[Cialug] DNS Hijacking
Zachary Kotlarek
zach at kotlarek.com
Thu Aug 6 10:13:43 CDT 2009
On Aug 6, 2009, at 9:56 AM, Todd Walton wrote:
> I figured that was the point of the error screen: you actually had to
> stop and read it. People should not be itchy-finger on the dismiss
> trigger.
I'm pretty sure FF developers just get paid by user-clicks and user-
delay-seconds -- otherwise they wouldn't make it take so long or
require so many clicks to bypass the security warnings. I'm all for
warning people about security threats, but I think their basic threat
assessment is flawed, and I *know* there's no good reason to make me
click so many times to bypass the warning. I might even give you a
pass on an "Are you sure" dialog, but FF requires several clicks
before I even get to the interface where I can click several more
buttons, some of which have non-instant actions, to actually add an
exception and continue browsing.
Even if you agree with the premise of FF's SSL warnings I think you'd
have to admit the implementation of the bypass system is unnecessarily
slow and complex given the common usage case; once you have derived a
user's intent to bypass the warning there is no reason to make them
continue clicking.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20090806/40feedd9/attachment-0001.bin
More information about the Cialug
mailing list