New way to avoid bogus web sites

August 29, 2008 7:47:19 AM PDT
Researchers at Carnegie Mellon University have created a program that taps into a network of publicly accessible servers. The servers have been programmed to ping Web sites and record changes in the encryption keys they use to secure data. The program acts as an extra tool to make sure the Web site they're visiting is really that site.

A discrepancy would be a signal that hackers are rerouting Web traffic. Currently, browsers alert users when a site has a bad certificate, but many users don't know what to do about that. Some click through to malicious sites, while others skip over harmless sites that use "self-signed" certificates.

The Carnegie Mellon program is a free download for use with the latest version of Firefox.

On the 'Net: