Feeds:
Posts
Comments

Archive for August, 2008

By JORDAN ROBERTSON, AP Technology Writer Wed Aug 27, 5:16 PM ET

SAN FRANCISCO – Intercepting Internet traffic, and spying on the communication between two computers, is a gold mine for hackers. Now Carnegie Mellon University researchers hope software they’ve built will make it harder for criminals to hit that jackpot.

The software, a free download for use with latest version of the Firefox Web browser, creates an additional way for people to verify whether the site they’re trying to visit is authentic.

Most browsers already alert users when a site appears bogus. One way is by warning that a site that claims to be equipped to handle confidential information securely hasn’t been verified by a third party, like VeriSign Inc. or GoDaddy.com Inc. Those are two of many companies that sell so-called Secure Sockets Layer certificates, which generate the padlock icon in the address bar.

The problem, the Carnegie Mellon researchers say, is that many people are perplexed about how to proceed once they get one of those warnings about a bad certificate.

Some click through, going on to malicious sites that steal their personal information, while others retreat, skipping over harmless sites that used less expensive, “self-signed” certificates.

So the researchers — David Andersen, Adrian Perrig and Dan Wendlandt — created a program that performs a novel extra step. It can tap into a network of publicly accessible servers that have been programmed to ping Web sites and record changes in the encryption keys they use to secure data.

Any discrepancy can be a sign that hackers are rerouting traffic through machines under their control, a pernicious type of attack known as a “man in the middle.”

As a result, the new program either overrides the security warning if a site is deemed legitimate, or throws up another warning if the subsequent probes reveal more red flags.

___

On the Net:

Carnegie Mellon researchers’ site:

http://tinyurl.com/6cblaz

Read Full Post »

Wed Aug 27, 6:22 PM ET

SAN FRANCISCO (AFP) – NASA confirmed on Wednesday that a computer virus sneaked aboard the International Space Station only to be tossed into quarantine on July 25 by security software.

A “worm type” virus was found on laptop computers that astronauts use to send and receive email from the station by relaying messages through a mission control center in Texas, according to NASA spokesman Kelly Humphries.

The virus is reported to be malicious software that logs keystrokes in order to steal passwords or other sensitive data by sending the information to hackers via the Internet.

The laptop computers are not linked to any of the space station’s control systems or the Internet.

“The bottom line is it is a nuisance for us,” Humphries told AFP. “The crew is working with teams on the ground to eradicate the virus and look for actions to prevent that from happening in the future.”

The virus had no adverse effect on space station operations, according to Humphries.

The space station orbits Earth once every 90 minutes at an altitude of about 350 kilometers (217 miles).

NASA is reportedly looking into whether the virus got into the computers by hiding in a memory drive used to store music, video or other digital files.

Humphries said this is not the first computer virus stowaway on the Space Station.

“This is not a frequent occurrence but it has happened before,” Humphries said.

Read Full Post »