Comments on: Pwning Opera Unite with Inferno’s Eleven

By: nobody

nobody — Thu, 05 Nov 2009 19:47:32 +0000

it still stands – opera’ ceo claimed that opera unit is secure, and that they know what are they doing. obviously he was: a) lying b) not aware how secure unite realy is c) mixture of both.

opera at the time when opera’ ceo was interviewed and was responding to security concerns WASNT secure at all.

and it isnt true that any webapplication has the same issues – i cannot see ip’s of other users that use the same online bank. do i care if my ip is visible? no. should opera disclose it in plain text? no.

is there anything else you are to stupid to understand?

By: Washout

Washout — Fri, 30 Oct 2009 13:40:49 +0000

Give me a break. You are an idiot. This list is 2 months old, and either only affected the pre-alpha demo/concept version, or are non-issues that are true for ANY web server.

Unite as a concept is secure. That doesn’t mean that there can’t be any security holes. Security holes can appear in any application.

Your irrational hatred of Opera is really making you blind to the fact that your irrational bashing of Opera in this case means that you have to irrationally bash anyone who creates a web server!

LOL, Unite doesn’t mask your IP address?! If THAT is a security issue, then THE WHOLE INTERNET IS A SECURITY ISSUE!

You are and will always be a moron.

By: tomass

tomass — Fri, 30 Oct 2009 09:24:45 +0000

well, absence of HTTPS is the only real problem in my opinion. the rest is either fixed, either user can turn it off. and as for phishing possibilities with Unite: it is a risk every hosting service has to cope with, I don’t know why it is a problem for Unite only.
There are more important hypothetical security risks (like gaining read acces to shared folders) and the article didn’t discover any of them… so in these terms the CEO has the right to call it secure.

By: nobody

nobody — Fri, 30 Oct 2009 06:48:02 +0000

and all opera had to say at that point was ‘trust us, we know what we are doing’.. bollocks

it is a bit old, some of this stuff had been fixed awhile ago, but basic information is simple – opera HAS problems creating secure webservices.

first sign of trouble was, when theyve announced that login will not use https.. in 2009!

all that say that this is BETA – Opera CEO claimed unite was secure back then in september and august! he dissmised all security concerns with ‘trust us’. well, he lied or wasnt aware what he is talking about. opera unite in that time WASNT secure at all, and probably isnt secure now. it takes time, skill and attitude to admit to failure. opera has skill, but neither of following two..

By: WellDuh

WellDuh — Thu, 29 Oct 2009 22:15:32 +0000

FYI:

“This is really old, and the list has just fixed issues, or non-issues that are present in any webserver.”

Why is FavBrowser posting oooold and outdated stuff? A quick search would show that this is a couple of months old!

By: ica

ica — Thu, 29 Oct 2009 17:40:08 +0000

“This one is fixed, I can see any IP adress nor Port number in any unite source page I’ve visited.”
I CAN’T see, of course, sorry.

By: ica

ica — Thu, 29 Oct 2009 17:39:11 +0000

“3. Enumerating Service Owner Server IP address and Port number”
This one is fixed, I can see any IP adress nor Port number in any unite source page I’ve visited.
“1. Enumerating Service Owner Usernames”
“It’s not a bug, it’s a feature.”
However, in the advanced settings you have the choice to make visible or not your services to search engines, on Opera unite web pages, inside your local network.

By: Rafael

Rafael — Thu, 29 Oct 2009 16:50:12 +0000

Interesting… Let’s see what is going to change after that considering that Unite is in beta…