DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
August 27th, 2008
Firefox tool counters man-in-the-middle attacks
Researchers at Carnegie Mellon University have released an extension for Firefox 3 that can protect wireless-network users from so-called 'man-in-the-middle' attacks.
The software, dubbed 'Perspectives', is available for download for free.
Perspectives also protects against attacks that exploit a recently exposed flaw in the DNS system, which translates web addresses into numerical IP addresses, said Dave Andersen, a computer science professor at Carnegie Mellon University, who was an adviser on the Perspectives project.
In an attack on the DNS system, someone typing in a legitimate web address could be unwittingly redirected to a malicious site. Perspectives would pop up a warning to the web surfer that the site they are going to is suspicious.
In general, Perspectives is designed to guide web surfers away from malicious sites. It is also designed to assure surfers when they visit sites that are safe but which Firefox warns about because the sites are not paying a third-party certificate authority, such as VeriSign, for authentication, and instead are using 'self-signed' digital certificates, also known as keys.
Signing up with a certificate authority can be expensive and time-consuming, so some sites prefer to do it themselves, Andersen said. If they do, Firefox penalises them by displaying an error message that says the browser is unable to verify that the site can be trusted.
The messages leave many web surfers confused, and they may either avoid a legitimately safe site or get used to automatically accepting certificates with the warning and inadvertently trust a malicious site at some point.
"The fear is that the Firefox policy will force some sites to use certificate authorities but will make others not use any security at all," Andersen said.
The Perspectives software queries servers around the internet that Andersen has set up as notary-type nodes and asks them to verify the certificate they see for the website sought and to verify what certificate they have historically seen for that site. If the computers are in agreement on those questions, the surfer is sent directly to the site. If there is disagreement on those questions, the browser displays a warning to the web surfer that the site is suspicious.
"The average [internet] user probably wouldn't see one of these attacks in a given year," Andersen said, when asked how severe the problem is. "But, an unlucky user in an airport or some convention where there happened to be a bad guy [lurking on the network] would definitely be vulnerable."
Source: ZDNet UK
All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
