Latest Opera vulnerability shows that all web browsers should be viewed as potentially insecure

Anthony Haywood, the data traffic analysis and security specialist's CTO, argues that the problem with web browsers is that they are designed to access a variety of websites, typically using Port 80 for regular HTTP access.

With so many IP ports available, this might sound like a small IP profile to deal with from a security perspective, but the problem, he says, is that there are a growing number of non-standard applications that use Port 80 across the internet.

Haywood notes that Opera is popular amongst users of smartphones and netbooks, owing to its relatively small footprint.

"Ironically, it's also been gaining traction on account of its less-than-mainstream status, which some experts have observed means that the software is less of a target by hackers and cybercriminals", he said.

"This reasoning appears quite sound, until you realise the world's internet browser user base is now measured in hundreds of millions, which means that a client that accounts for a fraction of a percentage still means there are millions of users out there in cyberspace", he added.

Idappcom's CTO went on to say that the very fact a browser is low profile and has a select user base can actually make it attractive in the eyes of cybercriminals, as hackers can start exploring what appears to be virgin territory as far as vulnerabilities are concerned.

According to the Softpedia newswire, the Opera flaw was discovered by French security researcher Jordi Chancel who published details on his blog earlier this month.

Haywood said that the flaw can cause Opera to crash, although the plus point here is that the address of the memory violation is reported to be unpredictable.

"This makes the vulnerability less easy to exploit from a hacking perspective", he said.

"Is Opera less or more secure than the other mainstream browsers? That depends on your perspective. The reality is that any software that uses Port 80 across the internet has to be viewed as a potential security issue and users – especially IT managers – need to be aware of this fact", he added.

The bottom line, he concludes, is that internet users need to install multiple layers of defence – and security software – as well as ensuring that their security software is patched and up to date as possible.

What’s Hot on Infosecurity Magazine?