[Edit: it appears that the site I reference has gone down under the load of people looking at it - I am in no way the only person linking to it and I think the poor guy got slashdotted. It is also referenced here at SANS, and a video here.]
When I can look at a new attack vector and think "oh, CRAP" and "wow, that's really clever!" it's cause for concern. Check out this thing I just found, called "tabnabbing". It changes your tab after a while, to look like the site they want to phish you for.
Say you have a few tabs open, and you click out of the site you're in...while you're not looking, it will turn into something else, something you often use, like Gmail. You'll look at the familiar page and think "Oh, well, Gmail logged me out. Annoying, but it happens," and you'll log in, giving the phisher what he wants. Try it - load the page that explains this exploit, click out of it to another tab, and watch the original tab. Within 5 seconds it will be "Gmail". Look at the URL in the address bar - it's not Gmail at all, but in every other respect it looks exactly like it. That page is benign, as it is an example, but it will clearly display how sneaky this is. This exploit relies on human visual memory and the fact we are creatures of habit. It will work like a charm.
Time to start paying attention to the URLs of pages you already opened. Please spread this around as widely as you can! This. Is. Not. Cool.
..except, in that "respect your enemy" sort of way, it really IS cool.
Rancid Slime and Email Marketing
2 days ago
is there a way to prevent this other than confirming tabs' urls or closing tabs?
Not that Im aware of. Maybe posting to the author of the article would help
If you honestly, until recently thought that came to the regular "divorce." But began to work on our new site and realized that "I went well." Developers - lads,
www.essaywritingservice.org/ paper writing service