Archive

Archive for the ‘Security’ Category

10 years of SSL in Opera

April 30, 2007 4 comments

April 30th, 1997 was the first time Opera’s SSL implementation completed a full transaction.

Opera’s Yngve Pettersen (who is one of the first Opera employees) just blogged about some of the technical aspects of implementing Secure Sockets Layer (SSL) support in the Opera browser. SSL, in short, is the means which provide the secure communications over the Internet.

In addition to the history on Opera’s support of SSL, Yngve also explains the future of Opera’s SSL/Transport Layer Security (TLS) implementation.

(Read more)

Categories: Desktop, Security, Standards

What percentage of known security bugs in browsers are actually fixed?

January 30, 2007 15 comments

Well, if you’re using the Opera browser, then 100 percent of the reported security bugs/vulnerabilities were fixed. In fact, Opera is the only browser (among the big ones – Internet Explorer (IE), Firefox, and Safari) to have patched 100% of its known security bugs, according to Secunia, a site that tracks security vulnerabilities in various applications.

Ben Buchanan, on his blog, wrote about this a couple days ago. He compared the patch rate on security bugs in the four major browsers (IE, Opera, Firefox, and Safari).

Browser patches between Feb 2003 and Jan 2007:

  • IE6 – 67% patched (out of 110 reported bugs).
  • IE7 – 25% patched (out of 4 reported bugs).
  • Firefox 1 – 87% patched (out of 39 reported bugs).
  • Firefox 2 – 50% patched (out of 4 reported bugs).
  • Opera 8 – 100% patched (out of 15 reported bugs).
  • Opera 9 – 100% patched (out of 3 reported bugs).
  • Safari 1 – 93% patched (out of 15 reported bugs).
  • Safari 2 – 33% patched (out of 6 reported bugs).

Here are some snippets from the blog’s conclusion:

“Well, one clear thing is that Opera is the only vendor with a 100% patch record according to Secunia. Opera is also the only vendor that maintained its patch rate between versions – in fact you have to go back to Opera 6 to find an unpatched advisory (and there’s only one).”

“So at this time Opera wins the patch stakes. The argument can be made that Opera attracts fewer attacks due to small marketshare. That could be true – there’s no way to truly know, since malicious hackers aren’t polled – but when I’m doing my banking I don’t care if it’s true. I just care that my browser is secure; and Opera currently has the best record for fixing security issues.”

These results clearly show how Opera has its foot on security. The big question is, however, whether Opera users are updating their browsers with the newest security patches.

Most of the people who visit Opera Watch use the latest versions of Opera — some, like myself, even use the latest weekly builds of the browser. (If you haven’t noticed yet, you can see for yourself which browsers people use to comment on the blog posts here.) But obviously the Opera users who visit my blog don’t represent the typical Opera user. Most of the visitors here are tech savvy and stay updated with Opera news. What about the millions of other Opera users who don’t read Opera Watch? 🙂

Last year Opera added the functionality to the browser to alert the user of a newer available version (yes, Opera had it before Firefox did). This was a step in the right direction, but as I’ve mentioned many times before, there’s much more that needs to be done.

I would like to see an Update Manager in the browser (Read: Where is Opera’s Update Manager?), where it will automatically download and install (with the user’s consent) all updates, just like Microsoft does with Windows Update. Firefox already has this; I wish we would too.

It would make it much easier for non-savvy computer users to upgrade Opera. In addition to that, I bet many of you would have an easier time telling your non-techie friends to install Opera, if you knew the updates would be done automatically. This is something that has been bothering me for some time already.

Last year I installed Opera on my grandmother’s computer, she recently told me about the window that keeps on popping up every so often telling her an update to Opera is available. She always clicks “no” to the question of whether she should “manually” download the update. Had there been an option in Opera to auto-update, I would have done that for her – she wouldn’t even know that Opera is updating.

If you’re not using the latest version, what are you waiting for? Get the latest version of Opera. Now!

(Tip: To check whether you’re using the latest and greatest version of Opera, in the menu bar click on ‘Help’ and then click on “Check for updates”.)

Categories: Desktop, Security

PC World says Opera is safer than either Internet Explorer or Firefox

January 25, 2007 4 comments

In a recent issue of PC World magazine columnist Scott Spanbauer wrote about the importance of staying safe online while browsing. Here is what he had to say about the Opera browser:

“While no software is perfectly secure, many experts (including me) think the Opera browser is safer than either IE or Firefox.”

To be fair, it sounds like he’s basing it on the fact that Opera has a small market share, and thus malware authors aren’t targeting it yet.

Categories: Desktop, Security

New Opera 9 'exploit' un-exploitable, according to Opera

June 23, 2006 7 comments

It didn’t take long for a public ‘exploit’ of the new browser, Opera 9, to be made public.

The exploit, or rather a proof of concept, was discovered by researcher Povilas Tumėnas, and posted online the day after Opera 9 was released. According to the researcher the ‘exploit’ can be used to create an out-of-bounds memory access.

I’ve seen and tested this ‘exploit’. The browser crashes when a page containing the ‘exploit’ is loaded.

Opera has already analyzed it, an Opera official told Opera Watch. “It is absolutely un-exploitable.”

“The reporters didn’t bother contacting us first to discuss it (which is standard practice for security researchers) or we could have informed them that Opera crashes reading memory, not writing, and thus it’s guaranteed to be a harmless crash.”

This problem still exists with the new Opera 9.01 weekly build that was released today. I’ve been told that it will be fixed in an upcoming browser update.

Categories: Desktop, Security

Opera fixes Flash vulnerability, Gmail with Opera 8.54

April 5, 2006 12 comments

Opera today released an update for the desktop browser, version 8.54.

The update includes a fix for the Flash vulnerability in the Windows version. Opera 8.54 also fixes the problem with e-mail messages not opening in Gmail correctly.

Download Opera 8.54

Categories: Desktop, Security

A truce in the browser wars for the sake of security

November 23, 2005 4 comments

Here is a follow up to my previous post about the major browser venders getting together to discuss browser security. The Opera developers who attended the meeting just wrote their take on the matter.

Here is a snippet:

“It’s good to see all of us put aside our marketing wars for a few days and get down to what really matters: making the Internet a safer place for the people who use our products, whether its Opera, Firefox, IE or Konqueror. The onus for end-user security increasingly rests on the browser vendors. After all, it’s our products that stand between the scammers and the scammed.We can compete over so many aspects of our products, but security at this level requires cooperation and collaboration. And by sitting down at the same table, we have done more to enhance the security of the Internet than we could competing alone.”

Categories: Security

Security updates force Opera to release version 8.02

July 28, 2005 6 comments

Opera released an update to its Opera 8 browser, version 8.02.

In this new version Opera fixed multiple security holes as well some minor browser improvements including better support for AJAX.

These security vulnerabilities were discovered by Secunia Research and were made public today — the same time an update was made available by Opera.

This version doesn’t contain BitTorrent support; Opera felt it needs more testing before it adds BitTorrent support to a stable release of Opera. A few weeks ago Opera released a Technical Preview version of the Opera browser that contains BitTorrent support.


ChangelogDownload 8.02.

Categories: Desktop, Security