Collin Jackson, Dan Boneh, and John Mitchell of Stanford have developed a neat system, called Spyblock, for entering sensitive information into Web browsers so that it can’t be sniffed by spyware. Users browse the Web in a virtual machine (VM). However, sensitive information is only entered in secure environment (outside the VM, but typically on the user’s same machine) and injected into the outgoing data stream. A browser extension is used to facilitate the transactions between the secure and insecure environments.
Spyblock also includes a number of other features:
1) A “transaction confirmation” feature so a user can detect the presence of active malware (i.e., malware that tries to conduct malicious transactions surreptitiously by piggybacking on top of an existing user session).
2) Support for password authenticated key exchange (PAKE), which provides added security against dictionary attacks and also provides mutual authentication.
3) Support for...