get_col("DESC $table_name", 0) as $column ) { if ($debug) echo("checking $column == $column_name
"); if ($column == $column_name) { return true; } } //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { if ($column == $column_name) { return true; } } return false; } } function btc_altertable() { global $tablecomments; $sql = "ALTER TABLE $tablecomments ADD COLUMN comment_reply_ID INT NOT NULL DEFAULT 0;"; maybe_add_column($tablecomments, 'comment_reply_ID', $sql); } function btc_alter_comment($new_id) { global $tablecomments, $wpdb; $sql = "UPDATE $tablecomments SET comment_reply_ID=".$_POST['comment_reply_ID']." WHERE comment_ID = $new_id;"; $wpdb->query($sql); } function briansnestedcomments() { global $font_gets_smaller; if (!($withcomments) && ($single)) return; // You can safely delete the single line below if your threaded comments are up and running btc_altertable(); ?> Usable Security http://usablesecurity.com Every system has a user. Fri, 17 Jul 2009 22:06:17 +0000 http://backend.userland.com/rss092 en SOUPS 2010? This brings us to the close of SOUPS 2009. It's sad. I know. But never fear! SOUPS 2010 beacons! So, here's hoping I'll see all you usable security folks at Microsoft's campus in Seattle around this time next year! http://usablesecurity.com/?p=336 Panel: Usability of Security Software - Is Open Source a Positive, Negative, or Neutral Factor? Moderator: Luke Kowalski, Corporate UI Architect, Oracle Stuart Schechter, Microsoft Research David Recordon, Open Platforms Tech Lead, SixApart David Sward, Director of User Centered Design, Symantec Nancy Frishberg, User Experience Strategist and BayChi chair Rashmi Sinha, CEO, SlideShare The opening premise is that Open Source is a neutral factor on usability of security software. One of the ... http://usablesecurity.com/?p=267 How Users Use Access Control http://cups.cs.cmu.edu/soups/2009/proceedings/a15-smetters.pdf Diana Smetters and Nathan Good Access control is a specification of policy indicating who can do what to whom. Access control is hard to use. People often get around it by granting overly permissive capabilities. Looking at Windows XP, there are over a dozen of checkboxes that can be flipped for ... http://usablesecurity.com/?p=265 Balancing Usability and Security in a Video CAPTCHA http://cups.cs.cmu.edu/soups/2009/proceedings/a14-kluever.pdf Kurt Kluever and Richard Zanibbi CAPTCHA's are used for a variety of purposes, but most generally to combat spammers. A desirable CAPTCHA should be automatically generated, should not rely on secret databases or algorithms, should be usable, and should be hard to spoof. Most existing CAPTCHAs fail in one or more ... http://usablesecurity.com/?p=263 Sanitization’s Slippery Slope: The Design and Study of a Text Revision Assistant http://cups.cs.cmu.edu/soups/2009/proceedings/a13-chow.pdf Richard Chow, Ian Oberst and Jessica Staddon It is often important to share sensitive documents, but protecting privacy is important. A typical solution is do redact important bits, but often the redacted information can be recovered. Another approach is is to sanitize the data by replacing specific terms with more general ... http://usablesecurity.com/?p=261 Games for Extracting Randomness http://cups.cs.cmu.edu/soups/2009/proceedings/a12-halprin.pdf Ran Halprin and Moni Naor Random number generation is important for many security tasks - especially cryptography. And yet getting good random numbers is notoriously difficult in practice. Sources of randomness traditionally include "secret" data such as MAC addresses; real-time data such as hard-disk access and click timing; physical sources ... http://usablesecurity.com/?p=259 Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols http://cups.cs.cmu.edu/soups/2009/proceedings/a11-kainda.pdf Ronald Kainda, Ivan Flechais and Andrew William Roscoe Out-of-band device pairing refers to pairing devices using a channel external to the devices themselves, such as through user interactions. Technical security is achieved by using protocols based on formal proofs and are governed by the quality of the secrets involved. However, the ... http://usablesecurity.com/?p=257 Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods http://cups.cs.cmu.edu/soups/2009/proceedings/a10-kobsa.pdf Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun and Yang Wang Secure device pairing refers to the pairing two or more devices in a manner that can be trusted such that the users pair the devices they believe they are pairing without allowing a malicious third-party to join in the process. ... http://usablesecurity.com/?p=255 Discussion Session: Invisible HCI-SEC: Ways of re-architecting the operating system to increase usability and security Discussion session lead by Simson Garfinkel. Free form discussion follows. (there were other sessions, but as I only attended this one, this is the only one I got to blog) Simson wants to talk about system constraints rather than usability constraints. In practice, focusing on one at the detriment of the other ... http://usablesecurity.com/?p=269 1 + 1 = You: Measuring the comprehensibility of metaphors for configuring backup authentication http://cups.cs.cmu.edu/soups/2009/proceedings/a9-schechter.pdf Stuart Schechter and Robert Reeder What to do when the user forget their password? A common method is to provide security questions. Unfortunately, an initial analysis of the most commonly used security questions found that none were all that great, suffering from either poor memorability or poor security. What about e-mail ... http://usablesecurity.com/?p=253 Personal Choice and Challenge Questions: A Security and Usability Assessment http://cups.cs.cmu.edu/soups/2009/proceedings/a8-just.pdf Mike Just and David Aspinall Challenge questions often serve as part of a password recover mechanism, though are sometimes included along with conventional authentication. For a long time there was little research in this area, but some studies have emerged recently, generally concluding that challenge questions are neither very usable nor ... http://usablesecurity.com/?p=251 Look into my Eyes! Can you guess my Password? http://cups.cs.cmu.edu/soups/2009/proceedings/a7-deluca.pdf Alexander De Luca, Martin Denzel and Heinrich Hussmann Many password entry systems suffer from weakness against attacks where the attacker can view either the keyboard or screen. The proposal is to use eye movements for password entry, building off the findings of EyePassword, Eye Gestures, and PassShapes. The researchers implemented EyePassShapes, ... http://usablesecurity.com/?p=249 Ubiquitous Systems and the Family: Thoughts about the Networked Home http://cups.cs.cmu.edu/soups/2009/proceedings/a6-little.pdf Linda Little, Elizabeth Sillence and Pam Briggs Overall the well-being of a family is dependent on how well the members of the family communicate and interact. If we are creating products and services for families it is important to recognize that the dynamics of a different families can be very different. ... http://usablesecurity.com/?p=247 Challenges in Supporting End-User Privacy and Security Management with Social Navigation http://cups.cs.cmu.edu/soups/2009/proceedings/a5-goecks.pdf Jeremy Goecks, W. Keith Edwards and Elizabeth D. Mynatt Privacy and security management often talk about users engaging in boundary management, where decisions are made about what can cross the boundary. However, as the boundary often changes due to context and task, this can be very hard to automate. Social navigation ... http://usablesecurity.com/?p=245 A “Nutrition Label” for Privacy http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder Privacy polices in their current form are typically long, dense, and ignored by users. P3P is an XML-format allowing websites to specify their privacy policy in a machine-readable manner. The study's initial attempt at visualizing the P3P data was ... http://usablesecurity.com/?p=242 School of Phish: A Real-Word Evaluation of Anti-Phishing Training http://cups.cs.cmu.edu/soups/2009/proceedings/a3-kumaraguru.pdf Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair and Theodore Pham How do we train users to not be phished? There are existing materials out there that are pretty good, but they could be better. Regardless, most people don't proactively go looking for security training materials ... http://usablesecurity.com/?p=239 Social Applications: Exploring A More Secure Framework http://cups.cs.cmu.edu/soups/2009/proceedings/a2-besmer.pdf Andrew Besmer, Heather Lipford, Mohamed Shehab and Gorrell Cheek Social applications are apps built on top of social network platforms such as Facebook or Google's OpenSocial. They are intended to leverage the social network to provide value to users. Typically when installing the app they are presented with a screen prompting the ... http://usablesecurity.com/?p=237 Revealing Hidden Context: Improving Mental Models of Personal Firewall Users http://cups.cs.cmu.edu/soups/2009/proceedings/a1-raja.pdf Fahimeh Raja, Kirstie Hawkey and Konstantin Beznosov A tenet of Usable Security put forth by Ka-Ping Yee and others is that the user should always be able to view and understand their current security state. As users become more mobile this becomes even more important because the underlying state may be ... http://usablesecurity.com/?p=233 Invited Talk: Redirects to login pages are bad, or are they? Speaker: Eric Sachs Usability "experts" claim that websites should just ask a person for their login information instead. Security "experts" claim that redirects promote phishing (and want to shoot the usability experts). Turns out, sites prompting for a password is annoying! Some % of users couldn't immediately remember their password. Another large group just ... http://usablesecurity.com/?p=231 SOUPS 2009 Welcome to SOUPS 2009! SOUPS 2009 is being held at in Mountain View, CA. http://cups.cs.cmu.edu/soups/2009/ http://usablesecurity.com/?p=229