16. because the threats are
changing
Technology such as cloned part-
robot humans used by organised
crime gangs pose the greatest
future challenge to police, along
with online scamming.
Australian Federal Police (AFP)
Commissioner Mick Keelty
19. ...and maybe not too
carefully designed.
quot;Over the kitchen table, she said she could
only remember four figures, so because of
her, four figures became the world
standard,quot; he laughs.
John Shepherd-Barron, Inventor of the ATM, on PIN length
43. identity
Let’s stop talking about safety, since we
were never any good at that anyhow.
Let’s talk about what we can know.
44. EV
There is a new breed of SSL Certificate now
called “Extended Validation.”
The identity information in these certificates is
vetted in a standardized, robust way.
Hooray.
http://www.cabforum.org/
49. Meaningful - Identity, period.
Relevant - Knowing identity matters.
Robust - EV Certificates are hard to fake.
Available - Larry is always around.
Brave - Killing the padlock is scary stuff.
50. A+++!
Meaningful - Identity, period.
Relevant - Knowing identity matters.
Robust - EV Certificates are hard to fake.
Available - Larry is always around.
Brave - Killing the padlock is scary stuff.
51. B?
Meaningful - Identity, period.
Relevant - Knowing identity matters.
Robust - EV Certificates are hard to fake.
Available - Larry is always around.
Brave - Killing the padlock is scary stuff.
52. more to think about
Larry vs. padlock is hardly the
only security UI that matters
58. W3C WSC
Web Security Context Working Group
http://www.w3.org/2006/WSC/
Software Companies
Standards Bodies
Professional Organizations
Certificate Authorities
Academics
59. recommendations being
considered
Safe Browsing Whitelist
Browser Lock Down
Personally Identifiable Information Bar
Page Security Scoring
Identity Indicator in Primary Chrome ☺
61. can we make better use
of past actions?
“You’ve been to this site before”
“Nothing’s changed since the last time
you were here”
“You’re sending a password to a site you’ve
never visited”
62. how about social networks?
“7 of your Facebook friends have purchased
things from this site”
“Your grandchild who knows computers
says this site is fine.”
“This site has 25 unresolved complaints
according to BBB, and a reseller rating of 6.2”
63. can we stop phishing
with tech smarts?
Secure Remote Password
Protocol
Let the browser handle
password generation
Watch for credit card numbers
going out on the wire
64. and don’t forget...
It has to work for internationalization.
It has to work for accessibility.
It has to work for mobile.
65. bedtime reading
Peter Gutmann
Phishing Tips and Techniques
http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf
Rachna Dhamija
Why Phishing Works
http://people.deas.harvard.edu/~rachna/papers/
why_phishing_works.pdf
W3C WSC’s Shared Bookmarks
http://www.w3.org/2006/WSC/wiki/SharedBookmarks