September 20, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Tabnabbing: Preying on the Perceived Immutability of Tabs

  • May 25, 2010
  • By Developer.com Staff

Aza Raskin is creative lead at Firefox. In a blog post this week, he described and demonstrated a new phishing technique called "tabnabbing."

The way it works is that someone with evil in their heart inserts a tiny bit of JavaScript in one of the many tabs you have open in your web browser. The JavaScript detects when a tab has lost its focus and the page hasn't been interacted with for a while. It then loads a nefarious page - a hook to fish with.

The hook with the fresh worm on it could be a page that looks just like the GMail login screen, or Facebook, or Twitter or your bank's website.

When you see the page, you just assume you've been logged out. You re-enter your login credentials and get tabnabbed.

The fix for this type of attack, Raskin said, is the web browser taking a more active role in protecting the user. This is the type of security problem the Firefox Account Manager is designed to solve.

"User names and passwords are not a secure method of doing authentication; it's time for the browser to take a more active role in being your smart user agent; one that knows who you are and keeps your identity, information, and credentials safe," Raskin said.


View Article



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel