Comments on: Devious New Phishing Tactic Targets Tabs

By: Mitchell Allen

Mitchell Allen — Thu, 14 Jul 2011 10:00:42 +0000

Same thing happened to me. Rest assured, though, if it can be figured out, the bad guys will do it.

Raskin admitted he was being lazy. Imagine if he devoted a bit more energy to it.

Cheers,

Mitch

Like or Dislike: 0 0

By: Tony Smit

Tony Smit — Sat, 04 Jun 2011 01:38:47 +0000

I am running Firefox from an Ubuntu Live CD and the webpage transitioned to the fake Google page – with no warning from Firefox that the webpage had changed, and I had already set that option to warn me before I had begun browsing.

Edit > Preferences > Advanced > Warn me when websites try to redirect or reload the page

And I know that setting works because it has reported on two of my favorite websites.

This tells me all the data for the webpage is already loaded, and one set of data-to-be-displayed is exchanged for another set in the tab.

The only option is to close the tab if I ever see a log in page on an old tab or window.

Like or Dislike: 1 0

By: nemo

nemo — Mon, 23 May 2011 18:24:46 +0000

I think you misunderstand.
It isn’t one tab modifying another tab, it is one tab modifying itself.

The non-javascript version is just a delayed redirect.

Something like.
Load innocent blog w/ fun article. Go somewhere else.
Blog redirects itself much later to gmail look-alike page, including favicon. You forget you were reading the blog, assume it was a gmail tab you left open, and don’t bother looking at the url line.

Like or Dislike: 0 0

By: Blah Blue

Blah Blue — Thu, 05 May 2011 22:16:57 +0000

Doesn’t work 100% as well as it does without NoScript seeing as i just tried it and it wouldn’t change to the gmail image until the 2nd time i open a new tab to the Proof of Concept link or while i was still looking at the page making it practically useless to fool someone

Like or Dislike: 1 0

By: Alf Igel

Alf Igel — Sat, 30 Apr 2011 20:30:07 +0000

Who is implementing code into Firefox to enable a page to alter anything on an other tab? And why are they doing this?
One main reason for attacks happening is software allowing attacks due to functions that 99.9% of all user would never miss. Same for Word, Excel and all the other software that has functions that pose more danger and threat than any use.

Like or Dislike: 2 1

By: omar nabi

omar nabi — Thu, 31 Mar 2011 00:33:45 +0000

Hidden due to low comment rating. Click here to see.

Poorly-rated. Like or Dislike: 0 7

By: ZVRichard

ZVRichard — Sat, 19 Feb 2011 19:45:30 +0000

Hidden due to low comment rating. Click here to see.

Poorly-rated. Like or Dislike: 0 16

By: Fuzzy

Fuzzy — Tue, 08 Feb 2011 17:05:18 +0000

I opt to calling it Tabtaping

Like or Dislike: 0 3

By: Shyloh Jacobs

Shyloh Jacobs — Wed, 12 Jan 2011 17:35:57 +0000

Oh the world is getting more devious every day! Thank you for this article I found it helpful. I am currently considering hiring a virtual cfo but I think I will just stick to the person to person relations. I think computers may be taking things a little to far soon we won’t even need to leave the house for anything!

Like or Dislike: 1 0

By: Brandon Bachman

Brandon Bachman — Sat, 13 Nov 2010 16:45:56 +0000

Why redefine what nabbing even means?

My vote goes to tabjacking. Tab hijacking.

Well-loved. Like or Dislike: 8 2