Remember the SuperFish scandal? A third party application installed a Certificate Authority on PCs, and then hijacked all secure connections by serving browsers certificates from this local certificate authority. The SuperFish issue was widely publicized, partly because it combined several bad practices, but it is far from the only program out there that attempts to...

When a browser and website communicate over a secure connection, they encrypt and decrypt the data using a shared symmetric encryption key; the same key is used for encryption and decryption. In order for the browser and server to make sure they use the same key, they first need to share the key with each...

The FREAK TLS attack Following the trend of memorable names for TLS attacks, FREAK was recently announced. This exploits a bug in some TLS libraries, combined with the support of ancient weak ciphers, to enable a MitM to force crackable encryption. (The story of these ciphers is quite interesting, but plenty has been written elsewhere...

You might have seen our press release that Opera’s Rocket Optimizer can now optimize encrypted video streams. The attentive reader will already have halted and said, “wait, what?”. In this blog post, we’ll explain how this works. Rocket Optimizer works at the ISP level, ensuring that all subscribers get an optimal experience. When available bandwidth...

At Opera Software, we run a large number of websites for our products and services, and we like to give credit to the researchers and website testers who offer their assistance to help us tighten the security of those websites. We would like to take this opportunity to thank the researchers and testers of 2015...

So the last weeks have been rather hectic behind the scenes in the browser security world, when Google security group found a new way to exploit a rather well known design weakness in SSLv3 published in the paper This POODLE Bites: Exploiting The SSL 3.0 Fallback. You might wonder why that would be serious, when...