Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Opera Battles Spoofing in Latest Beta Release



 By: Matthew Hicks
2005-02-25
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
To tackle security concerns, the Web browser displays certificate information and limits the use of internationalized domain names.

Responding to the rise of a spoofing flaw in Web browsers, Opera Software ASA has released a second beta release of its next browser with extra security features.

The newest Opera beta, made available on Friday, prominently displays certificate information about Web sites and only supports Internationalized Domain Names (IDNs) from domains that meet Operas antispoofing guidelines, the browser maker announced.

The latest update follows the release of the first beta in December. Opera had been on track to call the updated browser Opera 7.60 but later changed its plans. It is still determining a name for the new version, which includes such new features as voice-activated browsing and support for RSS and Atom feeds.

A flaw was discovered earlier this month in Web browsers that support IDNs. Attackers could exploit the non-English, localized versions of Web addresses for spoofing and phishing attacks.

Resource Library:
The problem affects most non-Internet Explorer browsers, and earlier this week the Mozilla Foundation also issued an update to the Firefox browser to fix the IDN flaw and other security issues. Also with an eye on security, Microsoft Corp. earlier this month shifted course by pledging to update IE to Version 7.

Click here to read more about Mozillas security efforts.

Opera is taking a two-pronged approach. First, the beta displays security information within the address bar, including showing the name of the organization that holds a sites digital certificate.

"One of the most important measures to counter phishing attacks is the use of security certificates," said Christen Krogh, Operas vice president of engineering, in a statement. "The challenge for the browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions."

By clicking on the bar, a user also can assess a certificates validity further by viewing such information as its encryption classification and protocol, the certificate issuer and the certificate start and expiration dates, according to Opera.

In a second step, Opera has created a white list of top-level domains that meet its criteria for IDNs. Right now, the Opera browser beta supports 11 domains, specifically the country codes for Norway, Japan, Germany, Sweden, Korea, Taiwan, China, Austria, Denmark, Switzerland and Liechtenstein.

Opera plans to continually update the white list as domain registries meet its requirement of having implemented anti-homographic character policies or another way of limiting the available set of characters, an Opera spokesperson said.

Opera reaffirmed that is working to bring together an industry-wide group to prevent the use of IDNs for spoofing attacks.

"The IDN problem is not one that can be solved alone," Opera said in its announcement, "but rather together with other browser vendors, domain name registries, certificate authorities and other members of the Internet community."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Opera Battles Spoofing in Latest Beta Release
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matthew Hicks
 


x}kw89v2Ei;Rlɱ-c)wR$$M#'{Oo*|AIvɱ-DU* wAȅ=!]ǘ[cSݣw&$5]4i= ɑԫ 9S]MHwW3fөP/a᳑(,1P:x }3~bA2xFaiHl6XBRN`^<\yyN ]tQV_սkYoAבN6O) |@ɠi!Zdq=}9ef42ۼMYnU\>TkqZJ{Q>oچs[=0q*sܼϿ/ EU ns~#GA GfmGkh[N"ijQ=vN{ـ\>/.ɣ N|'k[?0Q\&*+Jx,/B.rM7JQr+aQ-jR;֓,f3} 3+i3YN:AK~6/NMN OfٚY JdTY1LUYsYڟ:>gg:Qڟm3HokCp=['{:$?,rG=jiT%%VtMԺxr9%9Io? `lDmYܾ̑\RyǛȃka)XY|Dͼ94oߦAf@w[@(+:YKS703hKs;nZK0[=RFp\ Дa#xdMab&DJH7Q 6)`Iz/(AM/- 5|*\($ٛ"G;z̈+\R@3Al8{Ø*^*뻹(-j\'֛esJVt];7Eя0-px=i_.=mm+>cq4Y`A-. :zStTt oR7KT,*_*&rO f[Ԗ-Pò˔A >NfI|F s>4N< EC!ɠڴb{\fS4!E&MЀ_`;^h>[W <[ KpA}x3z&z4mP`95$&CMߟ̀s#08w ɝ 5y0ݻ#i`y1&բ !Tg ,Zu= } wA,߃9#iL L<ģ\>x?ɜ+) 'C/0tKt=JI # EEKy3@ $h5N`z< $azGBJe6Os@PG҅3qJP.τRZ z)0ٜʬ$5Mu]_ ȉ#m"0%X Z ϴjԭeRp|:IoB{<6u0uy=A-&)# K8Y fsq=7c@Cyw;Jz00ӊYsξS s> `H]7m(tsfڰ`DWjm>!4ÃiА4XԹǦYg5׵Lj rG%׽ql9an5ډ<\y͏3@}(N5i:ܑ̯-ӾZ2߄V 9uC \D r}͚X 4ؐ|&BnMn^7&+V{rSIVT$V3Q2jӧNEۋ)I :3X-8G/4- 'ٲZrk%fcP.KúJJx ~7Bɶ/^[aa6EYQ^RKHD@CR)Ե aY^`(y1 Cx Ea҆CTCSs > *\T6))KaՂZ^Ϛe+ L 4/`* [0P.m^GgVީu<|꒾ij[C=<fRqӠEa)e ΤPLM>kQ@/ı``{s2rl\:55{qq8XZžtٔ/xMvpv G9Je!6c{ji=#Os=)W}B~*+BQQb?&I?րH{A2,e,rƎe9لAٌُ$ Ei.2<8Qo>U< ıLb0qqغeoX~?1Xe;;pM;~ 6AS-cfD[O3$!O^'JBOքk&.}yTc DA#E . ZC. m!X`j D"*U `n*vVѱ(թ%6=@,.&Dtl?`"#>}ڧnssQ*/KW3 R|OZV,֪15P+RjV{}|s??=edԌRp:1< _{wA~M4/}. A!m^:J{ds|eLZմlxTa<,I3$#v%*'L)`Ճ{3O\PvSmfS "9&Ԗswkq o8z~0GdݤS,Hɘ-qV#Y=w7ZAU[Mޭ쮫F'F voS(0f4Ӣ-Rxs޻e=UN_)"cqe@`L ؇^gm/JzX+*5E‡v1ር54u|8ڳ"ZJ5qvsTy9kY%f+aEL4=:]CYTy3is{9~>%Zȓ3w&J Ĵ\.[C5^(93F{ZtNd_&ȣɘ+ZN`e3hSYlpg=H]Ӟyu}|O>=aO#UIV:Mr&kA}kPow(*Kq3`93"豥mBtP+'& AA="Gwiŏ[o(5rv=G~T>UKKIպi2RKbU)<*쵊*9 ^  lZvXCKkpo= -2j>uR9,̖K%4e3/쌸-9DXegiəπ/PIN Rt48|㿜yQ$ !rz gn1~KAZ}j_iԎ8%4 \("{-~=`rr(SJ%M'i&. [5Kb/RJ<:<Qd:Y$yYIzJ,RTeD$SQSKFI39uޞ-Hy=@İ&{6wg^%J$h dgKe 3 KqkP i"+ `->ϓgԢᬖ^}y;qG81  H tyDo7ۨ{.|ʜ(=}![3'Zxyu?qFΛ;za's ]sOA}i^wl'UzxZ J}~l/t6D(yWe{w#_ $]Bn/:L9zdM#}%3 =ћ4/ Zv| =OjTҟxU礻رR$w?9yGbZ5m}x/`@܂ו_dB}do;3 , VP*9` sɟ$fU8'8~/n!+렳*Bϝ{i,YMb[*n7gwK89҄e}IHP!;G 到>CZ$)-;o]0U|=^iteaYH'-}}mLϹT&sLQ3solڌiv*b|iAg4 S6cWf?@(7xiK~mNgS􈸖f&wKJzJZu.[645KvI. vb'hhh 7 sHl!n/m»T=ACAƜN=gFSL^Xͱb^-ejwF6s#~Mos|0Y\YME[A1OGk a<@~.ٌqF nȱHvX\9;0XDVxE 䨭¤[{TbL-h"in[?XWu`M WHp6"F_֞~ym1OEu"@5 7-m֎0dTj`i\?a]uIX7{|56dV0o),Mtis61¥uց2 *|˾UJuXJFK8S\eH$Txq잉hƚo||% bV|ZbD#wG$%J|@"67L& C6._N OabNQ2(|nSz/LaXy ,3Ѱ+lߐ># jdM\"ū}A04w/5OscbNq 3Btϡ6k84R_{tLN%%?VPso6:l[-0V'Eѹz\\fF9wt)۬R;P3;2|6MLzl~Joif-2Ěa+IiqlrJ.3&e)-~Sx3R >o-'j z[ |xO 8wi)@QI~j~~//u~a VK+`4-kw2О$oJ#}\C$&pP]}zUcx c*>4U 64}et#Hi1tq*o( j`܀ӶWZ?:?5/Ӑ43qCb$J❥C?C* O2ŋIOYl /Jqìfm긯 7]>Lǔu{Qg9Ä&N?I5?2OX''d\?O&x8n A =$P+;:iayœ{Uq~O\ݢ+=5t݈9ȫJmۏof DQ= )U@,9"*>dɟS]Će讬G*x|ep'H'*t7>y*1^^rjwj$?5\~5tMэ%; Փ>-,b'c0O\no\VKZ%y[G4x kHzg@挧6dO}TK;\I`m3y~xOZAؿ˜zpҸFUFq,b /Í̯0޻K{9q[I{u >dfG9_aci7t 16)t|HI -gwQΗ'b^m90؞˜:Qvw_a=eE&d[j ilwAy$%nS#9l6a ZZ]N#e+WQi79*1f=0N)kO@vʹ*F6#ZMik8l4ƿJ< EٚP~f1 Ƅ[)RUfwܠeȃ5T?0м~#n+j8'Y75 oEUPq8AnK]ʹX( 7]dkV0'qGC7)bE-M<I5fـjE~E:td´~NP8ԓU= kK8C: roEVIz# ,Ő?ZEDW# `>: I͎?4;}ӿh>zx d!?:s&2ӰCߑ7eHG~S3y9asH ](Kgn(gc'@YxҗH- rt]\VP*@J>SiAm??&­!RF·:ms Xh0usXc R}V-xm)lD >dfBKl͒w\j:rtT b8+M4?3,ȏ݃Klݜ(83Zi$P!%h$bc<=9a1nX- =H?%1btu;5u_F`p3W .Ԕj> MZ E>gDdwY)|.OO99e1 =M蕴B^Șp~;v@|ç6#&To`9ͫwM&'^/#A֊_ԝ^iY}uݹk`&hT_ me |Q);OFYm3;eNq(gڃE BW,xjE^/JMi$: lGyїU1zS_&鏉LBfuljom9 go|u3_.9u ΧA9^Z+!PU9imn8~(hOu.۹FhRZEFPsF/PKF5_/?m63{P(GN/o ZS(?]_~9ˠחwrN+2ʡsQd~s?3^_~/2lfOf,@n}@n}7.g7? D(?A2ʻP(K ^~e+ W33  # 埲O}}ʠ dd  M%:Iʘ!g+\8=r ds ~)W@_dկu"[~|^y}³2Sw١Gh/O WX-Jbġ${yx1 _}=xC/Ou>O?^wҾl^ =Ջ쓥=u}ςoDV)pF ;F^a%1zI\0vZ{h+ 7\1"ބ% jPL ;I*V*r;~O+F"ðD~ *+P#}a`J\L3B /(@#غM{%}C3<8fȳRLq u+k %<mn;J +c>>V7/tj^"_v3:mc(27 J,5{3ЫD@.^sLn|L:AÆj/XbKZ;c`\;=1gjy }dy0\9Khwקz4}z<8ѾgL=[ ot^}FL% .LESzq;b O"| "e*1Ã6fA Qk`V{Ϲr-#6O,UE,%wB.:P'GkV`ػ l>`3E(s1{}< (lui|'`qevnX?ap[NdZ)E|5wjIb*&f\c7]b~K5 D 9bK o1LM:RjxrBLr$Ҵ CeF`O]WnBaIg i=g 6{N> a 0'VbgH ^ Bc M=X`#ǹ~rh`=E(g]k|\k,!#1苌Y MЦ O\B8̈́N`'8Ǧ e4:/X9VF \1PSFӹ"}ǚ X?(xcÏ,?hPMP"Sqm$!3qps4FY{N6 )4Mϫ΢R$=[w:W*aʹD.vkVA>D;Oulם@ P⁜2ћ[ԘPWԕU`g#~"3V[œA6h4M(Dْ0F=5}^nT0] r@c["]&\f\jџfL.ѮBTnbbqY;g;KMlZomȉ(l}jg͜ ŧ3W<2JP/ɬq;Y?] m-p$xi7{|vJk3RpCV)tO!?CNt3BB %K@44W q얢UnDl`a^n1n,ـ9&@ /lr=Vc:p3z vQmQ-xaW:~n`P{zwn}c\:1V`]cűWUl g)C2^#s!oYX&7ęV /kti( aaXI*g\`8ZQ|ڻ]`[^zd֊V&|ƷZ2cˤ_ lI