Opera Mini is a browser people are running on their PDAs. Problem is, they are modifying all the webpages, and decrypting your SSL traffic. Doing so, they're causing webpages pages you thought were secure to travel in the clear, exposing your passwords, credit card information, and everything you thought was encrypted on the net...
Steve Gibson: Now, the reason they're doing this is that this server that the Opera Mini browser connects to is really doing a lot of good work for the user. It is rewriting pages, web pages on the fly, rewriting JavaScript on the fly, essentially turning web pages that were never designed to be seen on a very small screen on a very lightweight and lower powered browser, making them work. ... If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile. Opera Mini users a transcoder server, as they call it, to translate HTML, CSS, JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation the Opera Mini server needs to have access to the unencrypted version of the web page. Therefore, no end-to-end encryption between the client and the remote web server is possible.
Transcript of Episode 126, Security Now
Category: Security
| 
