On Wed, Oct 29, 2014 at 2:02 PM, Dean Coclin <[email protected]> wrote:
> But many people do in fact look at the security indicators. If that > statement were true, why do fraudsters bother to get SSL certs (mostly DV) > for their phishing websites? It's because they know that people are trained > to look for the lock and https. Granted not all the people know this but a > percentage of the population does and it dictates the behavior of > cybercriminals. Some people do look at the security indicators some of the time. Since it's easy and affordable to get a certificate — as it should be! Thank you! And help me convince all the web developers out there who believe otherwise :) — phishers and fraudsters might as well pay the small price if they can soothe the concerns of some potential victims some of the time. Related: https://www.ccsl.carleton.ca/people/theses/Sobey_Master_Thesis_08.pdf """ 5.4 Time Spent Gazing at Browser Chrome One of the more interesting findings in the eye tracking data was how long users spent gazing at the content of the web pages as opposed to gazing at the browser chrome. For each participant, we compared the amount of time the participant’s gaze data contained co-ordinates within the browser chrome during the study tasks with the amount of time the participant’s gaze data contained co-ordinates in the page content. On average, the 11 participants who were classified as gazers spent about 9.5% of time gazing at any part of the browser chrome. The remaining 17 participants who did not gaze at indicators spent only 4.3% of their time focusing on browser chrome as opposed to content (some spent as little as 1%). """ Tangentially related: http://eprints.qut.edu.au/55714/1/Main-ACM.pdf _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
