In association with heise online

08 July 2009, 12:15

Opera says Opera Unite web server is not a security problem

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Jon von Tetzchner, Opera Software's CEO, has attempted to dispel concerns over the security aspects of the web server components in Opera Unite. In an interview with Network World, von Tetzchner expressed the view that the web server included in Opera 10 makes it more difficult for hackers to break into systems, not easier. However, security experts say that the integrated web server provides an additional point of attack for hackers. Criminals already distribute the majority of malware via compromised web pages.

With an integrated web server, Opera Unite makes it easier for users to offer their own internet content. It will, for example, allow users to make their music or photo collections available on the web. A range of access rights can be set up for services that access files on the host computer's local file system.

Von Tetzchner's argument appears, however, not to be primarily concerned about Unite affecting the vulnerability of individual computers. In his opinion, it's not worthwhile for hackers to penetrate individual Opera Unite systems, because there is no centralised store of information. Rather information is scattered, making penetration of millions of systems necessary. He believes that Opera with Unite represents no more of a target for attack than it does without Unite.

Looked at closely, von Tetzchner's statements rather miss the point of the concerns raised; firstly, any security vulnerability in Opera Unite affects all installations, allowing a mass hack of millions of PCs, and secondly there is the question of why users would want to distribute information, in particular confidential information, over the web. For criminals, each computer under their control is a business asset, whether or not it contains confidential data.

Opera will, however, continue to spend a "fair amount of time" ensuring that the new feature will be implemented as securely as possible.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-742401
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit