Tabnabbing

Posted by on Jul 7, 2010 in Security, Web | 0 comments

Aza Raskin has an interesting article on his blog about tabnabbing.  In summary,  an attacker can use javascript that sits quietly on a page waiting until it is no longer in the foreground (for example when you have switched to another tab in your browser), and then switches to a legit looking phishing page.  For example, you could be reading a blog, switch to another tab to do something else, and then click on a tab that looks like it is a gmail login — when it is in fact a phishing page.

This is yet another example of why passwords are a really bad idea.  However, from a practical perspective, the best thing you can do is to ensure that you have opened a tab yourself before logging in.  If you click to a tab and find yourself at a login screen, close the tab, open a new one, and navigate to the site you want.

Thanks  to Thorin for the link!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>