Opera Software has released a second beta of its next
browser to help tackle phishing attacks.
Like the open-source Mozilla Foundation last week, which
released a new version of its Firefox browser, Opera has launched
the beta to address a security opening in its browser relating to
its support for Internationalised Domain Names (IDN).
IDN makes it easier for users to access sites connected to top
level domains by recognising different international
characters.
However, because of the way the protocol works on a user’s
machine, IDN also allows phishing criminals to direct users from a
trusted site to one where they will be asked for their security
details, in an attempt to defraud them.
The phishing risks associated with IDN affect a number of
browsers, apart from Microsoft’s Internet Explorer, which does not
support IDN.
To help address concerns, Opera's second beta only displays
localised domain names from certain top level domains (TLD). Opera
selects TLDs that have established strict policies on the domain
names they allow to be registered.
The small, yellow security bar appears on secure sites and
displays the name of the organisation that owns the
certificate.
By clicking on the bar the user has access to more information
about the validity of the certificate. These anti-spoof measures
help users make educated decisions about a site's validity and
security, said Opera.
"One of the most important measures to counter phishing attacks
is the use of security certificates," said Christen Krogh, Opera
vice-president of engineering.
"The challenge for browser suppliers is to better explain the
verification of certificates and to make the user more aware of
this additional verification before entering into secure
transactions," he said.