Opera Battles Spoofing in Latest Beta Release

By Matthew Hicks  |  Posted 2005-02-25 Print this article Print

To tackle security concerns, the Web browser displays certificate information and limits the use of internationalized domain names.

Responding to the rise of a spoofing flaw in Web browsers, Opera Software ASA has released a second beta release of its next browser with extra security features. The newest Opera beta, made available on Friday, prominently displays certificate information about Web sites and only supports Internationalized Domain Names (IDNs) from domains that meet Operas antispoofing guidelines, the browser maker announced. The latest update follows the release of the first beta in December. Opera had been on track to call the updated browser Opera 7.60 but later changed its plans. It is still determining a name for the new version, which includes such new features as voice-activated browsing and support for RSS and Atom feeds.
A flaw was discovered earlier this month in Web browsers that support IDNs. Attackers could exploit the non-English, localized versions of Web addresses for spoofing and phishing attacks.
The problem affects most non-Internet Explorer browsers, and earlier this week the Mozilla Foundation also issued an update to the Firefox browser to fix the IDN flaw and other security issues. Also with an eye on security, Microsoft Corp. earlier this month shifted course by pledging to update IE to Version 7. Click here to read more about Mozillas security efforts. Opera is taking a two-pronged approach. First, the beta displays security information within the address bar, including showing the name of the organization that holds a sites digital certificate. "One of the most important measures to counter phishing attacks is the use of security certificates," said Christen Krogh, Operas vice president of engineering, in a statement. "The challenge for the browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions." By clicking on the bar, a user also can assess a certificates validity further by viewing such information as its encryption classification and protocol, the certificate issuer and the certificate start and expiration dates, according to Opera. In a second step, Opera has created a white list of top-level domains that meet its criteria for IDNs. Right now, the Opera browser beta supports 11 domains, specifically the country codes for Norway, Japan, Germany, Sweden, Korea, Taiwan, China, Austria, Denmark, Switzerland and Liechtenstein. Opera plans to continually update the white list as domain registries meet its requirement of having implemented anti-homographic character policies or another way of limiting the available set of characters, an Opera spokesperson said. Opera reaffirmed that is working to bring together an industry-wide group to prevent the use of IDNs for spoofing attacks. "The IDN problem is not one that can be solved alone," Opera said in its announcement, "but rather together with other browser vendors, domain name registries, certificate authorities and other members of the Internet community." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Matthew Hicks As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel