WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: Relationship Between Accessibility, Screen Readers and Security Clarified

for

Number of posts in this thread: 5 (In chronological order)

From: Terrill Bennett
Date: Wed, Jan 26 2011 10:21AM
Subject: Relationship Between Accessibility, Screen Readers and Security Clarified
No previous message | Next message →

For your enlightenment:

"Lack of accessibility usually indicates that there are potential
security problems. If a screen reader can't extract text out of a
file, then it's an indicator that there's a lot in that format and
there's a lot of stuff in that file that could do bad things to your computer."

That statement came from a post-doctorate associate at the Department
of Computer Science at Dartmouth College named Anna Shubina, Ph.D.
You can read her remark in a story concerning online access at
Dartmoth University, here:

http://thedartmouth.com/2011/01/26/news/online

Don't shoot me, I'm just the messenger.

Enjoy!

-- terrill --

From: Pollard, Larry W. (DRS)
Date: Wed, Jan 26 2011 11:48AM
Subject: Re: Relationship Between Accessibility, Screen Readers and Security Clarified
← Previous message | Next message →

Good Afternoon

The statement from named Anna Shubina, Ph.D. at the Department

of Computer Science at Dartmouth College is very true in a lot of ways
and this is something that all E-learning course designers ,web
developers' should remember when designing E-learning course content or
a web developer is building a new web site. With 75%1 of the US
population and 65%2 of the UK population having internet access at home,
it is imperative that websites are designed to be both accessible and
usable. The WCAG Guidelines, introduced in 1999, go some way to helping
web developers create accessible websites-but ...we must look further
than the guidelines if we are to create websites which are accessible to
users with disabilities and the assistive technologies they rely on. The
ADA and Section 508 were enacted by the US federal government to
eliminate barriers in information technology-including eLearning. The
intent is to make new opportunities available for people with
disabilities, and to encourage new technologies that help achieve these
goals. The Canadian AODA and the UK's DDA share this goal.









Larry. Pollard

Accessibility Webmaster

Department of Rehabilitative Services



From: Andrew Kirkpatrick
Date: Wed, Jan 26 2011 1:42PM
Subject: Re: Relationship Between Accessibility, Screen Readers and Security Clarified
← Previous message | Next message →

I didn't want to chime in on this but I just can't help myself. This statement strikes me as the sort of quote that sounds really good and people naturally want to assume helps justify work on accessibility, but I don't think holds up under scrutiny.

Anna Shubina says "..if a screen reader can't extract text out of a file then it's an indicator that there's a lot in that format and there's a lot of stuff in that file that could do bad things...".

She may be thinking about PDF or Flash, but since screen readers can read both she must not be.

Perhaps she's thinking about image files? Screen readers can't get text out of an image file. Many images even have metadata that a screen reader could read, but the screen reader and common image rendering tools don't present that information to be read. So are image files necessarily more of a security risk? Probably not.

Perhaps she's thinking about SVG? SVG can have text and has poor support by screen readers, due to user agent and AT support, but this doesn't translate into a greater security risk either.

Bottom line, I wish that there was some evidence to support this statement, but I can't think of what that could possibly be.

Thanks,
AWK

Andrew Kirkpatrick
Group Product Manager, Accessibility
Adobe Systems

= EMAIL ADDRESS REMOVED =
http://twitter.com/awkawk
http://blogs.adobe.com/accessibility


From: Terrill Bennett
Date: Thu, Jan 27 2011 5:24AM
Subject: Re: Relationship Between Accessibility, Screen Readers and Security Clarified
← Previous message | Next message →

AWK,

On it's own, Ms. Shubina's statement has little (or nothing) to do
with online accessibility. As I read her statement, she is warning
that if your site isn't accessible it may be a potential security
threat. I can think of numerous examples where something can be
accessible, and still be a security risk. Links made of malformed
URL's come immediately to mind, where the URL and link text are
easily read but causes a server crash. SQL injection is another - the
page and form used for submission are 100% accessible, but the code
that processes the submitted data fails to properly untaint the data.

There are lots of file types which can be distributed via the
Internet and from which text can't be extracted directly. A review of
MIME types (Multipurpose Internet Mail Extensions) reveal numerous
extensions, some of which are potential threats (e.g. .exe):
http://www.w3schools.com/media/media_mimeref.asp

While it would be beneficial (even profitable) if accessibility and
security went hand-in-hand, inclusion of Ms. Shubina's statement
without elaboration is misleading to the uniformed. Of course, Ms.
Shubina may have been horribly misquoted by the author.

-- terrill --

PS: AWK? Aho, Weinberger and Kernighan? <grin>

At 03:39 PM 1/26/2011, you wrote:
>I didn't want to chime in on this but I just can't help
>myself. This statement strikes me as the sort of quote that sounds
>really good and people naturally want to assume helps justify work
>on accessibility, but I don't think holds up under scrutiny.
>
>Anna Shubina says "..if a screen reader can't extract text out of a
>file then it's an indicator that there's a lot in that format and
>there's a lot of stuff in that file that could do bad things...".
>
>She may be thinking about PDF or Flash, but since screen readers can
>read both she must not be.
>
>Perhaps she's thinking about image files? Screen readers can't get
>text out of an image file. Many images even have metadata that a
>screen reader could read, but the screen reader and common image
>rendering tools don't present that information to be read. So are
>image files necessarily more of a security risk? Probably not.
>
>Perhaps she's thinking about SVG? SVG can have text and has poor
>support by screen readers, due to user agent and AT support, but
>this doesn't translate into a greater security risk either.
>
>Bottom line, I wish that there was some evidence to support this
>statement, but I can't think of what that could possibly be.
>
>Thanks,
>AWK
>
>Andrew Kirkpatrick
>Group Product Manager, Accessibility
>Adobe Systems
>
> = EMAIL ADDRESS REMOVED =
>http://twitter.com/awkawk
>http://blogs.adobe.com/accessibility
>
>
>

From: Hoffman, Allen
Date: Thu, Jan 27 2011 3:27PM
Subject: Re: Relationship Between Accessibility, Screen Readers and Security Clarified
← Previous message | No next message

I am curious to hear the examples this statement rides on also.
I'd hate to find a huge gap in my own IT knowledge, but one never knows.