Idea: when trying to help people understand security threats, walk them through an attack. What happens when you dont close the browser window after viewing your bank balance? Well, if its your own computer, nothing. If its a public computer, and your bank wasnt careful about how they wrote the web site, someone could potentially click Back until they got back into your bank, and then arrange a transfer of money to their own account, because you are still logged in even if youve left the page. If you hit the Log out button then they cant arrange a transfer but they might (depending on how smart your bank was) still be able to see your bank account number and current account balance, which doesnt let them transfer money but does let them know personal details which could theoretically be used to help impersonate you. By walking them through an attacker scenario you help them gain a more complete picture, which makes it easier to remember what is dangerous and what isnt. Isolated knowledge (always close the browser window) is really easy to get confused.
Posted on: Mon, 01 Sep 2014 19:27:01 +0000
Trending Topics
Recently Viewed Topics
© 2015