Opera developers explain why malicious "update" wasn't detected
Posted on 28 June 2013.
Opera Software has finally come out with more details about the recent compromise of its internal infrastructure, the theft of an expired code signing certificate, and the delivery of malware signed with it through the auto-update mechanism to Opera users.

Opera employee Mark 'Tarquin' Wilton-Jones took to the comment section of the original breach notification and has shared that:
  • Opera 12 source code was not stolen
  • The malware did not affect the Opera installation itself
  • The certificate used was old and expired, but the checking of the certificate is controlled by the OS, not by them.
"Unfortunately, not all versions of Windows check the certificate, and some users may have disabled the UAC protection," he noted, adding that in the future it would certainly be possible for them to run their own checks on the certificate of downloaded autoupdates in addition to those imposed by the OS.

When asked why it took them a week to notify potentially affected users of the breach, Wilton-Jones explained that it took them some time to determine the extent of the attack and what had actually happened. He also noted that they hoped to follow the notification with the release of a new version of Opera, but that they still haven't managed to do so because of technical issues.










Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //