homepage Welcome to WebmasterWorld Guest from 54.161.175.231
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Browsers / Google Chrome Browser
Forum Library, Charter, Moderator: open

Google Chrome Browser Forum

    
Research Finds Unsafe User SSL Click-Throughs In Google Chrome Higher Than Firefox
engine




msg:4601376
 8:33 pm on Aug 12, 2013 (gmt 0)

Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser.Research Finds Unsafe User SSL Click-Throughs In Google Chrome Higher Than Firefox [theregister.co.uk]
That's the gist of a new report from Google researcher Adrienne Porter Felt and University of California, Berkeley graduate student Devdatta Akhawe, who trawled some 25 million data points in a quest to figure out how effective phishing, malware, and SSL warnings are for users of Chrome and Firefox.
It finds that Chrome could borrow a number of useful traits from Firefox to reduce the rate at which users click through SSL warnings, potentially opening their computers to being compromised.

"Google Chrome users are 2.1 times more likely to click through an SSL warning than Mozilla Firefox users," the researchers write. They believe this high click-through rate comes from a combination of aesthetics, the storage of user-set SSL exemptions, and different demographics from users of different operating systems.

 

graeme_p




msg:4601450
 6:03 am on Aug 13, 2013 (gmt 0)

1) Why warn that sites with self-signed certs are untrusted, but not sites without any certs (i.e. plain http connections). The former is definitely more secure?

2) "potentially opening their computers to being compromised" How?

3) People may well know what they are doing when clicking through - for example to a site with a self-signed cert. There is no evidence, for example, about which browser's user are more likely to click past a warning on a phishing site, for example.

4) The bit in bold half way down the article essentially invalidates everything else. Firefox stores exemptions, so so the numbers are not comparable.

graeme_p




msg:4601451
 6:27 am on Aug 13, 2013 (gmt 0)

If you look at the actual study:

[cs.berkeley.edu ]

It is quite different from the journalists' scare story.

It also covers malware and phishing warnings. One interesting statistic is that Firefox on Linux users are much more likely to click past malware warnings that Firefox on Windows users, but Chrome on Linux users are much less likely to click past malware warnings.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Google Chrome Browser
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved