Two students at Carnegie Mellon University have developed free software that helps verify the authenticity of Web sites to avoid “man-in-the-middle” attacks, which reroute Web traffic to unauthorized computers, according to the Associated Press.
The software, designed by a computer-science senior and a third-year graduate student, works as a Firefox extension that is compatible with the latest version of the browser. The software can be downloaded free from the university’s Web site.
The program gives users extra help in verifying whether the Web site they’re about to visit is authentic or bogus. Although most browsers already warn users when a site displays a dubious security certificate, some users get confused by the warnings. They might still click through to the site and have their data stolen in the process, or they might chose to ignore Web sites that are in fact legitimate.
The Carnegie Mellon software links to a network that checks for discrepancies in Web sites’ encryption codes. If any discrepancy is found, the software shows an additional warning to the user. If the Web site the user is visiting appears harmless, no additional warning is displayed. —Maria José Viñas
