E-commerce has been a HUGE success. People buy things over the web now in HUGE amounts. It really has impacted "brick and mortar" businesses. And it gets almost NO bad press. People simply don't hear that large numbers of people are incurring substantial losses because of unwise choices in E-commerce. The public is largely fearless about internet use, quite a switch from the way it was 8-10 years ago, when most people were very afraid to attempt e-commerce.
Today, that fearless attitude is why people click past all the warnings. They've never heard of someone who suffered because he ignored them. So, the public ignores them too. branding doesn't solve that. You can't entice people with the words "safer, more secure" when the public feels no lack of safety.
I beg to differ there are a lot of people not even willing to use internet banking and my parents alone took hours to convince other wise and that using a telephone was possibly less secure then doing so over the internet, especially if they used a mobile/cordless phone to access their account...
They realised there was potentially a lot of benefit but were still not willing to try it without a lot of coaxing and reassuring that it was for the most part safe or liability covered by the bank, which if the banks screw up they are liable for...
Unfortunately, I think it is better protected than the public cares it to be.
How can unsecured websites be protected from sniffing or MITM?
banking websites are so vulnerable? Can you substantiate that?
News reports of poorly handled session cookies on UK/European bank sites in 2002 or was it 2003, but yes there have been some embarrassment for the banking industry... I don't remember specifics but I'm pretty sure it was reported on theregister.co.uk at some point...
One area where people still do take some care about their web security is banking. I've not heard or read any reports of succesful attacks on bank web sites. (Except, see below)
Dig a little deeper then, they may not have been in it for the money but they sure as hell broke the website...
Maybe we should abandon trying to get screen real estate, and instead have a voice that sounds like Mom, saying "Don't you even THINK of typing your confidential information into that screen, young man!" :)
Anything made too annoying will generate complaints and users simply will revert to a less annoying product or an earlier version...
In the meantime, taking away the overrides seems reasonably sensible.
And you will take away the user base with it... I for one would hate to have a browser shove that kind of over kill down my throat with the lack of secure websites out there I would constantly see prompts all the time, so unless security comes at a reasonable value I don't see how you can make that choice for everyone...
Their site even displays a WebTrust seal!
This is just another nail in the coffin for the value people should hold in webtrust, that is completely outrageous that some company can think they could hold all that information on you, also goes to show the value people put on their personal information... pens for passwords anyone?
tells me I'm dealing with a fortune 500 company with a good credit rating vs a fly-by-night outfit might be a LOT more meaningful than the present certs. Similarly, a cert from the Better Business Bureau stating that I'm dealing with a company that satisfactorily resolves 99% of consumer complaints would be to my liking.
Yes yes just like if you bank for years and years, don't gain a credit rating and then try and get a house loan only to be rejected, just because these companies don't list you doesn't make you a bad company and you shouldn't be discriminated against, also how much do you think this would add on top of the cost of certificates, pushing them even further out of reach and actually preventing online transactions from being secure? surely any security has to be a lot better then a plain text connection...
Maybe it's up to the CAs themselves to start offering more real value to the relying parties in their cert contents. This probably doesn't bode well for low cost CAs though.
Again, increased cost forcing more people to setup websites getting credit cards without any form of encryption...
Privacy is a right so why put a dollar value on the method to have privacy when sending financial information?
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
