- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Tue, 6 Mar 2007 09:05:49 -0500
- To: beltzner@mozilla.com
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF8317359F.AE66AAD8-ON85257296.004B4B8C-85257296.004D7020@LocalDomain>
Thanks Mike. I've got some questions on the ones you put out there: > multiple indicators used to indicate status, such as SSL connections being indicated by different color in the URL bar, padlock icon in the URL bar and padlock icon in the status bar The theory on that is that robustness is enhanced by the redundancy? That it's harder to attack 2 than it is 1, and 3 is even better? > unspoofable UI elements that cross the chrome-content border, such as the anti-phishing warning bubble I'm unfamiliar with that that is, and why it's unspoofable. Can you provide a pointer or say what it is and why it's unspoofable? I didn't get a lot of good hits when I searched around. > UI controls that are disabled until in focus for a certain amount of time to prevent click-through and "whack a mole" attacks where users are encouraged by nuisance elements to continually click in a given location Ditto on this one. I'm unfamiliar with this, so could use a more detailed explanation (or a pointer) on what it does and how that increases robustness. I'm unfamiliar with click-through and "whack a mole" attacks. >From what you say, it sounds a bit more like users getting used to asking questions they're ignored than an attack, so I must be misunderstanding. Would this be an attack where a script puts up a bunch of dialogs where the "warning" dialog will appear, one after the other, to get the user hitting the click, and having them allow the attack through the warning dialog, and not even noticing? Nice thought. Have there be any of those in the wild (just curious). > strict cross-site scripting execution policies to ensure that content is being rendered from appropriate sources Here's a reference (in case we need one): http://en.wikipedia.org/wiki/Cross_site_scripting It seems that this would be a merit of the status quo that we missed in the current draft of the Note. Policies against accessing data to/from other sites through web user agent scripting languages. ----- Forwarded by Mary Ellen Zurko/Westford/IBM on 03/06/2007 08:00 AM ----- Mike Beltzner <beltzner@mozilla.com> 03/06/2007 01:16 AM To Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> cc Subject ACTION-128 Document current practice in terms of security UI robustness ACTION-128 Took me a while to remember what we were trying to do here, but I've created a wiki page with the start of a list of various techniques used by Mozilla to render the communication channel between browser and user as robust and "spoof free" as possible. http://www.w3.org/2006/WSC/wiki/NoteMozillaCurrentPractise Johnathan (or others) should feel free to add to this list, but I'm going to close out the action since it was to get the documentation started. This closes ACTION-128. cheers, mike
Received on Tuesday, 6 March 2007 14:06:12 UTC