Mozilla Firefox browser gets security boost

Carnegie-Mellon University makes available a free security add-on for Firefox 3.0.

Carnegie-Mellon University Monday announced it's making available a free add-on to Mozilla Firefox 3.0 that's intended to boost browser security.

The Firefox add-on was developed at the university's School of Computer Science and College of Engineering and is available for download here. According to the university, the Perspectives software not only protects Firefox users against attacks that might occur because of the recently disclosed software flaw in the DNS, but it also defends against some digital-certificate problems that crop up in everyday use.

"When Firefox users click on a Web site that uses a self-signed certificate, they get a security error message that leaves many people bewildered," said David Andersen, assistant professor of computer science at Carnegie-Mellon University, in a statement. But once Perspectives is installed in the Firefox, the browser can automatically override the security error page without disturbing the user if the site appears legitimate.

(School representatives note that Aug. 25 is Carnegie-Mellon's opening day for the fall semester, and the two professors most responsible for the research on Perspectives, Andersen and Adrian Perrig, were not immediately available for comment.)

According to information provided by the university, the Perspectives system augments the certificates provided by VeriSign, Comodo and Godaddy, which reduce the risk of man-in-the-middle attacks by authenticating Web sites.

The Perspectives system, which uses "notaries" to query the desired site and check authentication information, is said to provide an extra measure of security for sites that don't use certificate authorities but instead use less expensive "self-signed" certificates.

The university says the system can detect if one of the certificate authorities may have been tricked into authenticating a bogus Web site and warn the Firefox user that the site is suspicious.

Researchers Andersen and Perrig also issued remarks that the Perspectives system will provide a defense against man-in-the-middle attacks that might occur in wireless LAN hot spots where users with mobile computers may seek to access public Wi-Fi service but get tricked into communicating with an attacker's computer instead.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Firefoxmozilla

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?