New Threat - Tabnabbing. This is scary!

bekdik · May 26, 2010

Article

New Type of Phishing Attack Goes After Your Browser Tab

za Raskin, the creative lead for Firefox, has just posted about a new type of potential phishing attack, dubbed “tabnabbing.” Raskin has a proof-of-concept and an explanation for how this type of attack could work.

Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on a obfuscated link but instead loads a fake page in one of the open tabs in your browser.

Check out this tabnabbing scenario:

* You have a bunch of open tabs in your web browser, an e-mail page, Facebook, your bank account and maybe a bunch of news sites.
* While you’re reading your favorite Mashable (Mashable).com content, the attack is able to hone in on tabs that haven’t been used or aren’t in focus and replace the favicon (the icon in your tab bar) and the title of the tab.
* When you click on that tab, a fake page is loaded in its place, maybe it is loaded to look like a standard login page.
* Because you already had this tab open legitimately before, you don’t bother paying any attention to the URL in the address bar and you enter in your login information.
* You’ve just sent your info to a nefarious third part

SulkySue · May 26, 2010

Well then Raskin from Firefox, fix the dam problem...

Carbon_Fibre · May 26, 2010

scareeeeeeeeeeeeeee

the_don46 · May 26, 2010

Will it affect IE?

Bizkit87 · May 26, 2010

the_don46 said:
Will it affect IE?

if you still do IB with IE, tabnabbing will be the LEAST of your worries...

The_Unbeliever · May 26, 2010

The most effective solution, then, is to do your banking from only one window, and then close that window once finished.

The_Unbeliever · May 26, 2010

the_don46 said:
Will it affect IE?

what? braindead IE?

I refuse point-blank to do any banking in IE unless the braindead bank's braindead IT systems only support braindead IE and not anything else.

the_don46 · May 26, 2010

Bizkit87 said:
if you still do IB with IE, tabnabbing will be the LEAST of your worries...

Is IE really that bad? Sometimes (and I may be wrong so please educate me, don't get all hostile

), but sometimes, people are soooooo Anti-Microsoft that anything else would be better. I like IE8, I've tried using Netscape & Gozilla (?) but still prefer the look & feel of IE8.

rorz0r · May 26, 2010

Internet banking only works in IE for me. Kinda works in opera but its quicker to just open an IE window and get the job done. Should be fairly safe as there's not much chance for malware to infect IE as it basically only gets used for internet banking.

HavocXphere · May 26, 2010

the_don46 said:
Is IE really that bad?

Personal opinion: I feel its an unnecessary additional risk. Too many places where nasty stuff can attach itself to IE since a lot of the IE code is used in the OS itself. Most of the other browsers have a clean separation with everything else. So if something goes bad its easier to locate, kill & rebuild....without formatting the OS.

SulkySue said:
Well then Raskin from Firefox, fix the dam problem...

Exactly. A FF team member should fix the problem then announce his success & do a victory lap.

The_Unbeliever · May 26, 2010

rorz0r said:
Internet banking only works in IE for me. Kinda works in opera but its quicker to just open an IE window and get the job done. Should be fairly safe as there's not much chance for malware to infect IE as it basically only gets used for internet banking.

Yes, sure, but...

HavocXphere said:
Personal opinion: I feel its an unnecessary additional risk. Too many places where nasty stuff can attach itself to IE since a lot of the IE code is used in the OS itself. Most of the other browsers have a clean separation with everything else. So if something goes bad its easier to locate, kill & rebuild....without formatting the OS.

Agreed, that's why I'll never trust IE. The browser is so deeply integrated with the main OS that malware can slip in unnoticed.

Bizkit87 · May 26, 2010

the_don46 said:
Is IE really that bad? Sometimes (and I may be wrong so please educate me, don't get all hostile ), but sometimes, people are soooooo Anti-Microsoft that anything else would be better. I like IE8, I've tried using Netscape & Gozilla (?) but still prefer the look & feel of IE8.

yeah, IE is REALLY that bad, i'm sure you can google for browser security comparison's. And no, I'm not one of the Microsoft bashers, i just don't trust a product they design that is not their main focus [thus Firefox

]

but yes, IE can cause you quite a few headaches...

the_don46 · May 31, 2010

Bizkit87 said:
yeah, IE is REALLY that bad, i'm sure you can google for browser security comparison's. And no, I'm not one of the Microsoft bashers, i just don't trust a product they design that is not their main focus [thus Firefox ]

but yes, IE can cause you quite a few headaches...

Okay, good point well put. I guess Firefox is on the download list

New Threat - Tabnabbing. This is scary!

bekdik

Honorary Master

SulkySue

Banned

Carbon_Fibre

Expert Member

the_don46

Well-Known Member

Bizkit87

Executive Member

The_Unbeliever

Honorary Master

The_Unbeliever

Honorary Master

the_don46

Well-Known Member

rorz0r

Executive Member

HavocXphere

Honorary Master

The_Unbeliever

Honorary Master

Bizkit87

Executive Member

the_don46

Well-Known Member