Overview
Syllabus
Improving SSL warnings Adrienne Porter Felt Chrome security team
How can browsers stop crying wolf?
Traffic shaping
define, identify
How do we explain this to users?
Threat source: the attacker is on the network, not a malicious website
False positives: be more concerned about errors on well-regarded sites
Your connection is not private. Attackers might be trying to steal your information from www.irs.gov (for example, passwords, messages, or credit cards).
Clear instruction Attractive preferred choice Unattractive other choice
Opinionated design works where text fails
TODO LIST • Warn only when under attack • Users understand warnings e Users follow warning advice
Taught by
OWASP Foundation