Page last updated at 12:47 GMT, Tuesday, 26 August 2008 13:47 UK

Trusted sites thwart net hijacks

Cash and keyboard, BBC/Corbis
Man-in-the-middle attacks are hard to defend against

US researchers have found a way to thwart hack attacks which intercept data passing from a PC to a website.

These "man-in-the-middle" attacks are hard to spot because they involve hi-tech hackers who have total control over data streams.

Developed by computer scientists at Carnegie Mellon the defence involves sites designated as trusted "notaries".

Software compares responses received by trusted websites and tells users if it looks like data is being intercepted.

Wireless risk

At the moment many bank and big online retail sites use independently verified security certificates to protect transactions and secure communications with customers.

But, say the three researchers behind the protection scheme, more and more people are visiting sites that lack these certificates or are connecting to the net via wireless access points where security can be lax.

The growing use of public wi-fi hot spots had made it very easy for hi-tech hackers to hijack and eavesdrop on web browsing sessions, said assistant professor David Andersen who helped to develop the defence.

"A lot of people wouldn't even know they've been attacked," said Dr Andersen.

Criminal hackers try to interpose themselves between PCs and the sites they visit to steal information or gain access to valuable resources such as online accounts.

Developed by Dr Andersen, associate professor Adrian Perrig, and PhD student Dan Wendlandt, the Perspectives system designates a series of sites as trusted notaries.

When a web user visits a site the trusted notaries visit too. The data received by all those requesting data is compared and a warning given if there are discrepancies which suggest a user's traffic is being intercepted.

The system should also help if the established system using security certificates breaks down. In those circumstances, said Mr Wendlandt, most people do not know what to do.

"A lot of them just shrug and go ahead with the connection, potentially opening themselves up to attack," he said.

To spread the word about their defence the trio of researchers have signed up a series of sites to act as notaries and have developed software worried web users can install to help protect them.

Currently the software is only available as an add-on for the Firefox browser, Apple's OS X on Intel machines and Linux.

PC stripper helps spam to spread
30 Oct 07 |  Technology
Paypal to block 'unsafe browsers'
18 Apr 08 |  Technology
Clipboards hijacked in web attack
18 Aug 08 |  Technology
Hi-tech thieves target Olympics
09 Aug 08 |  Technology
Online risk due to browser flaws
08 Jul 08 |  Technology
Web browser to get 'privacy mode'
21 Aug 08 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Sign in

BBC navigation

Copyright © 2019 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific