Comments on: Pwning Opera Unite with Inferno’s Eleven http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/ Inferno's Blog on Application Security Fri, 02 Apr 2010 17:28:55 -0700 http://wordpress.org/?v=abc hourly 1 By: lotha http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-273 lotha Sun, 08 Nov 2009 17:07:04 +0000 http://securethoughts.com/?p=783#comment-273 Thanks for your anwser Thanks for your anwser

]]> By: Inferno http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-270 Inferno Sat, 07 Nov 2009 22:28:23 +0000 http://securethoughts.com/?p=783#comment-270 @Lotha, yes if you are running the Unite Server, it is very important to run it in a sanboxie kind of env with a good firewall. that will reduce down the risk to a great extent as application boundaries are not crossed and less chances of code execution. @Lotha, yes if you are running the Unite Server, it is very important to run it in a sanboxie kind of env with a good firewall. that will reduce down the risk to a great extent as application boundaries are not crossed and less chances of code execution.

]]> By: lotha http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-269 lotha Sat, 07 Nov 2009 22:22:59 +0000 http://securethoughts.com/?p=783#comment-269 Thanks for your answer, but I'm afraid they don't intend to change it, as they say it "feature by design". On the other hand, it's normal when you run a server that your ip and port are made visible, but I don't understand why it has to be in the source. So. Do you think it reduces the risk if Unite is runned into sandboxie and with a firewall ? Even if the ip and port are visible ? Thanks for your answer, but I’m afraid they don’t intend to change it, as they say it “feature by design”.
On the other hand, it’s normal when you run a server that your ip and port are made visible, but I don’t understand why it has to be in the source.
So. Do you think it reduces the risk if Unite is runned into sandboxie and with a firewall ? Even if the ip and port are visible ?

]]> By: Inferno http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-268 Inferno Sat, 07 Nov 2009 20:58:38 +0000 http://securethoughts.com/?p=783#comment-268 @Lotha - Vulnerability 3 is just about information disclosure. An attacker might be able to further exploit the service since he knows the exact server ip and port no. This might be fixed before the Opera Unite production version is launched. @Lotha – Vulnerability 3 is just about information disclosure. An attacker might be able to further exploit the service since he knows the exact server ip and port no. This might be fixed before the Opera Unite production version is launched.

]]> By: Lotha http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-266 Lotha Sat, 07 Nov 2009 20:03:30 +0000 http://securethoughts.com/?p=783#comment-266 Thanks for this article. What can be done with vulnerability 3 ? Is it possible to access the whole host-computer by scanning port 8840 ? Thanks for this article.
What can be done with vulnerability 3 ? Is it possible to access the whole host-computer by scanning port 8840 ?

]]> By: Inferno http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-260 Inferno Thu, 29 Oct 2009 18:57:32 +0000 http://securethoughts.com/?p=783#comment-260 @Mark - give it a try to see how many things remain. i dont currently have the time to try it again :). However, i can give you the feedback provided to me by Opera Security Team. 6,7,8,9,11 are planned to be fixed. 4,10 are known limitations that they plan to address in future. 1,2,3,5 are features by design. @Mark – give it a try to see how many things remain. i dont currently have the time to try it again :) . However, i can give you the feedback provided to me by Opera Security Team.
6,7,8,9,11 are planned to be fixed.
4,10 are known limitations that they plan to address in future.
1,2,3,5 are features by design.

]]> By: Mark http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-259 Mark Thu, 29 Oct 2009 18:38:28 +0000 http://securethoughts.com/?p=783#comment-259 Worth pointing out the build that they tried is over 100 builds out of date. I'd like to see how many of these things still remain in the latest: http://snapshot.opera.com/windows/Opera_1010_1848_in.exe Worth pointing out the build that they tried is over 100 builds out of date.

I’d like to see how many of these things still remain in the latest:

http://snapshot.opera.com/windows/Opera_1010_1848_in.exe

]]> By: Upquark http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-235 Upquark Sun, 13 Sep 2009 21:22:41 +0000 http://securethoughts.com/?p=783#comment-235 Very cool! And a nice read as well. Well done! Very cool! And a nice read as well. Well done!

]]> By: MaXe http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-233 MaXe Mon, 07 Sep 2009 08:31:57 +0000 http://securethoughts.com/?p=783#comment-233 Very nice work indeed, I'll post it to my website giving you credit of course :-) Very nice work indeed, I’ll post it to my website giving you credit of course :-)

]]> By: N3mes1s » Blog Archive » Opera Unite: pwning http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/comment-page-1/#comment-230 N3mes1s » Blog Archive » Opera Unite: pwning Thu, 03 Sep 2009 08:36:43 +0000 http://securethoughts.com/?p=783#comment-230 [...] Pwning Opera Unite with Inferno’s Eleven [...] [...] Pwning Opera Unite with Inferno’s Eleven [...]

]]>