Yep, and that’s why I made the comment up top, because any truly ease solution requires someone to give up information which they would then perceive as a loss of privacy or control.

@RSnake: “concur it would happen more often but so much so that it’s worth the cost of having them? ”

Isnt’ that the same as saying that if we didn’t have the education that we have about security that the potential is there for more atacks — you don’t have proof that their wouldn’t be.. That it would be more efficient for attackers so their costs would go down because consumers would be less responsible? (this is all things being equal — meaning that the state of security is what it is today, not some ideal situation). I mean, let’s take password complexity for example: the paper says this is a waste because if you have lock outs, then there’s no need to have the complexity. But if you have those lockouts, then you can have a mass denial of service attack. If you have soft lockouts, then you customer confusion (I’m sorry, but soft lockouts are a waste in my mind).

Just GREAT.

As far as I remember, NoScript doesn’t block iFrames and Frames by default, but I maybe wrong.

ClearClick is cool thing, but it can be bypassed (it seems that I’ve found a way, but gotta test more). And more, it saves only your clicks, not your keyboard hits. So you may trick user with something like “Click Tab and hit Enter to download this video”

So, I think, NoScript doesn’t 100% bullet proof by default. But if you block all iframes, objects etc. for all trusted sites, I suppose you will be safe.

@thrill: Actually, OK’ing the warning in Firefox is everything but simple - the chance that unexperienced users will ever do that is rather low. And that’s a good thing, it puts some pressure on the websites to fix their certificates. If an app absolutely cannot do without self-signed certificates, it should at least use a root certificate that only needs to be imported once. With some luck, certificate warnings (which are still very common) will become rare enough that any user hitting one will stop and think twice (thrice) before continuing.

oh.. wait.. this is the real world? wuh?

@fahadsadah - yes, the club is a deterrent for honest people, but guess what, thieves that are determined to own your (insert rare vehicle here) don’t care about the club.. there’s dozens upon dozens of ways to subvert them, just like the silly security warnings that no one, except for security people, pay attention to.. and even in those cases, if we were to read that someone’s certificate was ’self signed’ there’s a good chance we’d still OK it on firefox.. so what’s the use?

–thrill