Tabnapping - Session catching within a time interval
>As the name suggests Simply, Tabnapping word made from the combination of "tab" and "kidnapping".
>This could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs.
>All of the major browsers on Windows and Mac OS X are vulnerable to the attack.
(Can you guess then which OS is more Safe -- correct -- Linux -- It's difficult to grab session in Linux)
>The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert.
>Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on a obfuscated link but instead loads a fake page in one of the open tabs in your browser.
>The exploit employs scripts to rewrite a page of average interest with an impersonation of a famous website, when left open (but minimized) for some time.
>A user when returns after a while and sees the rewritten page may be pretended as to believe the page is legitimate and enter their login, password and other details that will be used for .... you for what ...!!
>The attack works even if you disable your Javascript. Since a "meta refresh" meta element, an HTML attribute can be used for reloading the Tab or change the location of site.
>Prevention : NoScript (https://addons.mozilla.org/firefox/downloads/latest/722/addon-722-latest.xpi?src=dp-btn-primary) Add-on for mozilla may be used for disabling each and every script running on your browser.
(But you may face problems while online gaming if all scripts are disabled)
So use safe browsers like mozilla and be safe while surfing..!!
Don't forget to drop a comment if you liked. :)
>This could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs.
>All of the major browsers on Windows and Mac OS X are vulnerable to the attack.
(Can you guess then which OS is more Safe -- correct -- Linux -- It's difficult to grab session in Linux)
>The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert.
>Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on a obfuscated link but instead loads a fake page in one of the open tabs in your browser.
>The exploit employs scripts to rewrite a page of average interest with an impersonation of a famous website, when left open (but minimized) for some time.
>A user when returns after a while and sees the rewritten page may be pretended as to believe the page is legitimate and enter their login, password and other details that will be used for .... you for what ...!!
>The attack works even if you disable your Javascript. Since a "meta refresh" meta element, an HTML attribute can be used for reloading the Tab or change the location of site.
>Prevention :
So use safe browsers like mozilla and be safe while surfing..!!
Comments
Post a Comment