Your SlideShare is downloading. ×
Security-Centered Design
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security-Centered Design

2,842

Published on

Security is more than filtering input and escaping output (FIEO), and it’s more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn’t even always black and white. In …

Security is more than filtering input and escaping output (FIEO), and it’s more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn’t even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception is as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I’ll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I’ll show some real-world examples that demonstrate the profound impact human behavior can have on security.

Published in: Technology, News & Politics
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,842
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
57
Comments
0
Likes
7
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SECURITY- CENTERED DESIGN Chris Shiflett shiflett.org @shiflettTuesday, February 21, 12
  • 2. Tuesday, February 21, 12
  • 3. STOPTuesday, February 21, 12
  • 4. STOP Collaborate & ListenTuesday, February 21, 12
  • 5. Tuesday, February 21, 12
  • 6. Web craftsman from Brooklyn, NY, working on Who am I? Mapalong and Brooklyn Beta from Studiomates.Tuesday, February 21, 12
  • 7. TALK OUTLINE Psychology Fun – Ambient Signifiers, Change Blindness Authentication & Phishing – Password Anti-Pattern, OAuth, Facebook Connect Examples – SmugMug Privacy, Facebook Worm, Twitter Don’t ClickTuesday, February 21, 12
  • 8. AMBIENT SIGNIFIERSTuesday, February 21, 12
  • 9. Tokyo SubwayTuesday, February 21, 12
  • 10. Tokyo SubwayTuesday, February 21, 12
  • 11. Ambient UmbrellaTuesday, February 21, 12
  • 12. Ambient SSLTuesday, February 21, 12
  • 13. Login SealsTuesday, February 21, 12
  • 14. CHANGE BLINDNESSTuesday, February 21, 12
  • 15. Tuesday, February 21, 12
  • 16. STOPTuesday, February 21, 12
  • 17. STOP HammertimeTuesday, February 21, 12
  • 18. Tuesday, February 21, 12
  • 19. Tuesday, February 21, 12
  • 20. Tuesday, February 21, 12
  • 21. Tuesday, February 21, 12
  • 22. Tuesday, February 21, 12
  • 23. DERREN BROWNTuesday, February 21, 12
  • 24. PASSWORD ANTI-PATTERNTuesday, February 21, 12
  • 25. Tuesday, February 21, 12
  • 26. Tuesday, February 21, 12
  • 27. OAUTH http://shiflett.org/blog/2010/sep/twitter-oauthTuesday, February 21, 12
  • 28. Tuesday, February 21, 12
  • 29. FACEBOOK CONNECTTuesday, February 21, 12
  • 30. Tuesday, February 21, 12
  • 31. Tuesday, February 21, 12
  • 32. Tuesday, February 21, 12
  • 33. THE WEB IS NOT OBVIOUSTuesday, February 21, 12
  • 34. Tuesday, February 21, 12
  • 35. OPENID OAUTH http://openid.net/ http://oauth.net/ OPENID & OAUTH HYBRID http://j.mp/openidoauth SHARED RESPONSIBILITY http://simonwillison.net/2009/Jul/16/responsibility/Tuesday, February 21, 12
  • 36. SMUGMUG PRIVACYTuesday, February 21, 12
  • 37. Tuesday, February 21, 12
  • 38. Accommodate users’ expectations and tendencies; Pave the cow paths. don’t try to modify them.Tuesday, February 21, 12
  • 39. Tuesday, February 21, 12
  • 40. Be HumbleTuesday, February 21, 12
  • 41. FACEBOOK WORMTuesday, February 21, 12
  • 42. Tuesday, February 21, 12
  • 43. Tuesday, February 21, 12
  • 44. TWITTER DON’T CLICKTuesday, February 21, 12
  • 45. Tuesday, February 21, 12
  • 46. Tuesday, February 21, 12
  • 47. Tuesday, February 21, 12
  • 48. Tuesday, February 21, 12
  • 49. RELATED POSTS Security and User Experience – http://shiflett.org/blog/2008/jan/security-and-user-experience Ambient Signifiers – http://shiflett.org/blog/2007/feb/ambient-signifiers Facebook Worm – http://shiflett.org/blog/2008/nov/facebook-worm Twitter Don’t Click Exploit – http://shiflett.org/blog/2009/feb/twitter-dont-click-exploitTuesday, February 21, 12
  • 50. PHOTOS Tree – http://flickr.com/photos/stuckincustoms/529110230 Cow path – http://flickr.com/photos/suda/672714986 My backyard – http://flickr.com/photos/shiflett/3261447115Tuesday, February 21, 12
  • 51. Tuesday, February 21, 12
  • 52. FEEDBACK? Follow me on Twitter – @shiflett Comment on my blog – shiflett.org Email me – chris@shiflett.orgTuesday, February 21, 12

×