Browser Extension Defeats Internet Eavesdropping

Pickens writes to tell us that researchers at Carnegie Mellon University have created a simple system to help prevent man-in-the-middle attacks. Using a preset list of friendly sites called 'notaries,' the new 'Perspectives' system helps users to authenticate sites that require secure communications. Additionally this should help with the recently debated solution implemented by Firefox that has so many users frustrated and confused. "By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information (a digital certificate), in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection."

Nothing to do with Firefox's nonsense.

[argent]

Crying wolf by making people jump through hoops for self-signed sites doesn't stop MiTM attacks, it just trains people to ignore warnings about self-signed certs. This is a scheme for adding a kind of web of trust to the "is this the same certificate as last time" check. It's a good idea, but it shouldn't be conflated with the Firefox overreaction to self-signed certs.