Aza Raskin, Creative Lead for Firefox @ Mozilla, has outlined a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in a tab to change the content of that tab after a period of inactivity. This "behind your back" switch could trick a user into giving up important information to a malicious site.
Some media outlets has reported this to be a "cross-tab manipulation type attack", but in reality the "malicious" tab is only changing itself after a period of inactivity....thus it *is not* changing a completely different tab. This is a very important distinction.
Users that commonly open a large number of tabs could easily lose track of where that "Gmail" tab was...and thus fall victim to this type of attack.
Moral of the Story: Watch your tabs and always check URLs
Hat-tip to Threatpost.com
----------------------------------------------
Original Researcher's Blog
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
Video Demo of the Attack
http://threatpost.com/en_us/blogs/new-phishing-attack-exploits-tabbed-browsing-052510
No comments:
Post a Comment