|
 |
|
 |
| Tuesday, September 07, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
7 |
 |
Members:
0 |
 |
Total:
7 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
EldAztek
Posts:0
 |
| 02/04/2003 11:01 PM |
|
| What it is
Opera is an alternative browser to Internet Explorer. It is touted as a faster, more secure, browser than IE, and has an integrated Email program called M2. However, as we all know - as you add features to a program, you also expand the possibility of opening security holes. And Opera version 7.0 opens a whopping 5 new security holes. The more disturbing thing is that these security holes were revealed to the authors of Opera as long ago as last November and we still haven't seen fixes for many of them. The person discovering the vulnerabilities attempted to help Opera's authors address and resolve them, but they have not been forthcoming - so they released the info to the general public.
To contrast, Microsoft usually releases hot fixes within 2 weeks of notification (1 week if the threat is severe). Service packs come out about every other month with thoroughly regression tested fixes.
The security holes open up a wide variety of vulnerabilities to an opera user, including the ability for an attacker to read files on their disks, execute cross-site scripting attacks that transfer security information from one site to another, read emails within M2 Opera's email host a couple different ways, determine where you've browsed lately, log all the URL's in your history file so they know exactly where you've been and what you've seen. These sorts of privacy and security exploits are exactly the kind of problem that got IE into trouble. The difference is that in IE these things were fixed well, quickly and a long time ago.
I've long said that as alternative browsers, operating systems, databases and web servers proliferated and became more popular the temptation would be there to add more features. And as these features are added (like Javascript in Opera 7) along come the vulnerabilities that more complex software makes possible. As we've seen from the recent rash of Linux issues, we are also going to see similar issues with other alternative browsers. Be careful and be a wary buyer. Let logic prevail over what constitutes the safest choice - not an emotional "I hate Microsoft" attitude.
What we recommend
For the moment we recommend NOT using Opera 7 as your browser. Many of these vulnerabilities exist in older versions of Opera, but the most dangerous ones popped up with the new version 7. Until Opera makes a concerted effort to fix these issues, and the vendor shows a real dedication to fixing security breaches we'd recommend using a different browser by a vendor that DOES show this sort of concerted effort. Hate it if you will but at least IE is patched fairly rapidly by Microsoft and they've made a real effort to make their product more bulletproof.
Where to get more information
You can get more information about these advisories at:
http://security.greymagic.com/adv/
This ends this Viruswarning security update dated 2/4/2003 at 8:05pm
Lee Drake
Aztek Computer Solutions, Inc.
39 N. Goodman St.
Rochester, NY 14607
585-242-2060
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|