operas fraud protection sucks

Posted by Nico Golde in
Sunday, September 14. 2008

Dear Opera developers...
even I find it hard to believe that your fraud protection is of a real use for anyond (besides the technical implementation: doing an http request for each unvisited site to http://sitecheck2.opera.com/?host=HOST really sucks) it might help some people.

BUT why on earth are you doing this for private ip ranges??? FAIL!

UPDATE: the documentation states that this is not done, however I only recognized this because I saw that it is exactly doing that in a packet dump and I can reproduce this:
192.168.1.212 - - [14/Sep/2008:21:22:09 +0200] "GET http://sitecheck2.opera.com/?host=192.168.1.4&hdn=1jefsNeoBNollcGHqAYxxA== HTTP/1.1" - - "-" "Opera/9.50 (X11; Linux i686; U; en)"

So either urlsnarf is buggy here (which I don't believe as the request should never go through a socket) or opera has a bug.
Comment (1) - Trackbacks (0)
Defined tags for this entry: , , ,
Related entries by tags:
(Page 1 of 1, totaling 1 entries)

Calendar

Back September '08 Forward
Mon Tue Wed Thu Fri Sat Sun
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Quicksearch

Support



=>my website

Recent Entries

E-Plus GSM privacy/TMSI allocation leak
Thursday, October 11 2012
Exploiting the Ubiquisys/SFR femtocell webserver (wsal/shttpd/mongoose/yassl embedded webserver)
Wednesday, August 3 2011
So what happened recently...
Wednesday, April 6 2011
Sunday, February 6 2011
exim remote vulnerability
Thursday, December 9 2010
Will my Phone Show An Unencrypted Connection?
Wednesday, September 8 2010
smpCTF 2010 quals writeups
Sunday, August 8 2010
protocol design fail: MMS notification
Wednesday, July 28 2010
acrobat reader stealing my passwords
Tuesday, June 29 2010
UnrealIRCd backdoored
Saturday, June 12 2010

Archives

Syndicate This Blog

Categories



All categories

Tag cloud