Betty be presented with? Destination Site - Known, Prior visit Navigation - any Intended interaction - Information retrieval Actual interaction - software installation Note - This is slightly different than use case 19. It still deals with how to present results obtained from reputation services, but in the case of a user returning to a site that they believe to be "good" when that site is now believed to be compromised. (If anyone has questions about whether this should be in scope, I would emphatically say yes... it falls under 4.4 in the use case document (Third-party recommendation) in the case of blacklists, can potentially fall under 4.5 if a user agent takes history into account (i.e. you're navigating to example.com <http://example.com/> which you visit daily, but now for some reason it's on a blacklist your browser uses). This is not meant to be detection, but how to display a warning that you're navigating to a site known to be malicious by a trusted (3rd) party. Further, the document states "The Working Group will only consider Web interactions in which a human participates in making a trust decision" - visiting a site that is on a malware blacklist presents a trust decision - do I trust this site to be safe to visit, or do I believe the warning that my browser and system are about to be owned if I actually visit this site? If anyone has questions / concerns / suggestions regarding this proposed use case, I'd love to hear them. Regards, Ian Fette
Received on Thursday, 16 August 2007 17:31:40 UTC