Re: Nautilus should ignore the +x bit
- From: Matthew Thomas <mpt myrealbox com>
- To: nautilus-list gnome org
- Subject: Re: Nautilus should ignore the +x bit
- Date: Wed, 11 May 2005 23:25:39 +1200
Mike Hearn wrote:
...
That's all I can think of right now. Firefox has an interesting take on
the "confirm dialog fatigue" problem: it has a very short, simple
message for URL handlers that invoke external programs and the
acceptance button is disabled for a few seconds to prevent people
instantly hitting it.
...
Somewhat off-topic, but though people assume that's for fighting alert
fatigue, it's not. The attack here is a Web author putting an
inviting-looking link on a page, in the exact spot where the install/run
button will appear in the alert (assuming default title bar and UI font
sizes). Then onmouseover of the link, a script in the page pushes the
malware, so Firefox pops up the alert, and before you can react your
click hits the install/run button instead of hitting the link underneath.
Luckily, Jesse Ruderman thought of this attack before anyone else.
Unluckily, he now has to put up with people assuming the button's
activation is delayed for a different reason (to make them read the
alert), and whining noisily about wanting to turn off the delay because
they think they don't need it. So (getting back on-topic) I wouldn't
recommend it as a way of fighting alert fatigue.
--
Matthew Thomas
http://mpt.net.nz/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
