Opera tackles phishing attacks

Opera Software has released a second beta of its next browser to help tackle phishing attacks.

Opera Software has released a second beta of its next browser to help tackle phishing attacks.

Like the open-source Mozilla Foundation last week, which released a new version of its Firefox browser, Opera has launched the beta to address a security opening in its browser relating to its support for Internationalised Domain Names (IDN).

IDN makes it easier for users to access sites connected to top level domains by recognising different international characters.

However, because of the way the protocol works on a user’s machine, IDN also allows phishing criminals to direct users from a trusted site to one where they will be asked for their security details, in an attempt to defraud them.

The phishing risks associated with IDN affect a number of browsers, apart from Microsoft’s Internet Explorer, which does not support IDN.

To help address concerns, Opera's second beta only displays localised domain names from certain top level domains (TLD). Opera selects TLDs that have established strict policies on the domain names they allow to be registered.

The small, yellow security bar appears on secure sites and displays the name of the organisation that owns the certificate.

By clicking on the bar the user has access to more information about the validity of the certificate. These anti-spoof measures help users make educated decisions about a site's validity and security, said Opera.

"One of the most important measures to counter phishing attacks is the use of security certificates," said Christen Krogh, Opera vice-president of engineering.

"The challenge for browser  suppliers is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions," he said.

Read more on Antivirus, firewall and IDS products