Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Opera network cracked Malware signed with copied certificate

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Opera network cracked Malware signed with copied certificate
Expert Contributor 27th Jun, 2013 18:17
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Last edited on 27th Jun, 2013 18:18

By Richard Chirgwin, 27th June 2013
Opera is giving users the standard upgrade advice after a successful attack on its network allowed evil-doers to copy a software-signing certificate.

As a result, they would be able to craft malware that would authenticate as coming from Opera.

In this blog post, Opera's Sigbjørn Vik explains that the software company identified and halted the attack on June 19. Although it's confident that “there is no evidence of user data being compromised … the attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware.”

Opera believes the impact is limited to “a few thousand Windows users” who may have automatically received and subsequently installed the malware. Opera directs users to Virustotal for an overview of which packages will detect the malware.

In spite of the reassuring tone of the post, Sophos' Paul Ducklin notes that the attackers apparently managed to upload at least one malicious file back into Opera's servers.

Opera says it is now working to ship an update of its browser, and advises users to install it as soon as it becomes available. ®

http://www.theregister.co.uk/2013/06/27/opera_netw...

--

mogs RE: Opera network cracked Malware signed with copied certificate
Expert Contributor 2nd Jul, 2013 11:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera 15 Stable July 2nd, 2013, 08:29 GMT · By Ionut Ilascu

The new Opera browser, based on Chromium, has reached a stable release. The full revision number is 15.0.1147.130 and it is the first stable release since the Norwegian developer ditched their proprietary Presto layout engine.

Users upgrading from version 12 of the application may think they’ve landed on fairly unfamiliar ground given the new design, but much of the old profile (passwords, cookies, user-defined searches, and extensions) is migrated into the new release.

Bookmarks are brought into Opera 15 via the importing tool which checks the old profile and offers the possibility to extract the links to the Speed Dial component.

However, the fresh build no longer integrates an email client; it is now a standalone application, but when installed it’ll automatically detect and import all the details from the old Opera 12 profile.

In the case of notes, though, Opera 15 saves them into an HTML file (called “Opera 12 Notes”) on the desktop. Opera Link users can still access synced information from the web interface; keep in mind that this feature has not been fully integrated in the new browser.

Additional hurdles when migrating from Opera 12 to Opera 15 touch on extensions, which may not be enabled automatically and turning them on manually may be required.

Also, you have to migrate your passwords manually by running the browser with the “--presto-master-password=<master password>” command line switch.

http://news.softpedia.com/news/Download-Opera-15-S...

--
Was this reply relevant?
+0
-0
mogs RE: Opera network cracked Malware signed with copied certificate
Expert Contributor 5th Jul, 2013 16:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
July 5th, 2013, 09:56 GMT · By Ionut Ilascu
Opera 12.16 Replaces Code Signing Certificate

Opera Software released today version 12.16 of their web browser, which includes a newly issued code signing certificate as a result of the recent security breach in their internal network infrastructure.

The breach occurred on June 19 and the company came out with the details last week, informing that the attack did not appear to have compromised any user data.

Instead, the attackers managed to grab “at least one old and expired Opera code signing certificate,” which was used for signing malicious code.

Opera 12.16 (which may very well be among the last revisions running on Presto) is signed with a new certificate, as well as Opera Mobile Classic for Android 12.1.5.

Updating to the latest version is highly recommended as the issue affects the browser for all desktop platforms as well as some mobile ones.

The Norwegian developer did not mention any other changes for this build.

http://news.softpedia.com/news/Opera-12-16-Replace...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability