Trusted Links are Security Vulnerabilities?
Apparently, this popup has been lurking in IE for a while now, but today was the first time I ran into it:
Note the warning: "Allowing this can expose your computer to security risks. If you don't trust the current Web page, choose No."
Yes, you can question my wisdom of trusting www.micrsoft.com. Regardless, what are normal users actually supposed to do in this situation?
Technically speaking, I don't see why I should trust www.google.com in this case -- after all, I'm not using SSL to talk to Google. There's no link or reference in the popup as to why this is a vulnerability. There's no check box to remember my choice, so I get to answer this every time I go to Microsoft via Google.
A casual reading makes it sound like the mere existence of a trusted site is a security vulnerability, which... may be right? Since you can't actually figure out the intent of the box, you're left to guesswork.
We've been hearing for at least a year from banking and finance sites that unexplained popups are themselves phishy. And now IE itself has introduced one.
Very confusing. The worst part of it all is that when users are confronted with confusing security warnings, they will tend to ignore all security warnings, due to a boy who cried wolf effect.
Note the warning: "Allowing this can expose your computer to security risks. If you don't trust the current Web page, choose No."
Yes, you can question my wisdom of trusting www.micrsoft.com. Regardless, what are normal users actually supposed to do in this situation?
Technically speaking, I don't see why I should trust www.google.com in this case -- after all, I'm not using SSL to talk to Google. There's no link or reference in the popup as to why this is a vulnerability. There's no check box to remember my choice, so I get to answer this every time I go to Microsoft via Google.
A casual reading makes it sound like the mere existence of a trusted site is a security vulnerability, which... may be right? Since you can't actually figure out the intent of the box, you're left to guesswork.
We've been hearing for at least a year from banking and finance sites that unexplained popups are themselves phishy. And now IE itself has introduced one.
Very confusing. The worst part of it all is that when users are confronted with confusing security warnings, they will tend to ignore all security warnings, due to a boy who cried wolf effect.
posted by todb at 12:07 PM
0 comments
links to this post
