Archive

Archive for the ‘CaCert’ Category

Certificate warnings don’t work

July 27th, 2009 Cupfighter No comments

As reported here: http://www.goodgearguide.com.au/article/312438/security_certificate_warnings_don_t_work_researchers_say

“In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users).

“Everyone knew that there was a problem with these warnings,” said Joshua Sunshine, a Carnegie Mellon graduate student and one of the paper’s co-authors. “Our study showed dramatically how big the problem was.” …

The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web.

They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites.

“That’s sort of a backwards understanding of what these messages mean,” Sunshine said. “The message is validating that you’re visiting the site you think you’re visiting, not that the site is trustworthy.”

Categories: CaCert, Security Tags: ,

Schuberg Philis hosts CAcert Assurer Training Event Amsterdam

June 15th, 2009 Frank Breedijk No comments

From: http://blog.cacert.org/2009/05/388.html

Much has happened during the past year. A list of up till now mostly “orally transmitted” rules have been cast in policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been decided. The Assurer Training Events try to bring all this informations to “the people”:
- To what, does the CCA protect every CAcert-Community-Member and as such also you?
- Can you recount the 5 statements of the “Purpose of Assurance”?
- Can you at least recount 10 security marks of the Dutch passport/Identity card?
Answers to these and following questions are given at the Assurer Training Events (ATE’s).
Participation in the events is free, Contributions are however appreciated.Amsterdam:
—————
The ATE-Amsterdam takes place on:
- Monday, June 15th from 20:00 till 22:00
- at SCHUBERG PHILIS
Star Parc
Boeing Avenue 271
1119 PD Schiphol-Rijk
—————
The ATE-Eemnes takes place on:
- Saturday, June 20th from 10:30 till 12:30, followed by normal assurances till 15:30
- in de Hilt
Hasselaarlaan 1c
3755 AV Eemnes
The Event-Team is already excited about your participation.
Registration ATE-Amsterdam
Registration ATE-Eemnes
contact: events@cacert.org

Categories: CaCert, Schuberg Philis, Security Tags: , , ,