Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: kanedaaa
Date: November 01, 2006 06:32PM

[From Opera forum]
How to bypass Opera 9.10 Fraud Protection ?

After 7 minutes simply tests I found how to bypass this in very easy way.
I love Opera of course and please check it and patch before official version.
For example domain http://ogk-duffel.be is blocked now and gives Fraud info.
BUT when I connect to:
http://ogk-duffel.be.
"." on the end of domain
this bypass the protection !!!
Kanedaaa

URL to advisory ;] : http://kaneda.bohater.net/security/opera_9.10_bypass_fraud_protection.html

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: jungsonn
Date: November 01, 2006 07:44PM

Ok, it's the same as the FF issue: strict matching.

BTW: what is fraudulant about that Belgium site and why blocked? looks like a normal page, I'm dutch so i can read it, and it's just a 'local sports group page' to me.

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: Kyran
Date: November 01, 2006 08:26PM

Not good. Looks like my hopes for Opera 9.1's Fraud Protection are crushed. It isn't any smarter than IE and Firefox's equivelants. May the xss gods save our cc#s. =_=

- Kyran

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: kanedaaa
Date: November 03, 2006 06:43PM

They release yesterday 9.1 rc1 and Fraud Protection with my bug is still not patched... I send it to bugs.opera.com but probably they have to much work ;]

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;] (fixed from now)
Posted by: kanedaaa
Date: November 13, 2006 01:08PM

From: http://my.opera.com/desktopteam/blog/
Friday, 3. November 2006, 15:24:07
We are getting close to 9.10 RC1
(...)
Several fixes to Fraud protection
(...)

Opera 9.10
Build 490
Platform Linux

I checked it on two Phishing sites [added to blacklist] and when I try add "." at the end of domain Opera delete this "." char before send Fraud domain request and give Warn about Phishing sites. Thats Great !!!

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: Kyran
Date: November 13, 2006 04:03PM

Excellent! I knew Opera would get it right. :)

- Kyran

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: jungsonn
Date: November 13, 2006 04:26PM

did you try two dots ".." :)

Options: ReplyQuote
Re: New Fraud Protection feature in Opera 9.1 [beta] pretty bad ;]
Posted by: kanedaaa
Date: November 13, 2006 05:02PM

Of course but ONE dot was good because DNS response with "." at the end:
[kaneda<-ogoreczek]~$host -t a ckers.org.
ckers.org has address 69.12.144.65

[kaneda<-ogoreczek]~$host -t a ckers.org
ckers.org has address 69.12.144.65

That fact and second fact, that people from Opera dont parse it before check domain gives this bug :]

Options: ReplyQuote


Sorry, only registered users may post in this forum.