- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Fri, 31 Aug 2007 22:24:58 -0000
- To: "Ian Fette" <ifette@google.com>
- Cc: <public-wsc-wg@w3.org>
Ian Fette wrote: > Anyhow, with spoofing, I guess I am really skeptical. Even when > the user chooses a picture ( i.e. Passmark SiteSecure), they can > be easily phished. (I seem to recall a study where the SiteSecure > picture was replaced with "Not Available, server maintenance" or > something like that, and users went right on by). I'm really > worried that similar attacks are likely to work against PII-bar. I think the study you're referring to is "The Emperor's New Security Indicators" <http://usablesecurity.org/emperor/>. I'm not sure which aspect of spoofing you're now addressing, since I don't think that study addressed Picture-in-Picture attacks. For the spoofing scenarios addressed in the Emperor paper, I think a crucial difference between the site-authentication image and the PII bar is that the former doesn't change the user interaction at all in the event of an attack. In both the attack scenario and the normal scenario, the user's next action is to type in their password. Consequently, lack of options and force of habit causes the user to forge ahead. The PII bar is significantly different in this respect. In the normal login scenario, the user does *not* type in their password and so the attacker must convince the user to not only change their habits, but to engage in a more burdensome interaction: manually typing in their password. The PII bar also provides a convenient interface for the user to quickly get to their legitimate web sites, giving the user a better way to move ahead with their task. --Tyler
Received on Friday, 31 August 2007 22:25:45 UTC