NewsTabnabbing: Preying on the Perceived Immutability of Tabs

Tabnabbing: Preying on the Perceived Immutability of Tabs

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Aza Raskin is creative lead at Firefox. In a blog post this week, he described and demonstrated a new phishing technique called “tabnabbing.”

The way it works is that someone with evil in their heart inserts a tiny bit of JavaScript in one of the many tabs you have open in your web browser. The JavaScript detects when a tab has lost its focus and the page hasn’t been interacted with for a while. It then loads a nefarious page – a hook to fish with.

The hook with the fresh worm on it could be a page that looks just like the GMail login screen, or Facebook, or Twitter or your bank’s website.

When you see the page, you just assume you’ve been logged out. You re-enter your login credentials and get tabnabbed.

The fix for this type of attack, Raskin said, is the web browser taking a more active role in protecting the user. This is the type of security problem the Firefox Account Manager is designed to solve.

“User names and passwords are not a secure method of doing authentication; it’s time for the browser to take a more active role in being your smart user agent; one that knows who you are and keeps your identity, information, and credentials safe,” Raskin said.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories