[Cialug] DNS Hijacking

Zachary Kotlarek zach at kotlarek.com
Thu Aug 6 10:13:43 CDT 2009


On Aug 6, 2009, at 9:56 AM, Todd Walton wrote:

> I figured that was the point of the error screen: you actually had to
> stop and read it.  People should not be itchy-finger on the dismiss
> trigger.


I'm pretty sure FF developers just get paid by user-clicks and user- 
delay-seconds -- otherwise they wouldn't make it take so long or  
require so many clicks to bypass the security warnings. I'm all for  
warning people about security threats, but I think their basic threat  
assessment is flawed, and I *know* there's no good reason to make me  
click so many times to bypass the warning. I might even give you a  
pass on an "Are you sure" dialog, but FF requires several clicks  
before I even get to the interface where I can click several more  
buttons, some of which have non-instant actions, to actually add an  
exception and continue browsing.

Even if you agree with the premise of FF's SSL warnings I think you'd  
have to admit the implementation of the bypass system is unnecessarily  
slow and complex given the common usage case; once you have derived a  
user's intent to bypass the warning there is no reason to make them  
continue clicking.

	Zach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20090806/40feedd9/attachment-0001.bin 


More information about the Cialug mailing list