Opera developers explain why malicious “update” wasn’t detected

Opera Software has finally come out with more details about the recent compromise of its internal infrastructure, the theft of an expired code signing certificate, and the delivery of malware signed with it through the auto-update mechanism to Opera users.

Opera employee Mark ‘Tarquin’ Wilton-Jones took to the comment section of the original breach notification and has shared that:

• Opera 12 source code was not stolen
• The malware did not affect the Opera installation itself
• The certificate used was old and expired, but the checking of the certificate is controlled by the OS, not by them.

“Unfortunately, not all versions of Windows check the certificate, and some users may have disabled the UAC protection,” he noted, adding that in the future it would certainly be possible for them to run their own checks on the certificate of downloaded autoupdates in addition to those imposed by the OS.

When asked why it took them a week to notify potentially affected users of the breach, Wilton-Jones explained that it took them some time to determine the extent of the attack and what had actually happened. He also noted that they hoped to follow the notification with the release of a new version of Opera, but that they still haven’t managed to do so because of technical issues.