It’s fairly easy for hackers to intercept data flowing between a computer and a website. It’s a great way for them to steal personal data such as passwords and account numbers, especially in places like Wi-Fi hotspots – and those who’ve been hacked don’t even know it’s happening.
But that might become a thing of the past, thanks to a trio of US researchers from Carnegie Mellon University. They’ve developed the idea of sites designated as trusted “notaries,” the BBC reports.
Special software compares responses from the trusted sites and tells users if it appears that their data is being intercepted.
Currently verified security certificates are the route of choice for secure communications and transactions. They’re all well and good, but more people are buying from and using sites that don’t possess them, leaving themselves at risk, and most people simply wouldn’t know what to do if the certificate system failed.
"A lot of them just shrug and go ahead with the connection, potentially opening themselves up to attack," said assistant professor David Andersen who helped to develop the system.
Under this new idea, whenever a user visited a site, the trusted notary would also visit, then the data received by all those requesting it would be compared. If there were discrepancies suggesting that the data was being intercepted, then the notary would alert the user.
The researchers have signed up sites to act as notaries and developed free software for consumers, although it’s presently just available as an add-on for Firefox, Linux, and Apple’s OS X on Intel.