Comments
By Roger Strukhoff
Richard Davies wrote: The UK has a good crop of technology pioneers in cloud computing - for example ElasticHosts, FlexiScale, Flexiant, OnApp - and also some strong government initiatives such as G-Cloud. We will have to see whether this kind of technical leadership converts into swift mass-market adoption or not.
Jan. 8, 2012 11:38 AM EST
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

SYS-CON.TV: RIA Shoot-Out! AJAX, Flex, Silverlight, and JavaFX

SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
News
Opera V8 Beta Browser, Like Firefox 1.0.1, Tackles Phishing and Spoofing
Anti-spoof Measures Help Users Make Educated Decisions About a Site's Validity and Security

By: Security News Desk
Mar. 1, 2005 12:00 AM

"One of the most important measures to counter phishing attacks is the use of security certificates," said Christen Krogh, Opera Software's Vice President of Engineering, last week as Opera released the second Beta version of its next browser, which includes an answer to the recent security debate over Web site spoofing.

In this beta, the browser displays security information inside the address bar, located next to the padlock icon that indicates the level of security present on a site.

The small, yellow security bar appears on secure sites and displays the name of the organization that owns the certificate. By clicking on the bar the user has access to more information about the validity of the certificate. These anti-spoof measures help users make educated decisions about a site's validity and security.

"The challenge for browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions," said Krogh.

To address Internationalized Domain Names (IDN) concerns, Opera's second Beta only displays localized domain names from certain top level domains (TLD). Opera selects TLDs that have established strict policies on the domain names they allow to be registered. This ensures that users who depend on IDN, for example when accessing sites under .jp or .kr, will have a favorable user experience.

Opera will regularly update its list of trusted TLDs, ensuring maximum protection and the best possible user experience.

Opera stands behind its statement made to Beta News on Feb. 18, 2005, asserting that the IDN problem is not one that can be solved alone, but rather together with other browser vendors, domain name registries, certificate authorities and other members of the Internet community. Opera has taken the initiative to assemble a group to evaluate joint solutions.

Beta 2 is available for download at http://www.opera.com/download/.

Users must be aware that a beta should be used for preview purposes only, as it is not a final product and does not contain all the features that are expected with the final release.

Published Mar. 1, 2005— Reads 18,446 — Feedback 9
Copyright © 2005 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
Related Stories
▪ Google's Browser Security Handbook Released
About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Has anyone seen alternate character domains? I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this. You know, like someone registers cnn.com, but the c is not the latin character set c but one from another character set. Or something that almost looks like a c.

Then, without even hacking DNS, you can simply make someone or a group of people think that they are on cnn.com when they are really not. This could be used for things like fake news reports, etc. that make people panic.

Has anyone seen anything like this yet?

I got a couple of Washington Mutual phishes that a URL like http://www.wamu.com/chooseyourstate.asp?redirect=h ttp://some.ip.address/~username/.wamu/index.html, so the initial link actually did go to the right site. Probably sneaky enough to lure in my parents, unfortunately.

Oh, and no, I haven't verified even the Washington Mutual part of the URL.

And their CTO Hakon Lie says MS has invalid webpages, and highlights MS's unwillingness to serve the same content to different browsers, IE's poor CSS support, tardy documentation and limitations of their XML format as evidence that MS's commitment to interoperablity is B/S.

According to Opera's CEO, some MS sites are deliberately serving broken HTML if the browser identifies itself as Opera. When Opera tells the site it's IE (or Firefox, or anything else), the sites work fine.

In December, the Danish security firm Secunia documented a case where a phisher somehow modified a windows host file so that when you type in the correct url in the address, it redirects you to the phisher site.

In other news, Netscape is building Netscape 8 which will include several anti-phishing enhancements and will emphasize security.

What the IE response???

You can alreday make misleading third level domains under your own domain name, there's no need to spoof anything. It's already possible to set up paypal.mydomain.com without having to resort to obscure character sets.

Did opera decide nobody in .cn would ever build a paypal lookalike with a domain that looked like "paypal"?


Your Feedback
suso wrote: Has anyone seen alternate character domains? I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this. You know, like someone registers cnn.com, but the c is not the latin character set c but one from another character set. Or something that almost looks like a c. Then, without even hacking DNS, you can simply make someone or a group of people think that they are on cnn.com when they are really not. This could be used for things like fake news reports, etc. that make people panic. Has anyone seen anything like this yet?
TomServo wrote: I got a couple of Washington Mutual phishes that a URL like http://www.wamu.com/chooseyourstate.asp?redirect=h ttp://some.ip.address/~username/.wamu/index.html, so the initial link actually did go to the right site. Probably sneaky enough to lure in my parents, unfortunately. Oh, and no, I haven't verified even the Washington Mutual part of the URL.
More wrote: And their CTO Hakon Lie says MS has invalid webpages, and highlights MS's unwillingness to serve the same content to different browsers, IE's poor CSS support, tardy documentation and limitations of their XML format as evidence that MS's commitment to interoperablity is B/S.
cyberformer wrote: According to Opera's CEO, some MS sites are deliberately serving broken HTML if the browser identifies itself as Opera. When Opera tells the site it's IE (or Firefox, or anything else), the sites work fine.
Phishing Horrors wrote: In December, the Danish security firm Secunia documented a case where a phisher somehow modified a windows host file so that when you type in the correct url in the address, it redirects you to the phisher site.
InfoPoint wrote: In other news, Netscape is building Netscape 8 which will include several anti-phishing enhancements and will emphasize security.
MS lagging wrote: What the IE response???
Spoofer wrote: You can alreday make misleading third level domains under your own domain name, there's no need to spoof anything. It's already possible to set up paypal.mydomain.com without having to resort to obscure character sets.
quezztion wrote: Did opera decide nobody in .cn would ever build a paypal lookalike with a domain that looked like "paypal"?
Latest Cloud Developer Stories
By John Weston
Many times over the last year I have been asked the question, "What is Windows Intune?" I like to describe Windows Intune as the cloud service helps you centrally manage and secure your PCs through a simple, web-based console. Released back in March 2011, Windows Intune has alre...
By Pat Romanski
Why are APIs so important in clouds? Do APIs have to be open? How fast or slow will standardization in the cloud be? Why is ensuring high availability for the cloud service critical? In his session at the 10th International Cloud Expo, Mårten Mickos, CEO of Eucalyptus Systems, w...
By Elizabeth White
Very few trends in IT have generated as much buzz as cloud computing. In his session at the 10th International Cloud Expo, Mark Hinkle, Director, Cloud Computing Community at Citrix, will cut through the hype and quickly clarify the ontology for cloud computing. The bulk of the c...
By Pat Romanski
The proliferation of device connectivity is redefining the functionality requirements and capabilities of many embedded systems as more and more of these devices look to leverage the “Cloud.” While many commercial software and hardware component vendors have begun to realign thei...
By Elizabeth White
Hardware and chemistry improvements will make the $1,000 human genome a reality soon. While the massive amount of genomics data that will be generated represents a huge opportunity to advance personal medicine, it also presents an enormous big data challenge. In his session at ...
MORE »
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
SYS-CON Featured Whitepapers
Most Read This Week
By Jeremy Geelan
By Bob Hockman
By Brian McCallion
By Steven Yaskin
By Jeremy Geelan
By Jeremy Geelan
By Udayan Banerjee
By Udayan Banerjee
By Jeremy Hess
By Maureen O'Gara
By Liz McMillan
By Maureen O'Gara
ADS BY GOOGLE

Breaking Cloud Computing News

Alvarion Ltd. (NASDAQ:ALVR) a provider of optimized wireless broadband solut...

Feb. 14, 2012 01:30 AM EST
MORE »