Opera users might want to upgrade

[Paul Adams]

http://www.theregister.co.uk/2004/06...cuts_phishing/

Opera has updated its browser to prevent its software been manipulated by would-be fraudsters to display a fake address to surfers.

A flaw in the "Shortcut Icon" feature of versions of Opera prior to version 7.51 made it possible for phishers to fool users into believing that they are in a domain they trust (their bank, web-mail, etc) while serving and receiving content in a hostile domain.

This alone, however, is not enough, as it will cause the real address to appear to the right of the fake address. Unfortunately, this protection can also be circumvented by tricking Opera into showing the right-hand side of the attacking URL, while filling that side with spaces.

The vulnerability opens up a mechanism for identity theft, credit card scams and more, according to security researchers GreyMagic Software, who first discovered the problem.

GreyMagic informed Opera of the vulnerability on 19 May. A new version (7.51) was released today (3 June) to address the problem.

Personally I use MyIE2 and I get the impression a lot of people here use Firefox, but I think there may be one or two of you using Opera.

[Stubzz]

Yup already upgraded here. Nasty little trick, it displays the 'incorrect' address in a picture that acts as the icon. Neat.

[arsen]

oo ty opera is win, not upgraded though :s

[BUFF]

I upgraded whilst it was still beta
However, whilst proof of concept was demonstrated no known use of it for real & patched within 2 weeks - lets see MS beat that.