| |||||||||||||
Secure Attention KeySecure Attention KeyPosted Mar 30, 2012 1:41 UTC (Fri) by cortana (subscriber, #24596)In reply to: Secure Attention Key by tialaramex Parent article: GNOME 3.4 released
I think there will be ten users who fall for it for every one that raises a ticket with IT. I was less of a pessimist in this regard before I saw this video: http://www.thoughtcrime.org/software/sslstrip/. It's not directly related to the use of secure attention keys, but if users who care enough about their privacy to use tor don't notice that their URL bars say 'http' instead of 'https' then what hope does the average corporate user who just wants to log into their damn computer with a minimum of hassle to do their job?
(Log in to post comments)
Secure Attention Key Posted Apr 15, 2012 16:12 UTC (Sun) by tialaramex (subscriber, #21167) [Link]
I'm familiar with the fact that users are oblivious to the URL scheme (other things real users don't pay any attention to, in a test where they're entering their own, real banking credentials include: those images that confirm the remote site knows who you are by acting as a shared secret, a warning icon in the URL bar, and a dialog saying that the connection is insecure)
I wasn't relying on users to notice that something is wrong so much as for them not to notice that anything has changed. The users I deal with don't _seem_ to read that message about pressing Ctrl-Alt-Del and you can't stop it working, so it seemed to me that if people just press it by reflex everything works out OK. Judging from the other reply though, I was wrong.
|
|||||||||||||