Glad I stopped using Opera! Could Opera Unite be .....

[Night Hawk]

:shock::shock::shock: You saw the title! This is in regards to the latest Opera 10 no Doubt. As the title goes:

"Could Opera Unite be a botmaster's best friend?

Opera has added a lot of cool new features to its upcoming Opera 10 browser, and one of them is almost sure to catch the eye of cyber criminals.
It's called Opera Unite, and while Opera promotes it as an exciting new platform for next-generation Web development, some security experts say it could become the botmaster's best friend.

Opera Unite lets anyone run a Web server from their desktop. The browser connects to an Opera proxy server, which then allows the browser to serve content to the rest of the Internet. This simplifies things for home users who want to host their own Web pages; with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.
But it also makes a precious resource more readily available to the bad guys.

In recent years, hacked Web sites have become the fastest-growing way for criminals to spread their malicious software. They have developed automated Web-hacking code, such as the recently reported Gumblar program, that can quickly hack into tens of thousands of Web pages in just a short period of time.
With Opera Unite, they may suddenly have a whole new crop of computers to attack.
Unite was just introduced as part of the Opera 10 beta this month, but it's only a matter of time until the criminals start playing with it, according to Don Jackson, a researcher with SecureWorks. "Bad guys always need Web servers," he said. "Anything that runs a Web server is prone to attack."
But because Opera Unite runs on the desktop, it may be easier to hack than most Web servers. "In this case it's a little worse, because instead of a machine that's managed in a data center, you may have someone on a machine in a hotel network that has no firewall on it," Jackson said.
Opera attack code is already included in the majority of browser attack tools that Jackson has studied. With Unite, he expects the hackers who write browser attack software to pay even more attention to Opera. "I think there will be a push to keep your exploit kit in marketable condition by developing exploits for Opera 10," he said.
Opera says it will monitor sites for malicious or inappropriate content, but Jackson says it will prove extremely difficult to police content that's being served by smart hackers. They may, for example, send Opera sanitized versions of their Web pages and reserve the malicious stuff for all other visitors."

Page #2 continues on this at Could Opera Unite be a botmaster's best friend? - Network World

Just what we needed to hear! While MS has been working to see IE 8 far more secure then it's predacessors like IE 6 being a magnet for every trojan out there one of the more popular alternatives isn't doing so well! One has to wonder how Chrome and FireFox will do knowing that FF has also been vulnerable to malwares being a popular browser there.

 

[jw12345]

I admit that I've yet to play with Unite, but it isn't turned on by default, no?

Of course there are security implications with running a glorified mini web server from your home connection, but your title makes it sound as if Opera users were more vulnerable and should move away from Opera because of this new option.

 

[Night Hawk]

The conclusion of that brings up the "sandbox" which is supposed to be somewhat like running things in a form of virtual environment. But that also brings another point as well.

"
Opera says it runs Unite within a "sandboxed" environment, which should make it hard for people to jump from Unite into other parts of the PC's file system, but the company doesn't say what steps it's taking to prevent hacked PCs from misusing the service.
A company representative couldn't immediately comment for this story on Friday."

That also includes the link for the Faq page at Opera seen at Opera Unite frequently asked questions One question there brings up the matter of security and cautions about providing any sensitive data.

"
At Opera, we take the security of your data very seriously, and we are very proud of our consistently solid reputation for security. Our experience in the Web browser industry enables us to know the risks and design our products to ensure that they are as safe and secure as possible for you to use.
Opera Unite services run in a very secure "sandbox", where only the files or folders you select can be accessed; nothing else on your computer is accessible. Be aware that when you share a folder on your computer, visitors can access all of the content contained in that folder, including sub-folders. If you do have any concerns, follow the tips in our Security and Privacy tutorial, and, as a general rule, avoid sharing highly-sensitive personal or financial data."

 

[jw12345]

I mean, I understand why this is a problem. However, I do not understand why you titled this post "Glad I stopped using Opera!" Opera Unite isn't mandatory, is it? If not then your title doesn't make much sense as Opera users are in no way compromised unless they specifically opt to run the server from their computers.

IMHO, I don't see Unite catching on though. In the US, uploads are heavily limited and PCs aren't left on all the time. Not to mention, serving content from a PC is against many ISPs TOS. I don't see the market for this.

 

[MadMax]

isn't the title a bit exaggerated.unite is as volunarable as any other new technology,so meh

 

[Night Hawk]

I had been using the last few versions of Opera as the IE alternative. In fact the 9.63 and 9.64 releases are still backed up here along with Chrome which had replaced Opera. for a period of time until the RCs and the finished IE 8.

With IE 8 on both the XP mode and Vista run on a virtual HD as well both Opera and Chrome ended up being pushed aside to work with IE 8 on all three. I was pondering on taking a look at the next release of both until running across this.

 

[MadMax]

hmm if it bothers you that much don't even look at the unite icon
plus the beta looks way nicer than 9.64

 

[Night Hawk]

Bothers me??? naaaa.....! The drives here are setup with everything being temporary until 7 is out anyways so if...?

 

[MadMax]

didn't get you lol

 

[Night Hawk]

That's easy enough to consider. If something gets bugged I simply wipe the drive without fuss! I've done that enough times for other reasons like custom boot setups. Besides Opera 10 is still in beta form at this time. Opera Browser | Faster & safer Internet | Free Download

 

[MadMax]

yeah i know,but the skin is just adorable though

 

[Night Hawk]

The browser icon remains the same for the 10 beta. There's more room seen on the personal bar over the IE Favorites bar or FF's and Chrome's Bookmarks bars.

 

[Lee]

I understand what you are saying, however, the average user probably doesn't even understand what Unite is, or will ever attempt to use it. As far as Opera the browser goes it has been on all my computers since 2001 when switching from IE 5.5. In fact I started using 10 when it was still in Alpha mode. IMHO Opera is the best browser I have found—now that not saying anything against the others; to each their own.

And, as far as Unite goes it will probably not see the light day (or the dark of night) on my computer. Like you all I see is a nightmare waiting to happen. :huh:

 

[Night Hawk]

Generally it wouldn't be the browser itself. The main vulnerability that could be exploited with the new Unite feature itself is the main concern. That would tend to place any network setup at risk with the remote server on your desktop option seen with that.

For simply using Opera as an alternative browser(espeicially prior to IE 7!) you wouldn't generally be hit with adwares, spybots, trojans as you would have with IE 5+6. On the other hand given time any browser can be exploited. You now hear about trojans written for FireFox while everyone thought that was 100% fool proof!