Cybersecurity Brainstorming
This page reflects the brainstorming and discussion of the cybersecurity group in Jonathan Zittrain's Cyberlaw: Difficult Problems Class.
For the Mozilla-icon-privacy project see: Terms of Service Brainstorming.
Problems to Tackle
Misaligned incentives have prevented industry, users, and government from solving many of the problems of cybersecurity. We're proposing three projects that will allow (power) users to increase the security of their data, as well as improve security for other people, and maybe even for the network as a whole. We may also be interested in working on the Mozilla Privacy issue.
"Safeword"
- All functionality should be inserted into the browser to appear as part of the various websites.
(1) Shows security level of user-selected password as it's typed in (for registration) (2) If user chooses weak password, auto-fill will be turned off. User must manually type in all weak passwords
- Safeword will look for keystrokes and won't send the password to the website if it doesn't sense the appropriate keystrokes
(3) Refuse password if it's been used before (for a major/important/security-sensitive site)
- for security reasons, Safeword would only save the first 4 characters of each password (not the whole thing)
(4) Periodically prompt user to change password
- this would be a suggestion, not a requirement and users could set how often it should prompt
Other Ideas:
- encrypted password storage within browser
- using recaptcha or pictures (esp game), etc as dual key for all passwords
- perhaps regulation requiring financial institutions to only accept strong or dual-key passwords
Mesh Network Vaccination
Firefox plug-in used by the 5% of power users that can help patch the problems created by the larger base of security-ignorant or security-apathetic users. I made the analogy to tower defense at some point.
For your edification, see Tower Defense. Mfeld 05:18, 13 January 2010 (UTC)
Stop Badware
We propose a Firefox plug-in that would incorporate an improved Stop Badware database and automatically warn users when they attempt to access websites that are suspected of including malware or have been known to do so recently. We also propose this is included in search engines. While Firefox 3 and Google have recently implemented similar ideas, we would like to display more granular data (i.e., 99% of visitors to this site report no problems, 90% of visitors to that site), with better timing information, and automatically build in reporting of malware to the database.
Distress Password
Have 2 passwords --
- (1) secure password -- shows all emails, all data
- (2) distress password -- shows limited data (like limited profile), only showing safe data
Presentational ideas
- "This is your internet, this is your internet on botnet"
- Ham Sandwich metaphor acted out in reality
- Voiceover puppets a la JZ's video explanation of Herdict
- PSA Announcement featuring Internationally Recognized Magician Michael Feldman
- Lessig-style keynote presentation (as part)
