| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Opera vulnerabilities |
From: "Rich"
This is a multi-part message in MIME format.
------=_NextPart_000_0067_01C58470.DFE0C360
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Your claims conflict with reports from secunia such as =
http://secunia.com/advisories/15488/ which states
Secunia Research has discovered a vulnerability in Opera, which can be =
exploited by malicious web sites to spoof dialog boxes.
The problem is that JavaScript dialog boxes do not display or include =
their origin, which allows a new window to open e.g. a prompt dialog = box,
which appears to be from a trusted site.
Opera had a vulnerability explicitly targeting address bar spoofing. =
From http://secunia.com/advisories/11532/
Secunia has discovered a vulnerability in the Opera browser, which can =
be exploited by malicious people to fake (spoof) information displayed = in
the address bar.
And other at http://secunia.com/advisories/11901/
The issue may be caused due to a race condition and will sometimes =
make it possible to display spoofed information in the address bar via a =
specially crafted HTML document.
Wait, there's another at http://secunia.com/advisories/12028/
bitlance winter has discovered a vulnerability in the Opera browser, =
which potentially can be exploited by malicious people to conduct =
phishing attacks against a user.
The problem is that information in the address bar is changed before =
properly loading a page
And another at http://secunia.com/advisories/12162/
bitlance winter has discovered a vulnerability in the Opera browser, =
which potentially can be exploited by malicious people to conduct =
phishing attacks against a user.
The problem is that Opera fails to update the address bar=20
So clearly your claims are inaccurate. Maybe you meant to state that =
current versions of opera threw a lot of spackle on the architectural =
security chasms of opera and how opera provides a high bandwith gateway =
to the heart of the OS. More likely you are just up to your typical = mike
miller propaganda spreading FUD.
Rich
"Mike '/m'" wrote in message =
news:3mgvc1le67479k4v72baee6vkfajvrhgro{at}4ax.com...
On Fri, 08 Jul 2005 20:10:07 -0400, Mike N.
wrote:
>On Fri, 08 Jul 2005 17:55:09 -0400, Mike '/m' =
wrote:
>
>>>there's no way to secure older browsers to the same level. =20
>>
>>I don't know if you should be so absolute.
>
> ... with qualifiers of course: same level with Javascript enabled, =
etc.
I still you are too absolute. For example, in my quick reading of =
the
article, one of the exploits was to place a nicely formed windows over
the address bar of the browser, blocking out the address. Opera would
open that window in a new tab. There is also a checkbox in Opera's
config that says to always show the source URL of Javascript boxes, =
even
when the Javascript says otherwise.
But my main point is that XPSP2 threw a lot of spackle on the
architectural security chasms in IE. I remain to be convinced that
other browsers need that spackle in order to be as secure as IE*. For
starters, on IE presents the hackers with a high-bandwidth gateway =
into
the heart of the OS. None of the other browsers are so intermingled
with the operating system.
/m
* - "as secure as IE", amazing that I could type that without putting =
a
smiley in there...
------=_NextPart_000_0067_01C58470.DFE0C360
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Your
claims conflict with =
reports from=20
secunia such as * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.