30 Days to becoming an Opera8 Lover

In early 2005 there was a lot of news about a spoof that made it possible for a site to claim to be another site by using international characters which browsers would render as plain English. The most famous of these made it look like you were at PayPal via https! This was no ordinary phishing expedition, this could have fooled just about anyone.

The Mozilla folks claimed they had a fix in 12 hours. What they really had was a CVS checkin that would allow people to turn off IDN support. (So people would have to wait for the code to appear in a build and then manually disable IDN.) That was roughly the equivalent of saying that you had burglary-proofed your front door by bolting it shut. Sure, the front door is secure, but it’s no longer usable.

At the same time Mozilla released some public builds with a fix, Opera also released their response. Now when you go to secure sites (https), Opera will display the company name in the address bar:

Clicking on the padlock icon will also bring up a security report:

Sites which use low-levels of encryption are shown with a partially locked padlock. If you do not see a padlock or a yellow security field in the addressbar, Opera does not consider that site to be secure!

Opera ASA also said that they (or any web browser) could only be part of the solution. The main problem was domain registrars who allowed for these spoofed domains to be set up in the first place. And no browser can anticipate every possible scheme that will come along. Users will always have to take some responsibility for themselves.

Security experts will tell you that the best security is a combination of appropriate measures and ease of use. Opera’s response to the IDN spoofing attack illustrates their commitment to providing security and features (rather than disabling features to provide security, which both Internet Explorer and Firefox have done or suggested).

Master Password and other options

Opera has a few more tricks up its sleeve. The first is the Master Password. This protects you from unauthorized access to your email (assuming you check the box to use master password for email and wand). You ought to set this, if for no other reason than someone could come along, see that you did not have a password set, and they could create one for you! (Of course, if that happened to you then you need to ask yourself how they got access to your account in the first place, and you probably have more problems than just this one!) You can also set how often Opera will ask you for the master password. I recommend Once Per Session if you are disciplined enough to quit Opera when you walk away from your computer, otherwise I would recommend using “Every time needed”.

You can safely uncheck both of the other options (about submitting a form and validation). Neither holds a significant risk. I say that assuming that you would never submit a form with any private data on it (credit card information especially) except at a secure site.

“Manage certificates” and “Security Protocols” are also safely ignored. If you know what a personal certificate is, this is where you use it. If you receive a warning about having disabled security protocols for low encryption levels, click that button to examine the settings.

One more thing

You’ve probably noticed the trash can on the toolbar where the tabs appear. Clicking the icon will let you re-open previously closed pages. For maximum security, be sure to click on the trash can and select “empty trash” after visiting secure pages. We’ll talk more about security when we look at the Tools Menu, specifically the “Delete Private Data” option.

Note: There are some privacy options in the Network Preferences which you may also want to look at if you are concerned with security issues.