Chris
Now you are multiposting your crap again. Go away and take a sabbatical of 20-50
yrs.
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect
"The Real Truth MVP" <trt@void.com> wrote in message
news:i0j5dh$vtf$1@leythos.motzarella.org...
>A Firefox developer is warning of a new kind of phishing attack that preys on
>users' inattention to which tabs they have open in their browsers. The attack is
>perpetrated by JavaScript code in a specially-crafted page. When users have several
>tabs open and are not viewing the site with the malicious code, the code
>surreptitiously changes the destination page after several minutes of inactivity;
>the favicon and title of the page are changed as well. The attack can be made more
>personal by perusing users' browsing histories and making the page appear to be one
>that the user frequents, such as Facebook or a banking login page. When the user
>goes back to the tab, there is a sign-on screen asking for login credentials. The
>vulnerability affects all major browsers that run on Mac OS X and Windows.
>
> How the Attack Works
>
> 1.A user navigates to your normal looking site.
>
> 2.You detect when the page has lost its focus and hasn't been interacted with for
> a while.
>
> 3.Replace the favicon with the Gmail favicon, the title with "Gmail: Email from
> Google", and the page with a Gmail login look-a-like. This can all be done with
> just a little bit of Javascript that takes place instantly.
>
> 4.As the user scans their many open tabs, the favicon and title act as a strong
> visual cue-memory is malleable and moldable and the user will most likely simply
> think they left a Gmail tab open. When they click back to the fake Gmail tab,
> they'll see the standard Gmail login page, assume they've been logged out, and
> provide their credentials to log in. The attack preys on the perceived
> immutability of tabs.
>
> 5.After the user has entered their login information and you've sent it back to
> your server, you redirect them to Gmail. Because they were never logged out in the
> first place, it will appear as if the login was successful.
>
>
>
> The referenced article below gives more details and methods of avoiding being
> tabnabbed. Primarily, if an open tab requests a login when you return to it close
> the tab and go directly to the site.
>
> http://www.computerworld.com/s/artic...?taxonomyId=85
>
>
> --
> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
> *WARNING* Please Do NOT follow any advice given by the Trolls listed
> below. Trolls CAN NOT help you. They latch on to my posts like leeches.
> David H Lipman, Peter Foldes, Barry Schwarz, PA Bear, Leythos.
>
>
>
>
Reply With Quote