[16871] in cryptography@c2.net mail archive
Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Feb 9 16:37:20 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 9 Feb 2005 16:06:27 -0500
From: Adam Shostack <adam@homeport.org>
To: Ian G <iang@systemics.com>
Cc: cryptography@metzdowd.com, cap-talk@zesty.ca
In-Reply-To: <420A62DD.3020808@systemics.com>
On Wed, Feb 09, 2005 at 07:22:05PM +0000, Ian G wrote:
| Adam Shostack wrote:
|
| >Have you run end-user testing to demonstrate the user-acceptability of
| >Trustbar?
| >
| >
|
| Yes, this was asked over on the cap-talk list.
| Below is what I posted there. I'm somewhat
| sympathetic as doing a real field trial which
| involves testing real responses to a browser
| attack raises all sorts of heisenberg uncertainty /
| experimental method issues. Off the top of
| my head, I think this is a really tricky problem,
| and if anyone knows how to test security
| breaches on ordinary users, shout!
There's an HCIsec group at YahooGroups:
http://groups.yahoo.com/group/hcisec/
Most of the smart people who care about these issues hang out there.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
