Trusted sites thwart net hijacks
US researchers have found a way to thwart hack attacks which intercept data passing from a PC to a website.
These "man-in-the-middle" attacks are hard to spot because they involve hi-tech hackers who have total control over data streams.
Developed by computer scientists at Carnegie Mellon the defence involves sites designated as trusted "notaries".
Software compares responses received by trusted websites and tells users if it looks like data is being intercepted.
Wireless risk
At the moment many bank and big online retail sites use independently verified security certificates to protect transactions and secure communications with customers.
But, say the three researchers behind the protection scheme, more and more people are visiting sites that lack these certificates or are connecting to the net via wireless access points where security can be lax.
The growing use of public wi-fi hot spots had made it very easy for hi-tech hackers to hijack and eavesdrop on web browsing sessions, said assistant professor David Andersen who helped to develop the defence.
"A lot of people wouldn't even know they've been attacked," said Dr Andersen.
Criminal hackers try to interpose themselves between PCs and the sites they visit to steal information or gain access to valuable resources such as online accounts.
Developed by Dr Andersen, associate professor Adrian Perrig, and PhD student Dan Wendlandt, the Perspectives system designates a series of sites as trusted notaries.
When a web user visits a site the trusted notaries visit too. The data received by all those requesting data is compared and a warning given if there are discrepancies which suggest a user's traffic is being intercepted.
The system should also help if the established system using security certificates breaks down. In those circumstances, said Mr Wendlandt, most people do not know what to do.
"A lot of them just shrug and go ahead with the connection, potentially opening themselves up to attack," he said.
To spread the word about their defence the trio of researchers have signed up a series of sites to act as notaries and have developed software worried web users can install to help protect them.
Currently the software is only available as an add-on for the Firefox browser, Apple's OS X on Intel machines and Linux.
Story from BBC NEWS:
Published: 2008/08/26 12:47:16 GMT
? BBC MMVIII
US researchers have found a way to thwart hack attacks which intercept data passing from a PC to a website.
These "man-in-the-middle" attacks are hard to spot because they involve hi-tech hackers who have total control over data streams.
Developed by computer scientists at Carnegie Mellon the defence involves sites designated as trusted "notaries".
Software compares responses received by trusted websites and tells users if it looks like data is being intercepted.
Wireless risk
At the moment many bank and big online retail sites use independently verified security certificates to protect transactions and secure communications with customers.
But, say the three researchers behind the protection scheme, more and more people are visiting sites that lack these certificates or are connecting to the net via wireless access points where security can be lax.
The growing use of public wi-fi hot spots had made it very easy for hi-tech hackers to hijack and eavesdrop on web browsing sessions, said assistant professor David Andersen who helped to develop the defence.
"A lot of people wouldn't even know they've been attacked," said Dr Andersen.
Criminal hackers try to interpose themselves between PCs and the sites they visit to steal information or gain access to valuable resources such as online accounts.
Developed by Dr Andersen, associate professor Adrian Perrig, and PhD student Dan Wendlandt, the Perspectives system designates a series of sites as trusted notaries.
When a web user visits a site the trusted notaries visit too. The data received by all those requesting data is compared and a warning given if there are discrepancies which suggest a user's traffic is being intercepted.
The system should also help if the established system using security certificates breaks down. In those circumstances, said Mr Wendlandt, most people do not know what to do.
"A lot of them just shrug and go ahead with the connection, potentially opening themselves up to attack," he said.
To spread the word about their defence the trio of researchers have signed up a series of sites to act as notaries and have developed software worried web users can install to help protect them.
Currently the software is only available as an add-on for the Firefox browser, Apple's OS X on Intel machines and Linux.
Story from BBC NEWS:
Published: 2008/08/26 12:47:16 GMT
? BBC MMVIII