Developping for the translation industry RSS 2.0



 Tuesday, 06 July 2010

This is an interesting new attack, I just saw a live demo of it here: Tabnabbing: A New Type of Phishing Attack. All you need to do is let the page load, then browse to another tab for more than 5 seconds and you’ll see the favicon change to Gmail and the page will load a Gmail image.

And apparently the use of this attack is on the rise in the wild according to Panda Labs. It’s a pretty interesting phishing attack and although it’s unable to change the URL in the address bar I believe a lot of people rely on visual cues and may not notice the URL doesn’t match the page content.

The use of Tabnapping, the recently-identified phishing technique, is on the rise, says Panda Labs.

Tabnabbing exploits tabbed browser system in modern web browsers such as Firefox and Internet Explorer, making users believe they are viewing a familiar web page such as Gmail, Hotmail or Facebook. Cybercriminals can then steal the logins and passwords when users enter them on the these hoax pages.

According to Panda’s latest Quarterly Report on IT Threats, the technique is likely to be employed by more and more cybercriminals and users should close all tabs they are not actively using.

I think this could be quite effective, especially for the less technical crowd on Facebook and using services like Hotmail and Gmail. It could even extend into targeted localized attacks on online banking systems.

Apparently all browsers are susceptible to this including Chrome, Firefox, Internet Explorer and Opera (on Windows XP anyway). More details in a PC Advisor article here.

Perhaps this is something that can be addressed in Firefox as the person who developed this technique is the Creative Lead for Firefox – Aza Raskin.

 

Other Posts:

Big news in security: 1024-bit RSA encryption cracked!

Google Translator Hacked

Tips to enhance your SQL Server security

How to: Use Active Directory to authenticate users in C#

Tuesday, 06 July 2010 08:40:27 (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Security
Comments are closed.

Navigation
Advertisement
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2017
Stanislas Biron
Sign In
Statistics
Total Posts: 135
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2017, Stanislas Biron