security warnings
play

Security warnings Cristian Bravo-Lillo C MU U sable P rivacy and S - PowerPoint PPT Presentation

Jan 24, 2024 •521 likes •877 views

Security warnings Cristian Bravo-Lillo C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ Sources : http://www.homebizseo.com 2 2 http://purpleslinky.com/humor/travel/nine-funny-warnings-signs-to-make-you-laugh/ C MU U

  1. Security warnings Cristian Bravo-Lillo C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/

  2. Sources : http://www.homebizseo.com 2 2 http://purpleslinky.com/humor/travel/nine-funny-warnings-signs-to-make-you-laugh/ • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  3. Warning signs go up to stop Poles stealing river fish for Christmas dinner To any peckish Poles or ravenous Romanians, the message could not be clearer: Keep off our fish. Three roadsign-style warnings were launched yesterday to stop Eastern European immigrants from spearing, taking home and cooking coarse fish from our rivers, lakes and canals. The initiative is timely because carp and pike are a traditional Christmas dish in Poland and officials fear an increase in fish rustling over the next few weeks. (...) The trust's director, Michael Heylin, said: "These are easy to understand so there will be no excuses. "The pictures clearly mean, "Don't steal, cook or kill fish". "The Environment Agency has signs in 19 languages, but unless you know the nationality of the thief they won't work.” (...) 3 3 Source : http://www.dailymail.co.uk/news/article-495199/Warning-signs-stop-Poles-stealing-river-fish-Christmas-dinner.html • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  4. Sources : http://purpleslinky.com/humor/travel/nine-funny-warnings-signs-to-make-you-laugh/ http://www.piste-off.com/photos-signs.asp 4 4 http://www.govisithawaii.com/2009/02/03/signs-of-hawaii-beach-safety-warnings/ • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  5. 5 5 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  6. Elements common to all warnings over Something Something Risk Risk we value we value Someone Someone who knows who knows can do about something about from Message Message Audience Audience to 6 6 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  7. What is a warning anyway?  Warnings are communications to avoid people hurt themselves or hurt others (Wogalter 2006)  Purposes: 1.To avoid people being hurt by an external factor. 2.To modify people's behavior, to promote compliance with safety regulations. 3."To reduce or prevent health problems, workplace accidents, personal injury, and property damage". 4.Intended as reminders of a hazard to already-aware people. 5.Warnings may also serve as a legal instrument to transfer liability from the maker of a product to the consumer. 7 7 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  8. Common elements revisited (physical warnings) over Risk Risk Life Life Someone Someone who knows who knows can do about something about from Signal word panel Signal word panel Audience Audience Message panel Message panel to  Typical fields for warnings: • Foods, chemicals, road signs, kids toys, heavy machinery, lab facilities, etc. 8 8 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  9. Common elements revisited (physical warnings) over Risk Risk Life Life Someone Someone who knows who knows can do about something about from Signal word panel Signal word panel Audience Audience Message panel Message panel to  Typical fields for warnings: • Foods, chemicals, road signs, kids toys, heavy machinery, lab facilities, etc. 9 9 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  10. What about computer warnings?  “Communications that alert users to take immediate action to avoid a hazard” (Cranor 2008) 10 10 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  11. Common elements revisited (computer warnings) over Risk Risk Information Information System System developer developer can do something about about? from Warning Warning User User dialog dialog to  Typical fields for warnings: • Operating system, browsers, email clients, productivity software, entertainment software, etc. 11 11 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  12. People do not heed (computer) warnings  Some results on computer warnings: • People provide their passwords even in absence of security indicators or in presence of warnings (Schechter et al 2007) • People do not heed passive SSL indicators unless primed to (Whalen et al 2005) • Users trust more in sites' “look-and-feel” than security on websites (Wu et al 2006) • Users do not pay attention to security toolbars (Wu et al 2006) 12 12 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  13. Example 1: phishing warnings (1/2)  Phishing is specially dangerous  Egelman et al performed a study about phishing warnings effectiveness: • 4 different conditions  Active Firefox 2.0 warning  Active MSIE 7.0 warning  Passive MSIE 7.0 warning  No warning • Spear phishing messages were sent to 60 participants with spoofed versions of Amazon and eBay. 13 13 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  14. Example 1: phishing warnings (2/2)  Results? • 97% fell for at least one phishing message • 79% of users who received an active warning heeded it • 13% of users who received a passive warning heeded it • Firefox active indicators were better understood and heeded more often than active MSIE warnings • Active warnings are better than passive ones  It's worst: • Correlation found between recognizing the warning and heeding it • 32% of those who heeded the warnings believed that emails were legitimate ( what? ) 14 14 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  15. Example 2: SSL warnings (1/3)  Sunshine et al performed a study about SSL warnings: • An online survey:  409 users, screenshots of SSL in FF2, FF3 and IE7  Expired certificates, with unknown issuer and with mismatched domain names  Between ~30% (IE7, domain mismatch) and ~60% (FF2, expired certificate) reported they would proceed to the site  Belief on protection due to op. System (Linux, Mac) • A lab between-subjects study:  100 users were shown two new “cooked” warnings 15 15 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  16. Example 2: SSL warnings (2/3) 16 16 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  17. Example 2: SSL warnings (2/3) 17 17 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  18. Example 2: SSL warnings (3/3)  Results? • Single page performed better than FF2 and IE7 • Multi-page performed better than FF2 and IE7 • FF3 performed better than FF2 and IE7, and almost equal to single and multi-page warnings. • People more likely to read multi-page than FF2, FF3 and IE7.  Promising, but: • 30% of participants who saw the redesigned warnings thought they had seen them before ( what? ). 18 18 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  19. Tools for computer warning analysis  Warnings can be analyzed from a psychological view: • Hazard control hierarchy (Wogalter 2006)  Design out → Guard against → Warn about • False-alarms decrease trust in detection systems (Breznitz 1984)  Human-in-the-loop framework (Cranor 2008) • Modified C-HIP to better suit computer warnings  An iterative trust-game 19 19 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  20. Hazard control hierarchy 1. Design out: • Can the risk be eliminated from the system? 2. Guard against: • Can the risk be guarded so the user does not fall for it? 3. Warn: clearly indicate: • What is the risk • What are the consequences of not complying • How to avoid the risk 20 20 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  21. The False-Alarm Effect (1/2)  Described by Breznitz: • 1900: a tornado gets near Florida  Nobody knows → nobody is scared.  When you see it → too late → alarms are “certain” • 2000: a tornado gets neat Florida  Weather forecast networks announces tornado may hit Florida 11 days in advance  At last moment, the tornado heads to Atlantic → False- alarm  What is different? • 1900: No ability to forecast → No “false alarms” • 2000: Ability to forecast → false alarms → decrease in trust on detection system 21 21 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  22. The False-Alarm Effect (2/2) 22 22 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  23. The False-Alarm Effect (applied to computer warnings)  “Detection system” ≈ “System”  If risk is not immediate, warning the user will decrease her trust on the system 23 23 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

  24. The iterative trust game  If there is a hazard, • System may choose to warn or not • In case the user is warned, she may choose to heed or not  In almost any case, there is an undesired outcome 24 24 • C MU U sable P rivacy and S ecurity Laboratory • http://cups.cs.cmu.edu/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Warnings-Based Claims in Product Liability Navigating U.S. Standards for Warnings; Leveraging the

Warnings-Based Claims in Product Liability Navigating U.S. Standards for Warnings; Leveraging the

Presenting a live 90-minute webinar with interactive Q&A Warnings-Based Claims in Product Liability Navigating U.S. Standards for Warnings; Leveraging the Requirements in Litigation WEDNESDAY, APRIL 25, 2012 1pm Eastern | 12pm Central

768 views • 54 slides
Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
-Wall found compilation errors Aditya Kumar Facebook Enable compiler warnings with -Wall

-Wall found compilation errors Aditya Kumar Facebook Enable compiler warnings with -Wall

-Wall found compilation errors Aditya Kumar Facebook Enable compiler warnings with -Wall -Werror Compiler warnings are precise static analysis tools -Wall enables most relevant compiler warnings Widely used warnings, well

917 views • 8 slides
Tobacco Package Health Warnings: International Developments and Best Practices Rob Cunningham

Tobacco Package Health Warnings: International Developments and Best Practices Rob Cunningham

Tobacco Package Health Warnings: International Developments and Best Practices Rob Cunningham UICC World Cancer Congress Aug. 30, 2012 Montreal, Canada Conclusions Use picture warnings Size as large as achievable Do not use

864 views • 68 slides
Warnings Peculiarity of the Paper: Conference Topic and Idea itself One Vote / One Share v. One

Warnings Peculiarity of the Paper: Conference Topic and Idea itself One Vote / One Share v. One

The Protection Project Regional Conference on "Corporate Social Responsibility in the Arab World" - Istanbul, Turkey Giovanni Tamburrini giovanni@solbridge.ac.kr Wenqing Zhang wzhang@solbridge.ac.kr Warnings Peculiarity of the

473 views • 15 slides
Wellbeing Manifesto for Aotearoa New Zealand Warnings At the end of this presentation I show an

Wellbeing Manifesto for Aotearoa New Zealand Warnings At the end of this presentation I show an

Wellbeing Manifesto for Aotearoa New Zealand Warnings At the end of this presentation I show an image and voice of Geoffrey Gurrumul Yunupingu who died last year. During this presentation I may say things that upset mental heath professionals.

480 views • 29 slides
Warnings: Whats Working, Whats Not Proposition 65 Clearinghouse September 23, 2019

Warnings: Whats Working, Whats Not Proposition 65 Clearinghouse September 23, 2019

Warnings: Whats Working, Whats Not Proposition 65 Clearinghouse September 23, 2019 2 Moderator: Carol Monahan-Cummings Chief Counsel, OEHHA Panel: Rachel Michelin President, California Retailers Association Judith Praitis

417 views • 15 slides
R Warnings Educational content Contains technologies that are now dead Listen at

R Warnings Educational content Contains technologies that are now dead Listen at

R Warnings Educational content Contains technologies that are now dead Listen at your own risk Algorithms and Formats for Adaptive Streaming Ali C. Begen, Streaming Artichoke Viewer Discretion is Advised The following content

948 views • 55 slides
- Pruning the SASLOG Digging into the Roots of NOTEs, WARNINGs, and ERRORs A

- Pruning the SASLOG Digging into the Roots of NOTEs, WARNINGs, and ERRORs A

- Pruning the SASLOG Digging into the Roots of NOTEs, WARNINGs, and ERRORs A clipping from the original, provided for the Toronto Area SAS Society, December 2007 Andrew T. Kuligowski The Nielsen Company Pruning the SASLOG

391 views • 18 slides
Warnings for this talk Software, not the disaster. Earthquake 22 February 2011 12:51pm

Warnings for this talk Software, not the disaster. Earthquake 22 February 2011 12:51pm

Warnings for this talk Software, not the disaster. Earthquake 22 February 2011 12:51pm It's bad.. 185 :deaths 15002000 injuries Social Media I am Okay. One update, reaches everyone. One Tweet. One Facebook

1.11k views • 85 slides
Cause-Effect Pairs http://www.kaggle.com/c/cause-effect-pairs/ Goals: Introduction to the

Cause-Effect Pairs http://www.kaggle.com/c/cause-effect-pairs/ Goals: Introduction to the

In [1]: import numpy as np import pandas as pd import os import warnings import time warnings.simplefilter("ignore") In [2]: from sklearn.svm import SVR from sklearn.linear_model import SGDRegressor, LinearRegression from sklearn.tree

471 views • 17 slides
Getting the Message Across - Sharing Warnings Dr Renato Iannella Principal Scientist

Getting the Message Across - Sharing Warnings Dr Renato Iannella Principal Scientist

OASIS/ITU Workshop and Demonstration of Advances in ICT Standards for Public Warning 19-20 October 2006, Geneva, Switzerland Getting the Message Across - Sharing Warnings Dr Renato Iannella Principal Scientist renato@nicta.com.au NICTA SAFE

499 views • 33 slides
Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby presented by David Cok Systems Research Group School of Computer Science and Informatics University College Dublin ESC/Java2 by design, neither sound

628 views • 33 slides
Public warnings on public displays Presentation to the W3C Workshop on Web-based Signage The

Public warnings on public displays Presentation to the W3C Workshop on Web-based Signage The

Public warnings on public displays Presentation to the W3C Workshop on Web-based Signage The Ericsson interest Ericsson has a vision about the networked society Where connectivity helps you make sense and more of your world

105 views • 10 slides
Introduction to GDB Here We Start Crashes, errors and warnings are part of a C programmers

Introduction to GDB Here We Start Crashes, errors and warnings are part of a C programmers

Introduction to GDB Here We Start Crashes, errors and warnings are part of a C programmers life Debugger allows the programmer to take a look at the program in execution to deduce the cause of crashes and erroneous results Debugger

595 views • 13 slides
Securing Social Media Admissions: Investigative Strategies, Spoliation Warnings, Use of Subpoenas

Securing Social Media Admissions: Investigative Strategies, Spoliation Warnings, Use of Subpoenas

Presenting a 90-Minute Encore Presentation of the Webinar with Live, Interactive Q&A Securing Social Media Admissions: Investigative Strategies, Spoliation Warnings, Use of Subpoenas to Obtain Evidence Finding and Obtaining Admissions by

447 views • 32 slides
We Are Humor Beings: Understanding and Predicting Visual Humor Shuai Wang University of Toronto

We Are Humor Beings: Understanding and Predicting Visual Humor Shuai Wang University of Toronto

We Are Humor Beings: Understanding and Predicting Visual Humor Shuai Wang University of Toronto March 29, 2016 1 / 31 Intro An integral part but not understood in detail 2 / 31 Intro An integral part but not understood in detail

493 views • 31 slides
' $ Algebraic Semiotics and User In terface Design Joseph A. Goguen Departmen t of

' $ Algebraic Semiotics and User In terface Design Joseph A. Goguen Departmen t of

' $ Algebraic Semiotics and User In terface Design Joseph A. Goguen Departmen t of Computer Science & Engineering Univ ersit y of California at San Diego & % ' $ ABSTRA CT HCI lac ks scien tic

697 views • 20 slides
1 Learning for WSD WSD line Corpus Assume part-of-speech (POS), e.g. noun, verb,

1 Learning for WSD WSD line Corpus Assume part-of-speech (POS), e.g. noun, verb,

Sub-Problems in NLP Understanding / Comprehension Speech recognition Syntactic analysis CS 391L: Machine Learning Semantic analysis Natural Language Learning Pragmatic analysis Generation / Production Content

608 views • 21 slides
Trauma Written in Plywood and Flesh Hurricane Graffiti, Post-Katrina Tattoos, and the Value of

Trauma Written in Plywood and Flesh Hurricane Graffiti, Post-Katrina Tattoos, and the Value of

Trauma Written in Plywood and Flesh Hurricane Graffiti, Post-Katrina Tattoos, and the Value of Narratives to Hazards Research Derek H. Alderman, ECU Geography Heather Ward, CRM Glenn Gentry, Syracuse University The Importance of Narratives

787 views • 22 slides
Lisa Gordon Recreation Therapist Certified Laughter Leader

Lisa Gordon Recreation Therapist Certified Laughter Leader

Lisa Gordon Recreation Therapist Certified Laughter Leader

679 views • 28 slides
Communication Soft Skills for the Hard Core Geek Paul Rak @paulrak #geekskills July 27, 2010

Communication Soft Skills for the Hard Core Geek Paul Rak @paulrak #geekskills July 27, 2010

Communication Soft Skills for the Hard Core Geek Paul Rak @paulrak #geekskills July 27, 2010 pjr IT Consultant Sun Server System Administrator for ACNielsen / The Nielsen Company UNIX Administrator and technician for various

649 views • 25 slides
Preparing for the Career Fair Part 2: Interview Skills CS1000 - Explorations in Computer Science

Preparing for the Career Fair Part 2: Interview Skills CS1000 - Explorations in Computer Science

Preparing for the Career Fair Part 2: Interview Skills CS1000 - Explorations in Computer Science Nilufer Onder Department of Computer Science Michigan Technological University Outline Overview Types of Interviews Before, during, and after

282 views • 9 slides
DTTF/NB479: Dszquphsbqiz Day 24 Announcements: Term project groups and topics due midnight 1.

DTTF/NB479: Dszquphsbqiz Day 24 Announcements: Term project groups and topics due midnight 1.

DTTF/NB479: Dszquphsbqiz Day 24 Announcements: Term project groups and topics due midnight 1. HW6 due next Tuesday. 2. Questions? This week: Primality testing, factoring Discrete Logs, Computing Discrete Logs Discrete logs

571 views • 10 slides

More recommend