Researchers at Carnegie Mellon University have developed a free extension for Firefox 3.0 to thwart man-in-the middle attacks, according to an Associated Press story in the San Francisco Chronicle.
When users go to a site that throws up a warning that its security can't be verified by a third party, such as VeriSign or GoDaddy.com, the program starts an intermediary step. It goes out to a network of publicly accessible servers to check for discrepancies in the encryption keys used to secure data on the site. It then either deems the site safe or issues an additional warning.
The system, called Perspectives, provides extra security for sites that use less expensive "self-signed" certificates rather than certificate authorities, reports Network World. These sites' warnings that the certificates cannot be verified often leave users befuddled, the researchers said.