On Monday 16 May 2005 08:03, Michael Vincent van Rantwijk wrote: > Duane wrote: > > http://computerworld.co.nz/news.nsf/UNID/FCC8B6B48B24CDF2CC2570020018FF73 > >?OpenDocument&pub=Computerworld > > > > Up to 300 BankDirect customers were presented with a security alert when > > they visited the bank's website earlier this month — and all but one > > dismissed the warning and carried on with their banking. > > First of all, have you actually looked at this specific warning? I've > seen this warning before, and I'm not impressed either. Why should I? > All it says is that the cert is expired, that's all, so what? These > people must have know that they are on the right side and it might > happen again, because who cares?
Right, like all great statistics, it leaves one asking more questions. In that case, you can conclude either that the customers knew that an expired cert popup is not a security alert, or that they ignored the popup entirely. There is no information there as to what proportion followed either choice. Given that only one user stopped and apparently nobody complained, I'd err on the side of "users ignored the popup". But without re-running the experiment with a real security alert there is no way to know for sure. Is there someone who can run the experiment for real on a stastically meaningful group of people? iang -- http://iang.org/ _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
