Warnings in Plain English—but if no one reads them, will they help?

This blog post is in reaction to the USENIX/Google research titled “Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.”

https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/akhawe

The overarching questions I have are:

1) how and when should the notifications be displayed to users and
2) how should the notifications be written

For additional commentary on how Google Chrome is reacting to the findings from the research, see the WeLiveSecurity post Google Chrome security warnings – now in plain English.

It would be interesting to see the results of clickthrough rates with antivirus dialogs when combined with the browser dialogs. Users don’t purchase/use a web browser to have dialog warnings as a primary feature, but an argument can be made that by purchasing antivirus these users prefer an extra layer of security and additional warnings/notifications – this could inform whether this will impact if those users visit more malicious sites. As the study indicated as a limitation, we need to “consider user behaviors that are indicative of attention to warnings” (258). Continue reading →

Rhetorical & #TechComm Analysis of AT&T “CPNI” Opt-Out Email

As I have mentioned in previous posts (analysis of hacking responses and Kickstarter PR response), as more PR and marketing communications concern technical issues (either directly regarding a technology or technological information about a product or service) there is a need for writers who can write both technical and rhetorically — that is, knowing not just what to say but how and where.

Continue reading →

Rhetorical & #TechComm Analysis of Kickstarter “hacking” response

What happened?

“Important Kickstarter Security Notice”

https://www.kickstarter.com/blog/important-kickstarter-security-notice

What happened in summary?

• Last week on Wednesday (this date is relevant) Kickstarter’s website was hacked and users’ personal data was stolen. Kickstarter released a PR statement regarding the security incident on Saturday (yes, 3 days later, on a holiday weekend) with recommended instructions that users should take.

Why am I writing about this?

• Security breaches are becoming more and more common and with the need for companies to release PR statements informing their users of an incident, invariably technical instructions need to be conveyed as well. For example, see my previous post on this topic: Rhetorical & #TechComm Analysis of Adobe, Avast, Avira, & AVG “hacking” responses. Continue reading →

Rhetorical & #TechComm Analysis of Adobe, Avast, Avira, & AVG “hacking” responses

What happened?

Avira and AVG: http://www.pcworld.com/article/2053380/network-solutions-investigating-dns-hijack.html
Avast: http://grahamcluley.com/2013/10/vigilance-avast-anti-virus-website-pwned/
Adobe: http://rt.com/usa/adobe-hacked-krebs-hold-742/

What happened in summary?

• In the past week, several companies’ websites were “hacked”* including the security companies AVG and Avira, and the same attempt made on Avast. The hack made on Adobe was not the same as the previous three but because it occurred during this same time and was a result of hacking, I have included it in this post. Whatsapp was also hacked but I have not included them in this post.

Continue reading →