New Threat - Tabnabbing. This is scary!

bekdik

Honorary Master
Joined
Dec 5, 2004
Messages
12,860
Article

New Type of Phishing Attack Goes After Your Browser Tab


za Raskin, the creative lead for Firefox, has just posted about a new type of potential phishing attack, dubbed “tabnabbing.” Raskin has a proof-of-concept and an explanation for how this type of attack could work.

Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on a obfuscated link but instead loads a fake page in one of the open tabs in your browser.

Check out this tabnabbing scenario:

* You have a bunch of open tabs in your web browser, an e-mail page, Facebook, your bank account and maybe a bunch of news sites.
* While you’re reading your favorite Mashable (Mashable).com content, the attack is able to hone in on tabs that haven’t been used or aren’t in focus and replace the favicon (the icon in your tab bar) and the title of the tab.
* When you click on that tab, a fake page is loaded in its place, maybe it is loaded to look like a standard login page.
* Because you already had this tab open legitimately before, you don’t bother paying any attention to the URL in the address bar and you enter in your login information.
* You’ve just sent your info to a nefarious third part
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
The most effective solution, then, is to do your banking from only one window, and then close that window once finished.
 

the_don46

Well-Known Member
Joined
Mar 27, 2010
Messages
493
if you still do IB with IE, tabnabbing will be the LEAST of your worries...

Is IE really that bad? Sometimes (and I may be wrong so please educate me, don't get all hostile :) ), but sometimes, people are soooooo Anti-Microsoft that anything else would be better. I like IE8, I've tried using Netscape & Gozilla (?) but still prefer the look & feel of IE8.
 

rorz0r

Executive Member
Joined
Feb 10, 2006
Messages
7,968
Internet banking only works in IE for me. Kinda works in opera but its quicker to just open an IE window and get the job done. Should be fairly safe as there's not much chance for malware to infect IE as it basically only gets used for internet banking.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,155
Is IE really that bad?
Personal opinion: I feel its an unnecessary additional risk. Too many places where nasty stuff can attach itself to IE since a lot of the IE code is used in the OS itself. Most of the other browsers have a clean separation with everything else. So if something goes bad its easier to locate, kill & rebuild....without formatting the OS.

Well then Raskin from Firefox, fix the dam problem...
Exactly. A FF team member should fix the problem then announce his success & do a victory lap.
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
Internet banking only works in IE for me. Kinda works in opera but its quicker to just open an IE window and get the job done. Should be fairly safe as there's not much chance for malware to infect IE as it basically only gets used for internet banking.

Yes, sure, but...

Personal opinion: I feel its an unnecessary additional risk. Too many places where nasty stuff can attach itself to IE since a lot of the IE code is used in the OS itself. Most of the other browsers have a clean separation with everything else. So if something goes bad its easier to locate, kill & rebuild....without formatting the OS.

Agreed, that's why I'll never trust IE. The browser is so deeply integrated with the main OS that malware can slip in unnoticed.
 

Bizkit87

Executive Member
Joined
Apr 3, 2009
Messages
5,254
Is IE really that bad? Sometimes (and I may be wrong so please educate me, don't get all hostile :) ), but sometimes, people are soooooo Anti-Microsoft that anything else would be better. I like IE8, I've tried using Netscape & Gozilla (?) but still prefer the look & feel of IE8.

yeah, IE is REALLY that bad, i'm sure you can google for browser security comparison's. And no, I'm not one of the Microsoft bashers, i just don't trust a product they design that is not their main focus [thus Firefox :p]

but yes, IE can cause you quite a few headaches...
 

the_don46

Well-Known Member
Joined
Mar 27, 2010
Messages
493
yeah, IE is REALLY that bad, i'm sure you can google for browser security comparison's. And no, I'm not one of the Microsoft bashers, i just don't trust a product they design that is not their main focus [thus Firefox :p]

but yes, IE can cause you quite a few headaches...

Okay, good point well put. I guess Firefox is on the download list :)
 
Top