Welcome Opera Community!
posted by Allison on December 18th, 2006 in Browser, Community, Opera, PhishTank, PhishTank in the news
If you haven’t yet heard, Opera and OpenDNS announced this morning that the latest version of Opera has built-in phishing protection powered by PhishTank. That’s right, the phishing sites you submit to PhishTank, that are then verified as real phishes, are blocked for users of Opera 9.1.
Opera’s community manager, Espen Overdahl, blogged about the addition of PhishTank intelligence to 9.1.
Welcome to PhishTank, Opera community. 
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.
Leave a response below, or send a trackback from your own site.
Thnx!
How long does it take for a site to be blocked by OpenDNS after being confirmed a phish?
It seems Opera is getting more and more ‘feature’ packed and straying away from its core roots of being a solid browser which adheres to Web standards.
The new v9.10 release now has ‘Fraud Protection’ but the tool which provides it’ is not removable from the interface, even if its not switched on – causing a big grey ‘[?]‘ box inside of my URL bar
The same goes for ‘Widgets’ file menu, most of us do not use Opera widgets and it’s annoying that we have to persist with the file menu taking up space when Opera’s developers could have given us a chance to remove it from the user interface via ‘Customize’ option.
With ranting aside, Opera is still my preferred browser verus Mozilla Firefox or MSIE
I did some investigation and it seems both of the issues I stated can be rectified
. If anyone is interested in removing the ‘Widgets’ file menu option or wants to remove the grey inline fraud protection button (known as ‘Trust Button’) from the URL bar, then do as follows:
To remove ‘Trust Button’ from the URL bar:
–
Go to Opera’s internal configuration screen by entering ‘about:config’ in the URL bar. Locate the ‘Security Prefs’ section and uncheck ‘Enable Trust Button’.
To remove ‘Widgets’ file menu option:
–
Do as above to enter into ‘about:config’ screen. Locate ‘User Prefs’ section and note down the filename stated for the sub-section titled ‘Menu Configuration’. My Opera setup had ‘C:\Program Files\Opera\defaults\standard_menu.ini’ for this sub-section’s value.
Open this file in your preferred text editor and using the find utility of your text editor, locate the text ‘Submenu, -235137047, Browser Widgets Menu’. Comment this line out by appending a semi-colon (’;') to the start of this line and save the file.
* Note: You may need to restart your Opera Web browser for these changes to take affect.
Hope this helps someone out!
Poor Opera will always be confused with “kitchen sink” browsers. It is amazing that someone would come to _this_ site, see how horrible phishing situation has come and comment about Opera bloat (!) adding simple, OPEN feature to browser defaulting to OFF. (thanks to nerd types)
Opera is a commercial, professional developer company who ALWAYS cares about open standards and the experience of customers. What people doesn’t understand is: These features does not ADD to their CORE renderer, it keeps staying tiny and fast as possible. While adding Mail, widgets, they cleverly use already running browser core (which is a legend, Presto) which unbelievably can size down to sub 1 mb levels.
Every “feature” you see on Opera is pure XML, CSS2, AJAX. There is no “phishtank.c” added to browser, it uses browser just like before.
Widgets aren’t different. They are pure HTML and Javascript. There is no additional (couple of geeks decided you need them) megabytes of code. They use already included feature.
Happy new year, size the opera.exe when you think it is bloated
JustaPerson OpenDNS will block a site/domain if it is only used for crime, e.g. one host having some weird .biz host and tens of phishing pages served. (there are examples at phishtank)
For phishing pages, phishtank is needed.
Thanks for the welcome
Opera rocks.
PhishTank, to me, looks -currently= fundementally weak because of the way it works. Scammers can/have just adapted their way around it by using DNS itself to make the subdomain of the URL unique to the recipient.
What you should do is develop an algorithm that identifies common stubs over recent submissions and identify it with a wildcard/regex match – and as a further improvement use markov chains to find patterns across domains that are different.
Nick, are you interested in helping with PhishTank? Always looking to improve.
How is your PHP and MySQL?
The problem with implementing this kind of technology into a browser such as Opera is that it’s very prone to errors. I have come across numerous valid sites that Opera identifies as phishing sites, which are nowhere to be found in the PhishTank database.
I have no way of telling whether this is a fault in Opera, in the API or in the database (since the database search functions are downright anemic at this point), but I _do_ know that false positives abound, and that the setup of the site and the service both makes it far too easy to create such false positives, and far too difficult to remove them.
What bothers me is how unprepared this service is for “live” usage. Ever since I got Opera 9.1, I have run across several false positives that are eiher due to flaws in Opera, or in the API or in the PhishTank database.
The lackluster search capabilities on this site makes it impossible to find previous entries for these sites — if indeed any exist — without browsing through the tons of submissions that already exist, so I cannot say where the problem lies, I can just say with certainty that it is there. To continue on what Nick Lowe said, what this service needs to become production savy is a good set of wildcard/regex matching functions — not just in identifying the sites, but in searching for entries that are (supposedly) already there.
The problems this has already caused with sites I use every day, and know to be safe, has forced me to turn the Opera fraud protection off for the time being. As the service evolves and start working again, I might turn it back on again, but right now, it is simply far too inaccurate to be of any use.
Tippis, please identify any false positives you have found on PhishTank — we take these VERY seriously. Put the PhishTank URL here in the comments and we’ll investigate ASAP.
Note: PhishTank is NOT a whitelist site. The language on the Opera Fraud Protection dialog isn’t clear enough about that, and we’re working with the Opera team to change that.
John, thanks for your comment about the impression the Opera feature leaves that Phishtank might provide a whitelist. I discovered your site thru Opera. I do not feel I need the “fraud protection” feature as I am generally careful in browsing. Nevertheless, I am happy with the security marker on the address bar, and hope to see it come up with other than “?” more often in the future.
Opera clearly does have a whitelist function. Oddly enough, Google is not whitelisted but Yahoo is. Apparently Geotrust does the whitelisting, although that is not clearly stated on their site.
I would very much like to see Opera put up a page on their own site explaining what steps they take.
I would like to be able to make comments about WHY I think a site I submit or review is a phish. Perhaps this information, and any algorithmic method to assess phish potential, cannot be made public.
I do have some php and mysql knowledge. Perhaps I can share my ideas and back them up with some scripts you can use to count the dots in a url or whatever.
I suggest the option of some sort of “training” to become a certified “phish finder”, perhaps identifying several points for or against “phishyness” of a given example in the process. Effective action against phishing will always require the best professionals identifying patterns in the background, combined with many users volunteering time to look at individual cases.
rhb: http://www.opera.com/docs/fraudprotection/
We are currently working on ways to improve and streamline feedback on false positives, which we also take very seriously. While the data in our black- and whitelists is provided by partners (PhishTank and GeoTrust), we do have options to override if something is clearly erroneous. The best approach is always to check PhishTank first though – if something shows up here and is wrong, you can help correct it. Changes to phishing data in PhishTank are obviously also reflected in Opera.
– Christer
Opera 9.22 incorrectly reports the commercial E-Banking website for Yorkshire Bank PLC, U.K. as a fraud site (https://home.ybonline.co.uk/login.html?message=) yet PhishTank doesn’t find a report for that absolute URI, nor the page without querystring nor the site root. This is worrying the cr*p out of my parents who think their money is at risk, it isn’t, but they don’t know that and aren’t sure whether to trust Opera or to trust their CompSci graduate programmer son.
Opera Software doesn’t seem to care about it either with their closed-access bug reporting system (no response or action from previous notifications given that newer Opera versions have been released since initial reports of ‘false-positives without PhishTank listing the URI’). If Geotrust have a false-positive reporting capability it has so far evaded me.
False positives happen, but the lack of competent error reporting facilities by all parties involved, not to mention the lack of a competent PhishTank archive-section search (I have to resort to Google with a site-specific search to find all reports involving URIs containing the fragment ‘ybonline’), is disappointingly poor.
How is an end-user meant to resolve such an issue? A massive thumbs down, particularly to Opera Software.