Online Billing Scary Error

I went to my Vodafone Ghana online billing login and got a big fat scary error:

cert-expired

The SSL certificate is expired. It expired over a month ago:

cert-expired-detail

Now, there’s really not much of a problem here. The certificate is perfectly able to encrypt my connection to the server and it identifies the server as belonging to vodafone.gh. It’s just out of date. Embarrassing for Vodafone but it is actually safe for me to continue.

This is exactly the sort of wolf-crying that teaches people to ignore security warnings that computers throw up. To a normal human that just wants to complete a task, the big red screen looks an awful lot like “Blah, blah, blah, click the ‘Proceed’ button if you want to get your bills paid.”

Cormac Herly has a great paper on the rational rejection of security advice by users where he notes that “fully 100% of certificate error warnings appear to be false positives.” The gist of Herley’s argument is that burdens of understanding and implementing good e-security may not be worth it to people in a rational cost-benefit trade off of the perceived risk versus the value of their time and pain.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: