Fwd: [friam] Fwd: [Cryptography] fighting designs in habituation since 1883
10 views
Skip to first unread message
Mark Miller
Apr 15, 2015, 3:56:09 PM4/15/15
to belay-r...@googlegroups.com
---------- Forwarded message ----------
From: Bill Frantz <fra...@pwpconsult.com>
Date: Wed, Apr 15, 2015 at 12:50 PM
Subject: [friam] Fwd: [Cryptography] fighting designs in habituation since 1883
To: Design <fr...@googlegroups.com>
For all those who think security dialogs are ineffective.
====== Forwarded Message ======
Date: 4/15/15 1:46 PM
Received: 4/15/15 3:10 PM -0400
From: ia...@iang.org (Ian G)
To: crypto...@metzdowd.com
That which I once sarcastically referred to as click-thru syndrome is now apparently called habituation. And it's being measured using MRIs:
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/
MRIs show our brains shutting down when we see security prompts
This is your brain after repeated security warnings. Any questions?
by Dan Goodin <http://arstechnica.com/author/dan-goodin/> - Mar 20, 2015 2:53 pm UTC
Ever feel your eyes glazing over when you see yet another security warning pop up on your monitor? In a first, scientists have used magnetic resonance imaging to measure a human brain's dramatic drop in attention that results when a computer user is subjected to just two security warnings in a short time.
In a paper scheduled to be presented next month at the Association for Computing Machinery's CHI 2015 conference <http://chi2015.acm.org/>, researchers will present data that maps regions of the brain responsible for visual processing. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.
Building a better mousetrap
The inattention is the result of a phenomenon known as habituation <https://en.wikipedia.org/wiki/Habituation>, or the tendency for organisms' neural systems to show partial or complete cessations of responses to stimuli over repeated exposures. Such repetition suppression, or RS, has long been documented in everything from sea slugs to humans. By directly measuring RS in the brains of people exposed to computer security warnings, the scientists were then able to test more effective ways that software makers can alert people to potential risks. The paper—titled "How Polymorphic Warnings Reduce Habituation in the Brain—Insights from an fMRI Study <http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf>"—is one of two to be presented at CHI 2015 that studies people's responses to security warnings. A second paper is titled "Improving SSL Warnings: Comprehension and Adherence <https://adrifelt.github.io/sslinterstitial-chi.pdf>."
From Cryptogram: New research: "How Polymorphic Warnings Reduce Habituation in the Brain -- Insights from an fMRI Study."
http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf
http://neurosecurity.byu.edu/chi_fmri_habituation/
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/ or http://tinyurl.com/pfqzume
-----
_______________________________________________
The cryptography mailing list
crypto...@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
====== End Forwarded Message ======
---------------------------------------------------------------------------
Bill Frantz | Re: Computer reliability, performance, and security:
408-356-8506 | The guy who *is* wearing a parachute is *not* the
www.pwpconsult.com | first to reach the ground. - Terence Kelly
--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+unsubscribe@googlegroups.com.
To post to this group, send email to fr...@googlegroups.com.
Visit this group at http://groups.google.com/group/friam.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To post to this group, send email to fr...@googlegroups.com.
Visit this group at http://groups.google.com/group/friam.
For more options, visit https://groups.google.com/d/optout.
From: Bill Frantz <fra...@pwpconsult.com>
Date: Wed, Apr 15, 2015 at 12:50 PM
Subject: [friam] Fwd: [Cryptography] fighting designs in habituation since 1883
To: Design <fr...@googlegroups.com>
For all those who think security dialogs are ineffective.
====== Forwarded Message ======
Date: 4/15/15 1:46 PM
Received: 4/15/15 3:10 PM -0400
From: ia...@iang.org (Ian G)
To: crypto...@metzdowd.com
That which I once sarcastically referred to as click-thru syndrome is now apparently called habituation. And it's being measured using MRIs:
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/
MRIs show our brains shutting down when we see security prompts
This is your brain after repeated security warnings. Any questions?
by Dan Goodin <http://arstechnica.com/author/dan-goodin/> - Mar 20, 2015 2:53 pm UTC
Ever feel your eyes glazing over when you see yet another security warning pop up on your monitor? In a first, scientists have used magnetic resonance imaging to measure a human brain's dramatic drop in attention that results when a computer user is subjected to just two security warnings in a short time.
In a paper scheduled to be presented next month at the Association for Computing Machinery's CHI 2015 conference <http://chi2015.acm.org/>, researchers will present data that maps regions of the brain responsible for visual processing. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.
Building a better mousetrap
The inattention is the result of a phenomenon known as habituation <https://en.wikipedia.org/wiki/Habituation>, or the tendency for organisms' neural systems to show partial or complete cessations of responses to stimuli over repeated exposures. Such repetition suppression, or RS, has long been documented in everything from sea slugs to humans. By directly measuring RS in the brains of people exposed to computer security warnings, the scientists were then able to test more effective ways that software makers can alert people to potential risks. The paper—titled "How Polymorphic Warnings Reduce Habituation in the Brain—Insights from an fMRI Study <http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf>"—is one of two to be presented at CHI 2015 that studies people's responses to security warnings. A second paper is titled "Improving SSL Warnings: Comprehension and Adherence <https://adrifelt.github.io/sslinterstitial-chi.pdf>."
From Cryptogram: New research: "How Polymorphic Warnings Reduce Habituation in the Brain -- Insights from an fMRI Study."
http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf
http://neurosecurity.byu.edu/chi_fmri_habituation/
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/ or http://tinyurl.com/pfqzume
-----
_______________________________________________
The cryptography mailing list
crypto...@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
====== End Forwarded Message ======
---------------------------------------------------------------------------
Bill Frantz | Re: Computer reliability, performance, and security:
408-356-8506 | The guy who *is* wearing a parachute is *not* the
www.pwpconsult.com | first to reach the ground. - Terence Kelly
--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+unsubscribe@googlegroups.com.
To post to this group, send email to fr...@googlegroups.com.
Visit this group at http://groups.google.com/group/friam.
For more options, visit https://groups.google.com/d/optout.
That which I once sarcastically referred to as click-thru syndrome
is now apparently called habituation. And it's being measured using
MRIs:
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/
MRIs show our brains shutting down when we see security prompts
This is your brain after repeated security warnings. Any questions?
by Dan Goodin - Mar 20, 2015 2:53 pm UTC
Ever feel your eyes glazing over when you see yet another security warning pop up on your monitor? In a first, scientists have used magnetic resonance imaging to measure a human brain's dramatic drop in attention that results when a computer user is subjected to just two security warnings in a short time.
In a paper scheduled to be presented next month at the Association for Computing Machinery's CHI 2015 conference, researchers will present data that maps regions of the brain responsible for visual processing. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.
Building a better mousetrap
The inattention is the result of a phenomenon known as habituation, or the tendency for organisms' neural systems to show partial or complete cessations of responses to stimuli over repeated exposures. Such repetition suppression, or RS, has long been documented in everything from sea slugs to humans. By directly measuring RS in the brains of people exposed to computer security warnings, the scientists were then able to test more effective ways that software makers can alert people to potential risks. The paper—titled "How Polymorphic Warnings Reduce Habituation in the Brain—Insights from an fMRI Study"—is one of two to be presented at CHI 2015 that studies people's responses to security warnings. A second paper is titled "Improving SSL Warnings: Comprehension and Adherence."
From Cryptogram: New research: "How Polymorphic Warnings Reduce Habituation in the Brain -- Insights from an fMRI Study."
http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf
http://neurosecurity.byu.edu/chi_fmri_habituation/
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/ or http://tinyurl.com/pfqzume
-- http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/
MRIs show our brains shutting down when we see security prompts
This is your brain after repeated security warnings. Any questions?
by Dan Goodin - Mar 20, 2015 2:53 pm UTC
Ever feel your eyes glazing over when you see yet another security warning pop up on your monitor? In a first, scientists have used magnetic resonance imaging to measure a human brain's dramatic drop in attention that results when a computer user is subjected to just two security warnings in a short time.
In a paper scheduled to be presented next month at the Association for Computing Machinery's CHI 2015 conference, researchers will present data that maps regions of the brain responsible for visual processing. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.
Building a better mousetrap
The inattention is the result of a phenomenon known as habituation, or the tendency for organisms' neural systems to show partial or complete cessations of responses to stimuli over repeated exposures. Such repetition suppression, or RS, has long been documented in everything from sea slugs to humans. By directly measuring RS in the brains of people exposed to computer security warnings, the scientists were then able to test more effective ways that software makers can alert people to potential risks. The paper—titled "How Polymorphic Warnings Reduce Habituation in the Brain—Insights from an fMRI Study"—is one of two to be presented at CHI 2015 that studies people's responses to security warnings. A second paper is titled "Improving SSL Warnings: Comprehension and Adherence."
From Cryptogram: New research: "How Polymorphic Warnings Reduce Habituation in the Brain -- Insights from an fMRI Study."
http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf
http://neurosecurity.byu.edu/chi_fmri_habituation/
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/ or http://tinyurl.com/pfqzume
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To post to this group, send email to fr...@googlegroups.com.
Visit this group at http://groups.google.com/group/friam.
For more options, visit https://groups.google.com/d/optout.
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
Cheers,
--MarkM
Reply all
Reply to author
Forward
0 new messages