Linux Solutions

Hackers love spying on and intercepting commutation between two computers, but now researchers at Carnegie Mellon University hope the software they have created will help thwart criminals.

The free software can be downloaded for use with the increasingly popular Mozilla Firefox browser, and creates a new way for people to verify whether the site they are entering is authentic.

Most browsers already alert users to a dodgy site. The most common way is for the browser to let us know that the site has not been verified by VeriSign or GoDaddy.com. Those are two companies who sell Secure Sockets Layer certificates, which are what the little padlock in the bottom right of a toolbar.

The problem Carnegie Mellon researchers say is that many people are confused about what to do when they get warnings about a bad certificate.

Some users click through, heading happily on to malicious suites that steal personal information, while others just head somewhere else.

Researchers - David Andersen, Adrian Perrig and Dan Wendlandt - created a program that performs a simple extra step. It can tap into a network of publicly accessible servers that have been programmed to ping Web sites and record changes in the encryption keys they use to secure data.

Any discrepancy can be a sign that hackers are rerouting traffic through machines under their control, a pernicious type of attack known as a “man in the middle.”

As a result, the new program either overrides the security warning if a site is deemed legitimate, or throws up another warning if the subsequent probes reveal more red flags