Opera Browser Strangeness

Discussion in 'General Security Discussions' started by Slyguy, Dec 19, 2017.

  1. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,300
    Caille
    Windows 10
    Similar locations?

    Qihoo is from China, and I believe Opera is also situated in China (or close to it)? Ukraine isn't too far from China as far as I know, but my geography always lacked so best check on that instead of assuming I'm right.
     
  2. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,169
    5,186
    IRAN
    Windows 10
    ESET
    Deletedmessiah and Opcode like this.
  3. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,169
    5,186
    IRAN
    Windows 10
    ESET
    upnorth, Deletedmessiah and Opcode like this.
  4. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,300
    Caille
    Windows 10
    @Sunshine-boy See, that's the thing that intrigued me (the Baidu references). It even has references to Conduit... But why? As as far as I know, Opera doesn't "prevent" such or "auto-clean" it.

    It was also more of references to domains from their services, therefore I don't think it is impossible to rule out that maybe they all actually share data collection silently. Who knows. I do know that China have strict rules about data collection which are in the odds of the user, and that they force all companies to store data and not delete it (allegedly).
     
    Deletedmessiah and Sunshine-boy like this.
  5. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,300
    Caille
    Windows 10
    Well there we go then... Opera was sold for $600 million. Read that again... "$600 million". They will want back their $600 million that they spent on Opera, and would probably want to double or triple it. Therefore the references I found regarding data collection are likely indeed related to genuine data collection. I'm not sure how else a free product provider would go about generating income without the use of money-making advertisements/pop-ups or donations, except for data collection and then selling that collected data.
     
  6. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,300
    Caille
    Windows 10
    Another thing I will quickly note.

    Watch out for any software which connects out to Ukraine at all. I don't mean this in a way that Ukraine are bad, nothing of the sort. The reasoning behind what I am trying to say is because large malware outbreaks such as Petya all originated from Ukraine for the spreading. A company (for example) which provided banking software to the Ukraine government (and others) were hacked twice for spreading of big malicious software outbreaks (Petya was one, I believe the second was NotPetya if I recall correctly). Specifically ransomware.

    If @Slyguy posted this here about what he found with the connections, it must mean he has some sort of suspicion about Opera. He usually uses FortiSandbox, a very good end-point tool. When he checked up on CCleaner before the public announcement of their breach, his sandbox has suspicions and he stopped using it, he dodged a bullet there. I don't know much about the member, but I've read his posts and I know he definitely knows his stuff when it comes to networking and use of a sandbox/malware research, so that's another reason to keep your eye out on Opera.
     
  7. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,169
    5,186
    IRAN
    Windows 10
    ESET
    How can I find the hidden connections like Baidu in opera? the firewall will not tell me anything! is there any tool to show me those hidden connections? I use a lot of freeware software's:D now I'm worried lol!I meant that hardcoded domains..
     
  8. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,300
    Caille
    Windows 10
    @Sunshine-boy I didn't see the connections from network analysis, a cat (which dropped out the sky last night, landed on its feet and had a bag with a next-gen laptop which had many reversing tools) found various domains hard-coded into the actual Portable Executable. The component was opera_browser.dll. I cannot provide step-by-steps for obvious reasons considering Opera is genuine software, however you could try looking up online how to generate Strings for a Portable Executable (reverse-engineering technique - one of the simplest ones out there). Opera doesn't make use of string obfuscation.

    What I'm saying though, is why on earth would Opera need to hard-code all of these things? Conduit? MyStart? Baidu stuff? It just seems fishy to me, and I couldn't find anything about it from Opera themselves online...

    So take it with a grain of salt, but personally I think something not-so-good is going on and I recon it is to do with data collection and money.
     
  9. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,300
    Caille
    Windows 10
    Unless the free software is coming from community members on this forum/forums like this, or open-source repositories/reputable vendors for having good privacy guidelines, you're probably paying for software with your information.

    Even Avast collect data which they will go on to sell by default for their Free Anti-Virus. Google collect a lot of data as well, as does Facebook, but I don't know about their terms with handling the data.

    Web Of Trust (WOT) was exposed in the past for a massive problem with data collection, that pretty much buried them at the time. I never see anyone recommending it, nor even speaking of it nowadays.
     
  10. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,562
    3,796
    0wN3D by my cat!
    #30 Prorootect, Dec 21, 2017
    Last edited: Dec 21, 2017
    Have you restarted your browser ... surely ..
    Then look on your Registry - or it's hardcoded like Opcode wrote above.
    Solution - download my Opera PORTABLE version:
    Version: 36.0.2130.80
    I don't have your Opera problems.

    I download browsers (or other software) portable versions only, always.
     
  11. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,562
    3,796
    0wN3D by my cat!
    #31 Prorootect, Dec 21, 2017
    Last edited: Dec 21, 2017
    So China borders with Russia, then Russia with Ukraine, yes many hackers everywhere

    This very good extension:
    7 Times Faster
    - it's from Ukraine.

    Download on Store: 7 Times Faster
    Version: 1.0.2.0
    Updated: December 15, 2017
    Size: 1.33MiB
    - edited
     
    Sunshine-boy likes this.
  12. Tsiehshi

    Tsiehshi Level 1

    Nov 11, 2017
    43
    118
    Somewhere
    #32 Tsiehshi, Dec 21, 2017
    Last edited: Dec 21, 2017
    You do realize it has only 3 stars (for too many false positives) and the description conveniently leaves out uBlock? I'd say it's too flaky to be used/bundled by an established browser or have anything to do with one.
     
    upnorth and Prorootect like this.
  13. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,562
    3,796
    0wN3D by my cat!
    Ah I didn't know... but I've used it for a little while, good impression, that's all

    - and it's example of extension from Ukraine, I used (I don't use it for now)...

    - Thank you Tsiehshi!
     
    Sunshine-boy, upnorth and Tsiehshi like this.
  14. upnorth

    upnorth Level 11

    Jul 27, 2015
    520
    2,759
    Sweden
    #34 upnorth, Dec 21, 2017
    Last edited: Dec 21, 2017
    Aha! Might actually have found an answer to why Opera establish a connection to bank.gov.ua.

    Quote : " Currency conversion is based on two reference rates reported either by the European Central Bank ("ECB") using EURO as its base currency or the National Bank of Ukraine (NBU) using the Hyrvnia as its base currency.

    The default currency converter option is set to the ECB. According to the ECB, its reference rates are updated on working days, excluding TARGET closing days (generally Saturday, Sunday and certain holidays). The ECB's reference rates are based on a regular daily concertation procedure between central banks across Europe. You can learn more about the ECB’s policy and exchange rates here.

    Reference rates using the NBU are updated in two groups, daily or monthly, according to the exchange rates of the Ukrainian Hryvnia against foreign currencies. Read more here. "

    Source : Search the web | Opera for Windows help
     
    Tsiehshi and Prorootect like this.
Loading...
Similar Threads Forum Date
Update New year, new browser. Opera 50 introduces anti-Bitcoin mining tool Browsers and Extensions Jan 4, 2018
Cryptojacking Script Continues to Operate After Users Close Their Browser Security News Nov 29, 2017
Q&A Opera Browser question Browsers and Extensions Apr 26, 2017