Office applications Toolkit

Opera fixes IDN 'vulnerability'

Munir Kotadia ZDNet Australia

Published: 28 Feb 2005 09:20 GMT

Norwegian software developer Opera released a second beta version of its browser on Saturday. Beta 2 plugs a recently discovered vulnerability that could be used in phishing attacks.

The problem arose because certain browsers support a standardised way of representing domain names in the letters or characters of any language. The Internationalised Domain Names (IDN) vulnerability, which affects non-Microsoft browsers such as Opera, Apple's Safari and Firefox, could help phishers create legitimate-looking Web sites.

Christen Krogh, vice-president of engineering at Opera, explained that when visiting secure Web sites, the browser will now display a yellow security bar containing the name of the organisation owning the site’s security certificate and only display ‘trusted’ top level domains (TLDs).

"One of the most important measures to counter phishing attacks is the use of security certificates. The challenge for browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions," said Krogh.

To specifically address the IDN vulnerability, Opera's updated browser will only display certain TLDs that have been registered with the company.

According to a statement from Opera, the company "will regularly update its list of trusted TLDs, ensuring maximum protection and the best possible user experience".

In addition to improved security, Opera has made Beta 2 easier to customise and added support for Atom newsfeeds. The browser is available for download from the Opera Web site.

The Mozilla Foundation last week updated its Firefox Web browser to fix the IDN vulnerability, among other bugs.

Is your browser vulnerable to the IDN issue? Security Web site Secunia has constructed a test that can check if your browser is affected.

Did you find this article useful?
99 out of 180 people found this useful

More In Office applications

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

Graphic/ Web Designer. Short term contract. Central Scotland

WEB PRODUCER

Change and Senior IT Auditor

Featured Talkback

Why do so many (virtually all) software packages think that they are so important that they have to be started automatically every time the computer boots? What is the largest number of "speed access", "update check", "camera download" and whatever other background programs you have ever seen running? Of those, how many did you really need?