- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Carnegie-Mellon University Monday announced it's making available a free add-on to Mozilla Firefox 3.0 that's intended to boost browser security.
The Firefox add-on was developed at the university's School of Computer Science and College of Engineering and is available for download here. According to the university, the Perspectives software not only protects Firefox users against attacks that might occur because of the recently disclosed software flaw in the DNS, but it also defends against some digital-certificate problems that crop up in everyday use.
"When Firefox users click on a Web site that uses a self-signed certificate, they get a security error message that leaves many people bewildered," said David Andersen, assistant professor of computer science at Carnegie-Mellon University, in a statement. But once Perspectives is installed in the Firefox, the browser can automatically override the security error page without disturbing the user if the site appears legitimate.
(School representatives note that Aug. 25 is Carnegie-Mellon's opening day for the fall semester, and the two professors most responsible for the research on Perspectives, Andersen and Adrian Perrig, were not immediately available for comment.)
According to information provided by the university, the Perspectives system augments the certificates provided by VeriSign, Comodo and Godaddy, which reduce the risk of man-in-the-middle attacks by authenticating Web sites.
The Perspectives system, which uses "notaries" to query the desired site and check authentication information, is said to provide an extra measure of security for sites that don't use certificate authorities but instead use less expensive "self-signed" certificates.
The university says the system can detect if one of the certificate authorities may have been tricked into authenticating a bogus Web site and warn the Firefox user that the site is suspicious.
Researchers Andersen and Perrig also issued remarks that the Perspectives system will provide a defense against man-in-the-middle attacks that might occur in wireless LAN hot spots where users with mobile computers may seek to access public Wi-Fi service but get tricked into communicating with an attacker's computer instead.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (6)
greatBy Anonymous on August 28, 2008, 3:42 pmFirefox is a far better browser than the competition
Reply | Read entire comment
firefoxBy Anonymous on August 27, 2008, 12:09 pmI use firefox most of the time, I tried Opera and the new version works great. I will divide my time between them, if you are looking for something to try I would...
Reply | Read entire comment
Firefox By Anonymous on August 27, 2008, 9:44 amAfter upgrading to latest Firefox, I notice it takes about 4 times as long to process emails if there is an attachment, than before upgrading. I'll give it a week...
Reply | Read entire comment
Good approach, as long as "notaries" are vettedBy Anonymous on August 26, 2008, 11:19 pmHowever, if the "notaries" are not certified or vetted in some manner, then the attackers will simply use a bot-net to activate thousands of bogus "notaries" on...
Reply | Read entire comment
it sucks i ahte it !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!By Anonymous on August 26, 2008, 10:31 amit sucks i ahte it !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Reply | Read entire comment
View all comments