You could say the same about InternetExplorer, yet people seem to find a lot of holes in it. Yes, MS IE is used by more people, so the "more eyes" thing can be invoked.
The point you should also look at is that Opera, as a company, has had a stellar record in fixing holes once they have been discovered. I don't think I have seen a better response time for any software product.
For Opera, you can disable scripting (and Java and plugins) globally (F12) and turn them back on for specific sites (with right-click "Edit Site Preferences"). Many of the things that add-ons are used for in Firefox have similar functionality out-of-the-box with Opera.
As far as I can tell, this is "merely" an unpatched bug. The horrid way that this is reported is spreading FUD about a valid security update, which people should install. Of course, "noscript" is a handy plugin and would be a good thing to install after the upgrade.
Please note that Seamonkey is also being patched, something that people tend to gloss over.
Of course, Opera is also available for download, if you're wanting to avoid the bug that desperately.
I would have modded the original poster "insightful". The author does come across poorly. I suspect that he/she (I know Michelles that go by "Mitch") may be somewhat frustrated by the experience.
Yeah that was my first reaction as well. However, to be charitable to the author, I now think that he meant "free" as in "libre" not "gratis". Opera is not open-source, so to some it isn't "free".
It's too bad that this blinds those people to the utility they could be getting, not only from Opera, but from other closed source software.
Disclaimer: I use several browsers. (Has anyone noted there are new updates for Seamonkey and Firefox on this thread? Security issues are patched, so patch yours soon.) But I prefer Opera on most platforms.
1) Not all "vulnerabilities" are dangerous. Yes, there are a lot of junk security warnings out there. Part of the security officers' duty is to separate the chaff from the kernels.
2) You're only as secure as your weakest password. We knew that.
I know that Antarctica is on the bottom part of the world and you can't see alien planets if you're looking DOWN. This is why the project "became aborted halfway in its implementation due to some reasons."
Yes. You have to dig through the mailing list archive of which the original article is part to find it. The initial complainer sent an email that contained a url that pointed to a host designated by a dotted quad (i.e. numeric) address. That got blocked.
I think that this is a fairly common signature for spammy messages and that it should cause a positive. I stopped reading the list after the complainant stated he wouldn't contact "Cox" through their email address that is supposed to resolve problems such as false positives.
Could they not use ceramic rails rather than metal ones? The input efficiency of the gun appears to be 40%. (The 64 MJ weapon needs 16 MW of power firing every ten seconds = 6.4 MW / 16 MW.) Too bad they don't specify the kinetic energy of the projectiles.
Minerva Inc also claims the patent for vehicle air bags. I smell the conspiracy here - get everyone to use cell phones while driving and have more accidents - then they'll need more air bags and more cell phones.
\begin{snarky}
I'm surprised some of these "admins" can find their servers, let alone moderately well hidden rootkits.
\end{snarky}
Many system administrators do not have a deep background in *nix security. If they can install a Linux box, they're apparently qualified. There are many admins who are extremely competent in security matters, but I have not seen anything coming from those people. (Perhaps they weren't infected?)
So, I have not heard (read) of anything from anyone describing a good analysis of an infected machine. The best so far is the cPanel note. There they do mention that "[i]t is common to see a short but successful root login via ssh 5-10 minutes before the compromise occurs" which in my mind is already a compromise.
Some things can't happen the way people say they happen
I'm not sure exactly what it is that can't happen. I have downloaded infected pages (after taking the necessary precautions) through several paths, and I get the line with the javscript file inclusion - always on the first page from the server, rarely after that - and can download the javascript malware. The file does not exist on a second download attempt. Everything I have seen - which does not include an infected system, up close and personal - is consistent with the general theories presented so far.
While it could be injection from a third party (I must admit I haven't tried an SSL connection) that would mean that there are many compromised routers out there, which is a much scarier proposition than some compromised servers.
Yeah, I do "interleaved posting". You wouldn't believe the number of complaints I get about it. Apparently people are too used to the wrong way of doing this.
Slashdot Mirror
About 10 ft higher than is required to keep "nurb432" where he is right now.
The point you should also look at is that Opera, as a company, has had a stellar record in fixing holes once they have been discovered. I don't think I have seen a better response time for any software product.
For Opera, you can disable scripting (and Java and plugins) globally (F12) and turn them back on for specific sites (with right-click "Edit Site Preferences"). Many of the things that add-ons are used for in Firefox have similar functionality out-of-the-box with Opera.
Please note that Seamonkey is also being patched, something that people tend to gloss over.
Of course, Opera is also available for download, if you're wanting to avoid the bug that desperately.
I would have modded the original poster "insightful". The author does come across poorly. I suspect that he/she (I know Michelles that go by "Mitch") may be somewhat frustrated by the experience.
It's too bad that this blinds those people to the utility they could be getting, not only from Opera, but from other closed source software.
Disclaimer: I use several browsers. (Has anyone noted there are new updates for Seamonkey and Firefox on this thread? Security issues are patched, so patch yours soon.) But I prefer Opera on most platforms.
Yes, you're right. I sit corrected. Thank you.
2) You're only as secure as your weakest password. We knew that.
3) This guy shouldn't talk about seatbelts.
Would it be ironic if your posted got modded "insightful"?
It's just a lot of turtles, as far you can see ...
I think you may mean Alabama instead of Missouri. And it didn't happen.
Actually /. hacked the voting machine on its own and President Taco will address your other concerns in his next address to the nation.
I think that this is a fairly common signature for spammy messages and that it should cause a positive. I stopped reading the list after the complainant stated he wouldn't contact "Cox" through their email address that is supposed to resolve problems such as false positives.
Could they not use ceramic rails rather than metal ones? The input efficiency of the gun appears to be 40%. (The 64 MJ weapon needs 16 MW of power firing every ten seconds = 6.4 MW / 16 MW.) Too bad they don't specify the kinetic energy of the projectiles.
Minerva Inc also claims the patent for vehicle air bags. I smell the conspiracy here - get everyone to use cell phones while driving and have more accidents - then they'll need more air bags and more cell phones.
\begin{snarky}
I'm surprised some of these "admins" can find their servers, let alone moderately well hidden rootkits.
\end{snarky}
Many system administrators do not have a deep background in *nix security. If they can install a Linux box, they're apparently qualified. There are many admins who are extremely competent in security matters, but I have not seen anything coming from those people. (Perhaps they weren't infected?) So, I have not heard (read) of anything from anyone describing a good analysis of an infected machine. The best so far is the cPanel note. There they do mention that "[i]t is common to see a short but successful root login via ssh 5-10 minutes before the compromise occurs" which in my mind is already a compromise.
Hey, hey, hey. Don't be mean. - Character is what you are in the dark.
I'm not sure exactly what it is that can't happen. I have downloaded infected pages (after taking the necessary precautions) through several paths, and I get the line with the javscript file inclusion - always on the first page from the server, rarely after that - and can download the javascript malware. The file does not exist on a second download attempt. Everything I have seen - which does not include an infected system, up close and personal - is consistent with the general theories presented so far.
While it could be injection from a third party (I must admit I haven't tried an SSL connection) that would mean that there are many compromised routers out there, which is a much scarier proposition than some compromised servers.
So, in short, what is it that can't be done?
Careful there, Cowboy. If you keep trying to edit the summaries for readability, you'll put Zonk out of a job. Hmmm. On the other hand ...
The 1980's called - you can keep their band. It's okay.
Yeah, I do "interleaved posting". You wouldn't believe the number of complaints I get about it. Apparently people are too used to the wrong way of doing this.
My compliant is the looser who think a spell chequer solve all there righting problems.
Ummm ... Moo?
For some reason this reminds me of this story. Ah yes, the memories. You kids wouldn't understand.
Particularly considering Willy S. likely got the "Hamlet" idea from someone else ...