Pickens writes "Researchers at Carnegie Mellon University have devised a low-cost system that can prevent "Man-in-the-Middle" (MitM) attacks and also protect against attacks related to a recently disclosed software flaw in the Domain Name System (DNS), The "Perspectives" system employs a set of friendly sites, or "notaries," that can aid in authenticating Web sites for financial services, online retailers and other transactions requiring secure communications. By independently querying the desired target site, the notaries check whether each is receiving the same authentication information (a digital certificate), in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection. "When Firefox users click on a Web site that uses a self-signed certificate, they get a security error message that leaves many people bewildered," says one of the researchers. "Most users don't have a clue about what to do in those cases. A lot of them just shrug and go ahead with the connection, potentially opening themselves up to attack." Once Perspectives has been installed in the browser, it can automatically override the security error page without disturbing the user if the site appears legitimate."
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Browser Extension Defeats Internet Eavesdropping 0 Comments More Login /
Get More Comments