Cybersecurity Brainstorming: Difference between revisions

From Cyberlaw: Difficult Issues Winter 2010
Jump to navigation Jump to search
Line 5: Line 5:
=Problems to Tackle=
=Problems to Tackle=


These are the three basic projects that we have talked about working on. We may also be interested in working on the [[Terms of Service Brainstorming | Mozilla Privacy issue]].  
Misaligned incentives have prevented industry, users, and government from solving many of the problems of cybersecurity. We're proposing three projects that will allow (power) users to increase the security of their data, as well as improve security for other people, and maybe even for the network as a whole. We may also be interested in working on the [[Terms of Service Brainstorming | Mozilla Privacy issue]].  


=="Safeword"==
=="Safeword"==
Line 20: Line 20:
*encrypted password storage within browser
*encrypted password storage within browser
*using recaptcha or pictures (esp game), etc as dual key for all passwords
*using recaptcha or pictures (esp game), etc as dual key for all passwords
*perhaps regulation requiring financial institutions to only accept strong or dual-key passwords


==Mesh Network Vaccination==
==Mesh Network Vaccination==
Line 27: Line 28:


==Stop Badware==
==Stop Badware==
We propose a Firefox plug-in that would incorporate an improved Stop Badware database and automatically warn users when they attempt to access websites that are suspected of including malware or have been known to do so recently.  We also propose this is included in search engines.  While Firefox 3 and Google have recently implemented similar ideas, we would like to display more granular data (i.e., 99% of visitors to this site report no problems, 90% of visitors to that site), with better timing information, and automatically build in reporting of malware to the database.


==Distress Password==
==Distress Password==

Revision as of 03:22, 14 January 2010

This page reflects the brainstorming and discussion of the cybersecurity group in Jonathan Zittrain's Cyberlaw: Difficult Problems Class.

For the Mozilla-icon-privacy project see: Terms of Service Brainstorming.

Problems to Tackle

Misaligned incentives have prevented industry, users, and government from solving many of the problems of cybersecurity. We're proposing three projects that will allow (power) users to increase the security of their data, as well as improve security for other people, and maybe even for the network as a whole. We may also be interested in working on the Mozilla Privacy issue.

"Safeword"

  • All functionality should be inserted into the browser to appear as part of the various websites.

(1) Shows security level of user-selected password as it's typed in (for registration) (2) If user chooses weak password, auto-fill will be turned off. User must manually type in all weak passwords

Safeword will look for keystrokes and won't send the password to the website if it doesn't sense the appropriate keystrokes

(3) Refuse password if it's been used before (for a major/important/security-sensitive site)

for security reasons, Safeword would only save the first 4 characters of each password (not the whole thing)

(4) Periodically prompt user to change password

this would be a suggestion, not a requirement and users could set how often it should prompt

Other Ideas:

  • encrypted password storage within browser
  • using recaptcha or pictures (esp game), etc as dual key for all passwords
  • perhaps regulation requiring financial institutions to only accept strong or dual-key passwords

Mesh Network Vaccination

Firefox plug-in used by the 5% of power users that can help patch the problems created by the larger base of security-ignorant or security-apathetic users. I made the analogy to tower defense at some point.

For your edification, see Tower Defense. Mfeld 05:18, 13 January 2010 (UTC)

Stop Badware

We propose a Firefox plug-in that would incorporate an improved Stop Badware database and automatically warn users when they attempt to access websites that are suspected of including malware or have been known to do so recently. We also propose this is included in search engines. While Firefox 3 and Google have recently implemented similar ideas, we would like to display more granular data (i.e., 99% of visitors to this site report no problems, 90% of visitors to that site), with better timing information, and automatically build in reporting of malware to the database.

Distress Password

Have 2 passwords --

(1) secure password -- shows all emails, all data
(2) distress password -- shows limited data (like limited profile), only showing safe data

Presentational ideas

  • "This is your internet, this is your internet on botnet"
  • Ham Sandwich metaphor acted out in reality
  • Voiceover puppets a la JZ's video explanation of Herdict
  • PSA Announcement featuring Internationally Recognized Magician Michael Feldman
  • Lessig-style keynote presentation (as part)


Whiteboard Notes Part 1
Mesh Network Vaccination / Password Protection Ideas
Whiteboard Notes Part 2
Ideas for Incentivizing
Whiteboard Notes Part 3
Stop Badware Ideas
Whiteboard Notes Part 4
Problems Solved by "Safeword"
Whiteboard Notes Part 4
Functionality for "Safeword"