Re: roadmap discussions



Perhaps allowing my friend use my web browser was negligence on my
part, however, I doubt Epiphany's target audience are technically
informed enough to create a new user account for a friend to, say,
check email quickly. I doubt many of these users even comprehend the
security ramifications of allowing their cousin, brother, or sister
use their user account.

Besides, users are humans. We make mistakes, we forget, we get tired,
we become lazy, or even become negligent. But isn't the reason we use
computers and computer applications to avoid these inherent
weaknesses? Regardless of my negligence, for whatever reasons, I
believe there is something fundamentally wrong somewhere when an
arbitrary user can access highly confidential information of a
previous user via a web browser with ease.

We also need to take into consideration public environments like
cafes, libraries and laboratories, where users do not have access to
individual user accounts. Except I manually erase cache contents,
cookies, password histories, website histories among other things,
Epiphany leaves me completely vulnerable to many types of attack in
these environments.

Things don't get any better when Epiphany displays a dialogue
prompting users to save their password to disk for future usage. Most
users, like me, sometimes just hit enter key to get the dialogue out
of my work flow irrespective of whether the dialog information has
just asked to reformat my hard drive. Yes, it is negligence on my
part, but we all at one point or another will suffer from it.


On Mon, 29 Nov 2004 21:47:52 +0100 (CET), Reinout van Schouwen
<reinouts gnome org> wrote:
> On Mon, 29 Nov 2004, Mystilleef wrote:
> 
> > already been bitten by Epiphany's insecure default settings. (Bug
> > 150680)
> 
> Clearly you let your friend access your PC using your own user account.
> IMHO that he was able to access your bank account is due to your own
> negligence. There's a reason you can have more than one user on your
> system!
> 
> (I also think this is partly a problem of your bank's website. With any
> of the Dutch banks, no matter how crappy their sites are otherwise, this
> couldn't ever happen, since they require like triple authentication
> codes with a randomly generated one each time, no browser would be able
> to "remember" that..)
> 
-- 
"My logic is undeniable."



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]