Sometimes hackers don’t come to you—you go to them. Fortunately, the researchers at Carnegie Mellon have devised a system that can protect Web surfers from pesky peepers that wait for you to borrow their signal. The software, called Perspectives, clears up potential bugs when establishing a secure connection wirelessly.

Article Tools

• 

David Andersen, assistant professor of computer science at Carnegie Mellon, highlighted that hackers have been targeting laptop and other mobile Web surfers. A specifically volatile scenario is securing a connection to the Web via someone else’s established wireless signal. This opens the floodgates for attackers. “It’s very, very, very easy for someone to convince you to go through their computer,” says Anderson. “A lot of people wouldn’t even know they’ve been attacked.” Andersen suggests that the attack usually comes in the form of a “security error” page, but with Perspectives installed on the browser, users are safely sidestepped around this pitfall if the site appears legitimate.

Specifically, the software employs a set of friendly notaries that can aid in authenticating Web sites for financial services, online retailers, and other transactions requiring secure communications. By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called digital certificate, in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection.

Another major problem in DNS software is attacks on ISP. In this case, malware in an ISP redirects users to malicious software instead of the originally intended site. Dan Wendlandt, a Ph.D. student in computer science, says, “With perspectives, even if a client’s ISP has fallen victim to the attack, the client will be able to detect that the public key received from the fake site is inconsistent with the results returned from the notaries.”

Perspectives is available as a downloadable extension to Mozilla Firefox (version 3) for free at www.cs.cmu.edu/~perspectives/firefox. Researchers Andersen, Wendlandtand Adrian Perrig, associate professor of electrical and computer engineering, have launched their own network of notary sites. For more information, visit www.cs.cmu.edu/~perspectives/.

Related Articles

1. "Bump In The Wire" Chip Adds Security Without A Redesign
2. Security Solution Protects Against New WPA Vulnerability