Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Browser Insecurity Extends With Vulnerability Discovery On Opera

Idappcom : 27 January, 2011  (Technical Article)
A zero-day vulnerability revealed on the Opera browser demonstrates potential insecurity of any browser that is popular comments IdAppCom
Reports that the Opera Web browser has been hit by a zero-day vulnerability highlights the fact that all Web browser clients are, by their very nature, insecure, says Idappcom, the data traffic analysis and security specialist.



According to Anthony Haywood, the firm's chief technology officer, Opera is popular amongst users of smartphones and netbooks, owing to its relatively small footprint.



"Ironically, it's also been gaining traction on account of its less-than-mainstream status, which some experts have observed means that the software is less of a target by hackers and cybercriminals," he said.



"This reasoning appears quite sound, until you realise the world's Internet browser user base is now measured in hundreds of millions, which means that a client that accounts for a fraction of a percentage still means there are millions of users out there in cyberspace," he added.



Idappcom's CTO went on to say that the very fact a browser is low profile and has a select user base can actually make it attractive in the eyes of cybercriminals, as hackers can start exploring what appears to be virgin territory as far as vulnerabilities are concerned.



The most important thing to realise about Web browser client software, he says, is that it is designed to access a variety of Web sites, typically using Port 80 for regular HTTP access, and Port 443 for HTTPS access.



With so many IP ports available, this might sound a small IP profile to deal with from a security perspective, but the problem is that there are a growing number of non-standard applications that use Port 80 across the Internet, meaning that a Web browser client must be able to support these features, he explained.



Haywood says that this latest vulnerability - which some sources are reporting as a zero-day issue - allows potential attackers to execute arbitrary code remotely.



The flaw was discovered by French security researcher Jordi Chancel who disclosed it on his blog earlier this month, and classified the problem as an integer truncation error.



"Although technically complex, the flaw can cause Opera to crash, although the potentially silver lining here is that the address of the memory violation is reported to be unpredictable. This makes the vulnerability less easy to exploit from a hacking perspective," he said.



"Is Opera less or more secure than the other mainstream browsers? That depends on your perspective. The reality is that any software that uses Port 80 across the Internet has to be viewed as a potential security issue and users - especially IT managers - need to be aware of this fact," he added.



The bottom line to this latest browser flaw is that Internet software users need to install multiple layers of security defence, and ensure their software - and their security knowledge - is as up to date as possible."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo