Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Certificate Warnings Don't Work

Posted by timothy on from the for-the-same-reason-most-people-ignore-etruscan dept.

angry tapir writes "In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users). The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web. They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites."

1 of 432 comments (clear)

  1. Re:I would probably do the same thing by ToasterMonkey · · Score: 0, Flamebait

    I call BS. Have you ever done this? Do you know how many different CA lists are on your computer? Things are intentionally more difficult than they need to be.

    This is a good solution. http://www.freepatentsonline.com/y2008/0010448.html

    like you said - you work on a lab intranet. You're the one responsible for setting it up properly.

    Screw you buddy. The problem is having to deal with a third party trust system for a fucking LAB (read: exclusively first party) environment.