Megan, don't let some people dissuade you from doing this much needed work! At 12:28 PM 11/20/2014, you wrote:
On Nov 19, 2014, at 9:07 AM, Jackie McBride <abletec@gmail.com> wrote:
Hay, Ryan--I'm really not saying it should be shoved into a corner exactly. What I am saying, though, is that I'm not sure it should be happening in the confines of a classroom, in a thesis that has the potential at least of being publicly available, & definitively not on a public mailing list or forum. If/when it happens (& it is), it needs to at least include the folks who have the power to affect change, i.e., the adaptive technology vendors.
Thus far, thank God, not many bad actors have taken advantage of those facets of adaptive technology that could prove a security nightmare. Part of it may be because of ignorance of the technologies employed, &, in that sense, that's a good thing, & it's that aspect that I think needs to be protected. Another reason could be the low numbers involved, though having said that, if they found a way to compromise a llot of our computers, they could build a fairly respectable botnet.
Hope that clarifies?
On 11/18/14, Ryan Shugart <rshugart@pcisys.net> wrote:
Jackie: While I agree this is a conversation
may or may not be the right place for a grad
Let me clarify a few things, as I see where both Jackie and Ryan are coming from. At this point in time, we are only doing this presentation for one class, not as a broader thesis. Because it is a graduate level class and because there is very little research having been done in this area, I felt that it was important. If we were ever to expand this project into a graduate level thesis, I would of course make sure that it was being presented to adaptive technology vendors, etc first. I am currently working with my university to see what options were there and, if I were to use it as a thesis, would strongly consider presenting at a conference like CSUN at that time. Thanks for your consideration and feedback! I will share the paper with anyone who wants to see it, off list, just let me know. Megan that needs to happen carefully, and project (not my place to say,)
it shouldn't be just shoved under the rug either. The issues here are important, and as you said, blind and other disabled people do depend on their computers and technology. Screen readers do hook into the operating system at a pretty deep level in multiple areas, so could possibly represent a good attack venue. Video drivers, MSAA hooks, etc. So there is a responsibility among the screen reader vendors to do some security checking. That being said, I know of no vulnerability that's introduced through a screen reader, so this checking is probably happening at some level, and good if it is. If its not and we've just been lucky, a fair question is why not. So yes, this does need to be on our minds, and at a high level at least shouldn't be shoved into a quiet corner. Ryan
On Nov 18, 2014, at 8:32 PM, Jackie McBride <abletec@gmail.com> wrote:
There are a lot of implications regarding the queries you pose, Megan. This has been a concern for a very long time now, talked about very quietly by those who are cognizant of this topic. Not only does it have implications for employment of blind people, but, of course, it has implications for the security of every blind computer user. I would state pretty categorically that a public forum of any sort would not be the proper place for this sort of discussion, & I have really mixed emotions about whether or not discussion of the topic in any sort of venue, be it public or private, would serve any real purpose.
Disabled people rely on their computers to assist them w/life activities that would either be difficult or impossible to do w/o the aid of a computer, as you very well know. This ksort of discussion could give bad actors all sorts of clues as to how they might compromise blind peoples' machines. There was already 1 incident where a cybercriminal targeted blind users w/some sort of audio program which turned out to be nothing of the sort.
I really think if you're going to pursue this, you should seriously consider how to keep both the input & the results from falling into the wrong hands, cuz believe me, Webvisum is child's play compared to the havoc that can be wrought by means of malicious scripts or even a malicious adaptive technology vendor.
On 11/18/14, Megan Bening <mebening@gmail.com> wrote:
Hello all, The reason I didn't want to publish this widely at this Time is because I am worried about it having adverse effects on employment of blind people. Later on I would love to expand this and at that time present at CSUN or such as my thesis. I just wanted to make everyone aware of the plan as it stands because others who agreed to work with us on this project were very apprehensive about adding their $0.02 if the study was going to be published widely. Thanks, Megan
Sent from my iPhone
On Nov 18, 2014, at 10:53 AM, Mika Pyyhkala <Mika_Pyyhkala@nhp.org> wrote:
Hi,
Is there any reason you aren't planning to publish an article on this, or present it at conferences?
I think people might be more inclined to participate if the reach of your research will be broader?
You might also think about presenting your findings at conferences like CSUN or info security conferences.
Best, Mika @pyyhkala
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Megan Bening Sent: Tuesday, November 18, 2014 11:51 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Looking for feedback on a grad project
My apologies, My last email was addressed to
http://www.marcozehe.de/2014/02/27/why-screen-reader-detection-on-the-web-is...
<http://www.marcozehe.de/2014/02/27/why-screen-reader-detection-on-the-web-is-a-bad-thing/>,
not Vic, and I only realized I had the salutation wrong after I sent it. Best, Megan > On Nov 18, 2014, at 10:18 AM, Darragh Ó Héiligh <d@digitaldarragh.com> > wrote: > > Darragh
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
This message contains information from Neighborhood Health Plan that may be confidential or privileged. This message is directed only to the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution, or use of the contents of this email is prohibited. If you have received this email in error, please notify the sender immediately and delete the message and any attachments. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Jackie McBride Author of the Upcoming Book "Beyond Baffled: the Technophobe's Guide to Creating a Website" www.brighter-vision.com Where Visionaries & Technology Unite Jaws Scripting training www.screenreaderscripting.com
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Jackie McBride Author of the Upcoming Book "Beyond Baffled: the Technophobe's Guide to Creating a Website" www.brighter-vision.com Where Visionaries & Technology Unite Jaws Scripting training www.screenreaderscripting.com
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins