Miscellaneous > Applications

opera 9 is out

<< < (6/13) > >>

Canadian Lover:

--- Quote from: Annorax ---Opera is free, and has been since version 8.5.

They are still charging for Opera on non-mainstream platforms like Windows Mobile/PocketPC, cell phones, Nintendo DS*...

*not quite released yet, but date and price have been announced in Japan
--- End quote ---

Whitch is why I went with a PSP.

piratePenguin:

--- Quote from: piratePenguin ---
EDIT: The entire fecking profile is world-readable! That means everyone can see the passwords for the magic-wand thing, all the mail... the cache, history...
--- End quote ---
Yea - this is much worse than just the cookies.

In my test user account, I had no problem copying the whole .opera directory of my normal user account. Now, in my test account when I opened Opera it started up from where I'd finished the last time I used opera on my normal account - my gmail and microsuck accounts are open and logged in.

I can see all my usual bookmarks, and the confidential notes. And, if I logged out of Microsuck, I'd be able to automatically fill in the password at the login page thanks to the magic wand tool. Although I can't see the passwords in the 'wand' preferences thing, I KNOW that if someone was determined enough they'd get all my passwords stored with the magic wand tool (from the world-readable wand.dat file) - which is often all of them.

Aloone_Jonez:
What level would you rat this vulnerability?

I think its seriousness varyies depending on how you use your PC.

If it's a single user machine then it isn't important since it can't be exploited by an external dark force on the Internet.

But it's pretty serious if you allow many people to use your machine but there again all they would need is a boot disk to access all your files anyway, unless you've disabled it using the BIOS set up program.

piratePenguin:

--- Quote from: Aloone_Jonez ---What level would you rat this vulnerability?

I think its seriousness varyies depending on how you use your PC.

If it's a single user machine then it isn't important since it can't be exploited by an external dark force on the Internet.

But it's pretty serious if you allow many people to use your machine but there again all they would need is a boot disk to access all your files anyway, unless you've disabled it using the BIOS set up program.
--- End quote ---

I'd go for 'less critical' since it won't effect that many people (although I don't know the guidelines for that rating system).

It's organizations and universities that I'd be worried about, but I bet few of them have world-readable home directories.

Orethrius:

--- Quote from: piratePenguin ---Well, if firefox had this problem you bet I'd try to produce a patch before saying a thing for something that seems so easy. Anyhow, I think this is the line of Mozilla that's responsible for the permissions being so strict. And fecking hell, I was looking at this line over an hour ago thinking "no - that must be the permissions for opening the file" but why would it be 4 digits if that was the fecking case!

Anyhow, Opera, gimme the source code under the terms of the GNU GPL and I will fix this fucking thing for ya for free. How's that for a benefit!
--- End quote ---

 In regard to the privs, I see it's set owner read-write only, sans sticky bit.  Might it be more secure to have certain .mozilla subdirectories only modifiable by the originating user?

Navigation

[0] Message Index

[#] Next page

[*] Previous page