Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problem With Using End-to-End Web Crypto as a Cure-All

Posted by Soulskill on Monday April 6, 2015 @11:51AM from the nobody-reads-the-not-so-fine-print dept.

fsterman writes: Since the Snowden revelations, end-to-end web encryption has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.

2 of 89 comments (clear)

Min score:

Reason:

Sort:

Technical solution to a people problem... by houstonbofh · 2015-04-06 11:59 · Score: 5, Insightful

The funny thing is that the technical security of snail mail (a paper envelope) is amazingly poor, but it is generally quite secure due to law and custom. However, law and custom is absolutely no security or privacy on the Internet. There is the problem.
1. Re:Technical solution to a people problem... by Anonymous Coward · 2015-04-06 12:05 · Score: 5, Insightful
  
  The problem is nobody gets an opportunity to snoop through hundreds of thousands of pieces of snail mail unobserved and without leaving evidence, and also it's impossible to make a perfect digital copy of snail mail for later perusal. You really can't even make a comparison like this. They're two entirely different things.