Research Shows Chrome Could Take Notes from Firefox
SSL click-throughs in Chrome could lead to more possibility for compromise
The new report from Adrienne Porter Felt stated that Google researcher, along with Berkeley Graduate Devdatta Akhawe, looked at 25 million data points with the goal to find out how effective phishing, malware, and other SSL warnings are on both Chrome and Firefox.
The paper looks into the flaws found and are discussed in the Alice in Warningland: A LargeScale Field Study of Browser Security Warning Effectiveness , which will be presented at the USENIX Security Symposium in 2013 in the U.S. Capital.
The study found that Chrome can utilize some ideas from Firefox to better its services, which works on users clicking through SSL warnings, which allows for potential compromise.
"Google Chrome users are 2.1 times more likely to click through an SSL warning than Mozilla Firefox users," according to the researchers. The experts believe that the higher click-through rate has to do with various factors including aesthetics, storage of user-set exemptions, as well as a differing demographic utilizing the system.
According to the report, Firefox is able to create a stylized policing system that uses the word “untrusted” which helps individuals from entering into possibly nefarious areas. Chrome also works with “certificate pinning” which creates a higher number of click-throughs. Which could help individuals not pass the SSL warnings, but more individuals would need to use them.
Another point made was that Firefox allows for permanent exemptions to rules that avoid having to continually click through SSL warnings.
“We suspect that people do repeatedly visit sites with warnings (e.g., a favorite site with a selfsigned certiﬁcate). If future work were to conﬁrm this, there could be two implications. First, if users are repeatedly visiting the same websites with errors, the errors are likely false positives; this would mean that the lack of an exception-storing mechanism noticeably raises the false positive rate in Google Chrome.”
The message continued: “Second, warning fatigue could be a factor. If Google Chrome users are exposed to more SSL warnings because they cannot save exceptions, they might pay less attention to each warning that they encounter.”
DomainsAtRetail (http://www.domainsatretail.com/) provides cheap domain name registration, upkeep, cheap SSL certificate, and web-hosting management. Find everything you need for your online profile, and make sure you get the quality you deserve for a price you can afford.
Tel: (480) 624-2515
This is a press release. Press release distribution and press release services by EmailWire.Com: http://www.emailwire.com/us-press-release-distribution.php.