From last few days i am doing some tasks over working and manging of opera Browser
and in the mean time i found a SEVERE and EXTREMLY easy to do hack using Opera browser
If you are Familiar with working of Opera browser then you must be knowing that opera
lets you to save you passwords so that you don't need enter again and again. and opera saves
it in a file named WAND , Also opera used to save all sort of related info. in a single file
like cookies , last download locations , notes in accordingly named files and all this files
could be found in...
[your drive]:\Documents and Settings\[logged in user]\Application Data\Opera\Opera\profile
Lets suppose your OS is in C drive and admin is current user then your destination is...
C:\Documents and Settings\Admin\Application Data\Opera\Opera\profile
Here
1. WAND.DAT = This file has stored in all your passwords [ encypted ]
2. cookies4.DAT = this have all authentication sessions + cookies [ all in one file ]
3. vlink4.DAT = Whole Browsing history !!!
Now the security flaw i am talking is , you can use this files to any other opera browser
there is none of the security while chaging from one system to another or from one version of opera to another version. So anybody who have access to your pc , like your friend , your colleague etc. can
Copy this file and can further use in there opera to get all of your credentials.. Nevertheless there is a Deadly Utility @
http://speedman.sk/17operawanddatenglish/ Which can DECRYPT WAND to simple plan text
OPERA DEVELOPERS SHOULD PONDER OVER IT AND DO SOME APPROPRIATE CHNAGES SO THAT WAND OF ONE
BROWSER CANT BE USED OVER OTHER OPERA EVEN OF SAME VERSION. ALSO THEY SHOULD HARDEN THE ENCRYPTION
OF WAND FILE
DISCLAIMER: I am not Promoting hacking and other illeagal things , my primary intention is just make peoples aware of such threats so that they can protect themselves..
