Opera About to Get Hacked in Russia?

Discussion in 'other security issues & news' started by pandorax, May 25, 2012.

Thread Status:
Not open for further replies.
  1. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    http://my.opera.com/chooseopera/blog/2012/05/24/opera-about-to-get-hacked-in-russia
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I predict a fall, seeing as how I've not seen nor heard of anything Opera has that makes it secure (besides too few using it).
     
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    It has a few 'security' extensions I think. It would be interesting to see just how it does. I wonder if they will include the 64 bit beta Opera 12? I'm quite interested in trying the final version of that myself. I'd be interested to know how much more secure 64 bit browsers are compared to 32 bit.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If anyone actually bothers to target it it's definitely going to fall lol

    I think for competitions it makes very little difference. 64bit basically just makes it impossible to bruteforce ASLR but in a competition they're likely going to go in already knowing where some static address space is (there's always some area that's going to be the same) or having some kind of information leak or just using an exploit that doesn't deal with ROP at all.

    In reality an attacker might resort to bruteforcing, I just don't see it happening in a competition.
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    OK thanks, I have a slight knowledge of what ASLR is, not too sure about 'ROP'. I was under the impression that 64 bit operating systems were much safer than 32 bit. I tended to assume that was just as applicable to browsers.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    ROP is return oriented programming. It's a way to bypass DEP (data execution prevention) so that you can execute code. ROP needs to be able to see code in some part of the processes address space so that it can use that code to execute what it wants. ASLR makes it so that they can't find the code so there's no way to execute it.

    To bypass ASLR you need to try to find code. This isn't hard on 32bit as the address space is small. On 64bit it's basically impossible - you need to bypass it through other ways or avoid the situation entirely.
     
  7. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    OK, thanks for the info. :thumb:
     
Loading...
Thread Status:
Not open for further replies.