Hello and welcome to the Thursday, January 25th, 2024 edition of the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

I wrote up a quick story today about, well, just some bad user interface design in information security tools, in particular when you're

talking about consumer-based tools. The reason I wrote about this is that, as many of you,

I imagine, often get asked for help from friends, neighbors, dog park, acquaintances, and such,

about issues they have had with their mobile phones, with their computers, and so often it's, well, really not much, but sometimes actually

gets worse because of bad user interface design, in particular how some of the security

tools are almost flooding you with

pretty much useful alerts, which then of course desensitizes some users to fall for fake alerts.

And that's sort of an issue that I ran into recently.

And that sort of prompted a little bit that post. Also, that if you are trying

to understand more about the alert, well, these tools are off not that forthcoming with the necessary

details to actually help you understand what's going on. This is not a specific tool I'm talking about here.

I find that this is pretty much true for more or less any of in particular the consumer

targeting security tools.

And part of it I think is that in particular when it comes to alert messages, the goal here

is less to inform the user,

but more to essentially make a sale, show value to the user, that, hey, the tool apparently

did something good for you, but that's exactly what the bad guys are going for then.

Their messages are then also designed to make a sale, just with their fake

support hotline and such, which of course leads to both tools using pretty much the same

language, the same type of pop-up message.

And Orca Security has an interesting blog post post in particular if you're using Google Kubernetes

...