Press release: Opera, The Securestest Browser On Earth, puts an end to Phishing!



Opera, The Securestest Browser On Earth, puts an end to Phishing!

Opera Software ASA today announced a breakthrough in the war on Phishing. With its new SpoofProof(TM) technology, the user is safe from malicious links. This new patent-pending technology, which will put an end to Phishing attacks, works by disabling all clickable links so that the user has to type in all URLs manually.

"We are confident that our new SpoofProof(TM) technology will offer users with unparalleled security", says a spokesperson for Opera Software ASA. "No other browser can match this level of security."

Triggered by the latest IDN spoofing issue, Opera Software ASA found other solutions, such as disabling IDN, to only patch the symptoms, not the problem itself. "The real problem is that people go to an evil site and click on links that claim to take them to their bank," says a security analyst. "With SpoofProof(TM), Opera has not only addressed this specific issue, but they have also solved any future spoofing problems that may arise. Opera is clearly at the forefront of security."

A version with the fix is in the works, less than 24 hours after the initial report. "While we didn't make the 12 hour deadline, we feel that our new SpoofProof(TM) technology offers better protection to users than other solutions that took less than 12 hours," says the Opera spokesperson in response to fixes announced by other browser vendors.

About Opera Software ASA

Opera Software ASA is an industry leader in the development of secure Web browser technology, targeting the desktop, smartphone, PDA, home media and vertical markets.

Advertisements

32 thoughts on “Press release: Opera, The Securestest Browser On Earth, puts an end to Phishing!

  1. How about something that 'almost' is spoof proof and a lot easier on the user. I have said this already elsewhere already but what the hell I'll copy it here since it is on topic and nobody seems to want to give me any feedback as to why it wouldn't work.

    This is the plan: If you are visiting a bookmarked or frequently visited site a star appears, placed where the padlock or rss feeds are listed in the address bar now. (if a site is secure and bookmarked/frequently visited then the star appears next to the padlock). Since I have read previously that most people seem to visit the same 5 to 10 sites over and over again, there would be a star showing during the majority of most people's browsing sessions.

    If you are a Paypal user for example you are likely to have Paypal bookmarked or at the very least you will probably visit it regularly. If some website or email links to a fake paypal then when the site loads the star will be missing from the adress bar field since it will be the first time you used this new site. Hence it is easy for the user to see something is wrong. Hopefully users would get used to the idea that there favourite sites always display a star in the address bar, so this would start to be obvious.

    Maybe it would require educating the users about what the star is and why it appears there but this had to be done when the padlock was first added to the browser. Though don't forget the Opera user base is that bit smarter than average! That is why they use Opera in the first place. I reckon this is intuative and would pick this up in no time. Also you have already done some of the hard work since Opera are already using a star to indicate a site that the user frequents (in Opera 8 beta the top ten are shown by clicking on an orange star in the drop down from the address field and the bookmark icon has a star associated with it).

    It does not solve all issues but it makes it a damn sight easier to pick out when you are on a fake version of one of your favourite sites, which is the main issue as far as I can tell. Furthermore it does this not just for the IDN issue but also when fraudsters subsitute ASCII characters (e.g. '0' for 'o').

    I haven't patented this one. You are free to use it! πŸ˜‰

  2. I don't know about you, but I hardly ever use bookmarks, and I have a feeling that a lot of people don't. Relying on something which a lot of people don't use does not strike me as a good idea…

    Add to that that all these "indicators" rely on the user to make informed decisions on whether to trust something, and you have a problem. How many average users will understand all the indicators and codes? I don't think they even notice them.

  3. Another typo "Opera, The Securestest". Wow, you guts must really be working around the clock on this one. πŸ˜‰

  4. Opera should make the disabling of IDN possible for its users.

    Firefox/Mozilla have this option available.

    IE is available without IDN or with it (via plugin).

    In other words, the other browsers give users options.

    With Opera, one (English-speaking users I'm talking about primarily and obviously) is stuck with IDN and the resultant vulnerability.

    Opera is the least flexible of all for the moment.

  5. Does it mean that we won't have hyperlinks anymore? How are we going to surf the web? the whole point is to be able to click a link to go to another page on the web. What about people who have difficulties to type?

    I need to know more details here!

  6. Disabling IDN only solves the problem if you don't need anything but ASCII characters.

    As far as I am concerned (speaking on behalf of myself, as this is my opinion – I have no idea what others think about it) it is a non-fix, because those that know about the fix know about the spoofing to begin with, so they will be aware of it. The people who would need to know about this setting won't know about it.

    One should also consider that the US is not the only country in the world… Maybe IDN doesn't mean anything to you, but it does to millions of others.

    I agree that we need a solution, preferably very soon. But this setting will only solve a symptom, not the underlying problem, and it won't help at all to most users, as they have no idea that this kind of spoofing is even possible.

    The satirical press release in this journal post is obviously overkill. Disabling IDN is either of very little use (if it is on by default, as those who need it won't know about it anyway), or overkill (if it is disabled by default). But requiring users to enter URLs manually, rather than clicking links, would actually be safer than just disabling IDN… As you can see, we need a good solution here which takes more things into account than just getting rid of something which can potentially cause problems.

    Rest assured that Opera Software is taking this very, very seriously, and our people are looking for a real, working, permanent solution. I am not saying that temporary solutions like disabling IDN won't be possible (if anything, just to make people feel better). I am just saying that this is a bad solution in the long term, and doesn't really address the core of this issue.

  7. For English-speaking people worldwide, the option of disabling IDN would be most welcome.

    That's what I said the first time, and I am saying it again.

    For those who want IDN, they can have it.

    Why is making this optional not preferable?

    The knee-jerk reaction to somebody suggesting this No-IDN option exist that it represents some pro-USA-only bias is unkind and wrong-headed and somewhat condescending.

  8. As I said, I cannot rule out the possibility of an option like that (it's not up to me), but in my opinion, it doesn't really solve anything. I am just sharing my own opinion here, remember.

    I do think I explained why I don't think such an option would really solve anything:

    – Those who need it wouldn't know about it.
    – Those who know about it know better than to click links to their bank (or similar) from a "bad" site.

    I think all efforts should be spent on finding a better solution which takes the entire world into account, and which actually solves the problem, and not just a symptom of it, and where the cost is too high as well.

    But it is not up to me.

  9. Well, I'm glad they finally got rid of that annoying "hyperlink" functionality.. That thing is the tool of the devil, and I'm glad to see Opera is doing something about it. Now I won't waste so much time reading the wikipædia.. Thank you, Opera Software, for always being the leader on innovation! :happy:

  10. Wel, I'm confused. You man that you do not like to have to click a link in order to visit a page and that you would rather type the url yourself? The whole idea of the www is to interact with (click on) a 'word' (can be an image or other object) that leads you to a related document. I could go and check for Tim Berners Lee own definitin but I think it's pretty close to that.
    I like to navigate from a page to another with the tip of a finger. I will not type http: //my.opera.com/haavard/journal/32/reply/7703 to see what's on a page. I'm a lousy typer and have other things to do.
    So, unles you were being ironic, I do not get your comment and I will reserve my opinion about Opera's suggested solution until I see more information. However, I'd say that disabling hyperlinks is akin to disabling the web and doesn't sound like a good idea.

  11. My Idea for a short term solution:
    Some visual indicator like some menacing looking icon next to the padlock. The first time (first time for every user profile) this icon appears it will come with a big pop-up explaining what it means. The pop-up will have a check box []dont show this message again. After the pop-up is turned off, it won't open automaticaly but clicking on the icon will bring up the same message.

    This solves 2 main problems:
    1)New users need to know what it means.
    2)Veterans have a visual indicator that isn't overly annoying.

  12. I found a different typo.

    With SpoofProof(TM), Opera has not only addressed this spesific issue, but they have also solved any future spoofing problems that may arise.

    That should be "specific".

  13. > disabling hyperlinks is akin to disabling the web

    Yes… Similarly, disabling IDN is disabling many pages, unfortunately 😦

  14. For a good non-satyrical discussion of spoofing (this IDN thing is only one of 6 possible spoof-attack vectors) see

    http://www.gerv.net/hacking/security/phishing.html

    The suggestions found at the end of the article are not easily implemented though.

    I'd hope people here are not thinking that the web is about to collapse right now. For one thing, as MSIE doesn't come with an IDN plugin by default, and in the ASCII-speaking world this is unlikely to be installed, there is little incentive for criminals to actually use this attack,

  15. Hate to tell you, but if you do your homework – on or off line) you will find Firefox, not Opera, has been declared the most secure browser….hate to burst your bubble!!

  16. Hate to tell you, but Opera has fewer unpatched vulnerabilities than Firefox, and fewer vulnerabilities reported in 2005 πŸ˜‰

    "Firefox, not Opera, has been declared the most secure browser"

    Declared by? The Tooth Fairy? πŸ˜‰

  17. Odd that you would think that most people don't do what you don't do. What, did you take a survey? πŸ™„ I mean, are you the end all to how we should use computers? :irked:…who wants to waste time typing addresses all the time? AND…isn't the idea behind saved sessions in Opera (considering the effort to write the code for it), that you would use those for pages you 'hang' on? πŸ’‘

    People pay more attention than what you think…or do you think we are just a bunch of non-observant dumbies? Why in the heck did we get Opera in the first place? Because we're numbskulls? I think not. 😑 Sheesh! Listen to people, would ya? ( :zip: ) Umm…I think the fact that someone mentioned the idea surrounding bookmarks is because WE USE THEM!! :sherlock:

    Ok, see ya…:whistle:

  18. Well, I'm glad to see you admit the truth… :hat:

    "I have no idea what others think about it" :eyes:

    Now, if you ask them, maybe you'll find out… πŸ’‘ :up:

    :left: :right: 😎 :coffee:

  19. Small-minded Mozilla mocked by wider world
    (http://www.theregister.co.uk/2005/02/25/mozilla_nixes_idns/)

    Quote:
    An exuberant Mozilla Foundation has been brought back down to earth with a bang by the world's internet organisations.

    Flushed with the success of its Firefox browser, the Foundation has clearly come to believe it is an important voice in the internet community. But following a hasty decision regarding the resolving of Internationalised Domain Names (IDNs), it has been publicly criticised by the groups representing domain registries in both Europe and Asia, as well as the US-based internet overseeing organisation ICANN.

Comments are closed.