+ Fraud Protection Description:
Oslo, Norway - December 18, 2006
Opera Software today introduced real-time Fraud Protection in its award-winning Web browser. Fraud Protection includes technology from GeoTrust, the leading digital certificate provider, and PhishTank, a collaborative clearing house for data and information about phishing on the Internet. Fraud Protection is available in Opera 9.1, the newest version of Opera's Web browser. Opera is available completely free at www.opera.com.
+ Bypass Description:
It is possible to bypass Fraud Protection by add some characters to URL address.
URL will be still valid and will work properly but we are not aware of Phishing warning.
At 2006.11 when version 9.10 was developed and Fraud Protection was tested I found that
when we add "." char at the end of domain in URL field - DNS systems still resolve this address,
Host: directive in HTTP GET will not break WWW server answer BUT for Fraud Protection
it will be another site than original and Fraud Test will fail.
For example: http://kaneda.bohater.net. != http://kaneda.bohater.net
After post to http://bugs.opera.com and on devel Opera forum, they made fix. [great!]
In Opera 9.10 this bug dosn't work of course.
But today when I`m running Final 9.10 version I have found that when I added "/" character at
the end of domain in URL it failed Phishing test again !!!
Example:
When my URL is on Phishing List:
http://kaneda.bohater.net/phish.html - warning will be displayed
http://kaneda.bohater.net//phish.html - warning will NOT be displayed
Of course we can add more "/".
Like live shows [Firefox HexEncoding Anti-Phishing bypass URL: http://sla.ckers.org/forum/read.php?13,2253 ] Phishers can use this technique in near future to abusive actions.
Timeline:
2006.12.20 bug discovered
2006.12.21 "/" bug sent to http://bugs.opera.com
2007.01.19 no response and patch from vendor - probably will be fixed in future
2007.02.06 posted to Bugtraq
2007.02.02 fixed in Opera Devel version [testing] 9.20 ["Some fraud protection improvements"]