RE: Increasing user ignorance towards warnings

Posted on Thu 01 September 2011 in random notes

Chester Wisniewski posted on the Sophos blog:

DigiNotar has published an article in Dutch explaining that 99.99% of browser warnings concerning its certificates can be ignored. This is terrible advice. While it will be difficult for DigiNotar customers to replace their certificates with new ones, this is the only solution.

The suggestion by DigiNotar is incredibly stupid for a company who should aim to improve security and user awareness on the Internet in contrast to what is happening right now. It is amazingly ignorant to encourage users to ignore browser warnings for certificates because this does in the long term account for some of the “click to go away” mentality of our modern computer world where an incredible amount of people simply clicks “ok” on modal dialogs simply for them to go away instead of even trying to read and understand their content. This is mostly because these warnings want attention and the users are in most cases not willing to fall out of their workflows in order to process information that might be vital to their security.