Untrusted text in security dialogs
Wednesday, July 14th, 2010I just gave a 10-minute lightning talk at SOUPS on the topic of untrusted text in security dialogs.
I've been reading Firefox security bug reports over the years, and I've collected a list of things that can go wrong in security dialogs. New security dialogs should be tested against these attacks, or preferably designed to not be dialogs.