'Trusted notary' sites may help protect against hack attacks

London, Aug 27 : Scientists at Carnegie Mellon have found a way to thwart hack attacks that intercept data passing from a personal computer to a website.

Since the "man-in-the-middle" attacks involve hi-tech hackers who have total control over data streams, such activities are hard to spot.

The defence mechanism involves sites designated as trusted "notaries".

Software compares responses received by trusted websites and tells users if it looks like data is being intercepted.

Presently, many bank and big online retail sites use independently verified security certificates to protect transactions and secure communications with customers.

But, according to the three researchers behind the protection scheme, more and more people are visiting sites that lack these certificates or are connecting to the net via wireless access points where security can be lax.

The growing use of public wi-fi hot spots had made it very easy for hi-tech hackers to hijack and eavesdrop on web browsing sessions, said assistant professor David Andersen who helped to develop the defence.

"A lot of people wouldn't even know they've been attacked," BBC quoted Dr Andersen, as saying.

Criminal hackers try to interpose themselves between PCs and the sites they visit to steal information or gain access to valuable resources such as online accounts.

Developed by Dr Andersen, associate professor Adrian Perrig, and PhD student Dan Wendlandt, the Perspectives system designates a series of sites as trusted notaries.

When a web user visits a site the trusted notaries visit too. The data received by all those requesting data is compared and a warning given if there are discrepancies which suggest a user's traffic is being intercepted.

ANI