Jump to content
Tuts 4 You

Opera - Security Breach Stopped...


Teddy Rogers

Recommended Posts

Teddy Rogers

Security Breach Stopped


 




At Opera Software, we are committed to the security and privacy of our users. This is paramount to us, and as such, we want to share the details of a recent incident with you.

 

On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments.

 

The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser.

 

It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.

 

Users are strongly urged to update to the latest version of Opera as soon as it is available, keep all computer software up to date, and to use a reputable anti-virus product on their computer. For more information about the malware, including which anti-virus applications can detect it, virustotal has a good overview.



 


 

Ted.

  • Like 1
Link to comment

Stopped?
 

 

It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.

 

 

More like "contained".

Link to comment
Teddy Rogers

Yes, I thought the same. I think they are playing this down quite well considering how big a breach it really was. These kind of security issues makes you realise how secure servers need to be if companies plan on pushing automatic updates out because if the damage isn't spotted early they run the risk of effecting a lot of people...


 


Ted.


Link to comment
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...