0
SECURITY-                  CENTERED                   DESIGN                           Chris Shiflett                      ...
Tuesday, February 21, 12
STOPTuesday, February 21, 12
STOP                           Collaborate & ListenTuesday, February 21, 12
Tuesday, February 21, 12
Web craftsman from Brooklyn, NY, working on                           Who am I?   Mapalong and Brooklyn Beta from Studioma...
TALK OUTLINE                      Psychology Fun                      – Ambient Signifiers, Change Blindness               ...
AMBIENT SIGNIFIERSTuesday, February 21, 12
Tokyo SubwayTuesday, February 21, 12
Tokyo SubwayTuesday, February 21, 12
Ambient UmbrellaTuesday, February 21, 12
Ambient SSLTuesday, February 21, 12
Login SealsTuesday, February 21, 12
CHANGE BLINDNESSTuesday, February 21, 12
Tuesday, February 21, 12
STOPTuesday, February 21, 12
STOP                           HammertimeTuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
DERREN BROWNTuesday, February 21, 12
PASSWORD                           ANTI-PATTERNTuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
OAUTH                    http://shiflett.org/blog/2010/sep/twitter-oauthTuesday, February 21, 12
Tuesday, February 21, 12
FACEBOOK CONNECTTuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
THE WEB IS NOT                             OBVIOUSTuesday, February 21, 12
Tuesday, February 21, 12
OPENID                 OAUTH                           http://openid.net/    http://oauth.net/               OPENID & OAUT...
SMUGMUG PRIVACYTuesday, February 21, 12
Tuesday, February 21, 12
Accommodate users’ expectations and tendencies;               Pave the cow paths.   don’t try to modify them.Tuesday, Febr...
Tuesday, February 21, 12
Be HumbleTuesday, February 21, 12
FACEBOOK WORMTuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
TWITTER DON’T CLICKTuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
Tuesday, February 21, 12
RELATED POSTS                      Security and User Experience                      – http://shiflett.org/blog/2008/jan/se...
PHOTOS                      Tree                      – http://flickr.com/photos/stuckincustoms/529110230                  ...
Tuesday, February 21, 12
FEEDBACK?                      Follow me on Twitter                      – @shiflett                      Comment on my blo...
Upcoming SlideShare
Loading in...5
×

Security-Centered Design

2,867

Published on

Security is more than filtering input and escaping output (FIEO), and it’s more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn’t even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception is as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I’ll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I’ll show some real-world examples that demonstrate the profound impact human behavior can have on security.

Published in: Technology, News & Politics
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,867
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
57
Comments
0
Likes
7
Embeds 0
No embeds

No notes for slide

Transcript of "Security-Centered Design"

  1. 1. SECURITY- CENTERED DESIGN Chris Shiflett shiflett.org @shiflettTuesday, February 21, 12
  2. 2. Tuesday, February 21, 12
  3. 3. STOPTuesday, February 21, 12
  4. 4. STOP Collaborate & ListenTuesday, February 21, 12
  5. 5. Tuesday, February 21, 12
  6. 6. Web craftsman from Brooklyn, NY, working on Who am I? Mapalong and Brooklyn Beta from Studiomates.Tuesday, February 21, 12
  7. 7. TALK OUTLINE Psychology Fun – Ambient Signifiers, Change Blindness Authentication & Phishing – Password Anti-Pattern, OAuth, Facebook Connect Examples – SmugMug Privacy, Facebook Worm, Twitter Don’t ClickTuesday, February 21, 12
  8. 8. AMBIENT SIGNIFIERSTuesday, February 21, 12
  9. 9. Tokyo SubwayTuesday, February 21, 12
  10. 10. Tokyo SubwayTuesday, February 21, 12
  11. 11. Ambient UmbrellaTuesday, February 21, 12
  12. 12. Ambient SSLTuesday, February 21, 12
  13. 13. Login SealsTuesday, February 21, 12
  14. 14. CHANGE BLINDNESSTuesday, February 21, 12
  15. 15. Tuesday, February 21, 12
  16. 16. STOPTuesday, February 21, 12
  17. 17. STOP HammertimeTuesday, February 21, 12
  18. 18. Tuesday, February 21, 12
  19. 19. Tuesday, February 21, 12
  20. 20. Tuesday, February 21, 12
  21. 21. Tuesday, February 21, 12
  22. 22. Tuesday, February 21, 12
  23. 23. DERREN BROWNTuesday, February 21, 12
  24. 24. PASSWORD ANTI-PATTERNTuesday, February 21, 12
  25. 25. Tuesday, February 21, 12
  26. 26. Tuesday, February 21, 12
  27. 27. OAUTH http://shiflett.org/blog/2010/sep/twitter-oauthTuesday, February 21, 12
  28. 28. Tuesday, February 21, 12
  29. 29. FACEBOOK CONNECTTuesday, February 21, 12
  30. 30. Tuesday, February 21, 12
  31. 31. Tuesday, February 21, 12
  32. 32. Tuesday, February 21, 12
  33. 33. THE WEB IS NOT OBVIOUSTuesday, February 21, 12
  34. 34. Tuesday, February 21, 12
  35. 35. OPENID OAUTH http://openid.net/ http://oauth.net/ OPENID & OAUTH HYBRID http://j.mp/openidoauth SHARED RESPONSIBILITY http://simonwillison.net/2009/Jul/16/responsibility/Tuesday, February 21, 12
  36. 36. SMUGMUG PRIVACYTuesday, February 21, 12
  37. 37. Tuesday, February 21, 12
  38. 38. Accommodate users’ expectations and tendencies; Pave the cow paths. don’t try to modify them.Tuesday, February 21, 12
  39. 39. Tuesday, February 21, 12
  40. 40. Be HumbleTuesday, February 21, 12
  41. 41. FACEBOOK WORMTuesday, February 21, 12
  42. 42. Tuesday, February 21, 12
  43. 43. Tuesday, February 21, 12
  44. 44. TWITTER DON’T CLICKTuesday, February 21, 12
  45. 45. Tuesday, February 21, 12
  46. 46. Tuesday, February 21, 12
  47. 47. Tuesday, February 21, 12
  48. 48. Tuesday, February 21, 12
  49. 49. RELATED POSTS Security and User Experience – http://shiflett.org/blog/2008/jan/security-and-user-experience Ambient Signifiers – http://shiflett.org/blog/2007/feb/ambient-signifiers Facebook Worm – http://shiflett.org/blog/2008/nov/facebook-worm Twitter Don’t Click Exploit – http://shiflett.org/blog/2009/feb/twitter-dont-click-exploitTuesday, February 21, 12
  50. 50. PHOTOS Tree – http://flickr.com/photos/stuckincustoms/529110230 Cow path – http://flickr.com/photos/suda/672714986 My backyard – http://flickr.com/photos/shiflett/3261447115Tuesday, February 21, 12
  51. 51. Tuesday, February 21, 12
  52. 52. FEEDBACK? Follow me on Twitter – @shiflett Comment on my blog – shiflett.org Email me – chris@shiflett.orgTuesday, February 21, 12
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×