A Firefox developer is warning of a new kind of phishing attack that preys
on users' inattention to which tabs they have open in their browsers. The
attack is perpetrated by JavaScript code in a specially-crafted page. When
users have several tabs open and are not viewing the site with the malicious
code, the code surreptitiously changes the destination page after several
minutes of inactivity; the favicon and title of the page are changed as
well. The attack can be made more personal by perusing users' browsing
histories and making the page appear to be one that the user frequents, such
as Facebook or a banking login page. When the user goes back to the tab,
there is a sign-on screen asking for login credentials. The vulnerability
affects all major browsers that run on Mac OS X and Windows.

How the Attack Works

1.A user navigates to your normal looking site.

2.You detect when the page has lost its focus and hasn't been interacted
with for a while.

3.Replace the favicon with the Gmail favicon, the title with "Gmail: Email
from Google", and the page with a Gmail login look-a-like. This can all be
done with just a little bit of Javascript that takes place instantly.

4.As the user scans their many open tabs, the favicon and title act as a
strong visual cue-memory is malleable and moldable and the user will most
likely simply think they left a Gmail tab open. When they click back to the
fake Gmail tab, they'll see the standard Gmail login page, assume they've
been logged out, and provide their credentials to log in. The attack preys
on the perceived immutability of tabs.

5.After the user has entered their login information and you've sent it back
to your server, you redirect them to Gmail. Because they were never logged
out in the first place, it will appear as if the login was successful.



The referenced article below gives more details and methods of avoiding
being tabnabbed. Primarily, if an open tab requests a login when you return
to it close the tab and go directly to the site.

http://www.computerworld.com/s/artic...?taxonomyId=85

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Please Do NOT follow any advice given by the Trolls listed
below. Trolls CAN NOT help you. They latch on to my posts like leeches.
David H Lipman, Peter Foldes, Barry Schwarz, PA Bear, Leythos.

"The Real Truth MVP" <(E-Mail Removed)> wrote in message
news:i0j55q$tm8$(E-Mail Removed)...
>A Firefox developer is warning of a new kind of phishing attack that
>preys on users' inattention to which tabs they have open in their
>browsers. The attack is perpetrated by JavaScript code in a
>specially-crafted page. When users have several tabs open and are not
>viewing the site with the malicious code, the code surreptitiously
>changes the destination page after several minutes of inactivity; the
>favicon and title of the page are changed as well. The attack can be
>made more personal by perusing users' browsing histories and making the
>page appear to be one that the user frequents, such as Facebook or a
>banking login page. When the user goes back to the tab, there is a
>sign-on screen asking for login credentials. The vulnerability affects
>all major browsers that run on Mac OS X and Windows.
>
> How the Attack Works
>
> 1.A user navigates to your normal looking site.
>
> 2.You detect when the page has lost its focus and hasn't been
> interacted with for a while.
>
> 3.Replace the favicon with the Gmail favicon, the title with "Gmail:
> Email from Google", and the page with a Gmail login look-a-like. This
> can all be done with just a little bit of Javascript that takes place
> instantly.
>
> 4.As the user scans their many open tabs, the favicon and title act as
> a strong visual cue-memory is malleable and moldable and the user will
> most likely simply think they left a Gmail tab open. When they click
> back to the fake Gmail tab, they'll see the standard Gmail login page,
> assume they've been logged out, and provide their credentials to log
> in. The attack preys on the perceived immutability of tabs.
>
> 5.After the user has entered their login information and you've sent
> it back to your server, you redirect them to Gmail. Because they were
> never logged out in the first place, it will appear as if the login
> was successful.
>
>
>
> The referenced article below gives more details and methods of
> avoiding being tabnabbed. Primarily, if an open tab requests a login
> when you return to it close the tab and go directly to the site.
>
> http://www.computerworld.com/s/artic...?taxonomyId=85
>

Thank you for advising of same TRT

If you have time, would you please post to my pals in
alt.politics.scorched-earth?

Cheers

Dave

"~BD~" <(E-Mail Removed)> wrote in
news:i0j6n5$cfc$(E-Mail Removed):

> Thank you for advising of same TRT

Just a public service announcement regarding the idiot pcbutts:

Below is PCButts sig file:

The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Please Do NOT follow any advice given by the Trolls listed
below. Trolls CAN NOT help you. They latch on to my posts like leeches.
David H Lipman, Peter Foldes, Barry Schwarz, PA Bear, Leythos.


Please be aware of the following:


The Real Truth MVP is not listed on the MVP list:

http://mvp.support.microsoft.com/


The web page http://www.ms-mvp.org/ uses Godaddy's stealth
frame-redirection to redirect you to:
http://pcbutts1.com/downloads/tools/tools.htm


Check out "pcbutts" using your favorite search engine.


> If you have time, would you please post to my pals in
> alt.politics.scorched-earth?

What pals Dave?


--
I hate when I just miss a call by the last ring (Hello? Hello?
Damn it!), but when I immediately call back, it rings nine times and
goes to voicemail. What did you do after I didn't answer? Drop the
phone and run away?

BD

You stupid stupid little man. You now proved for the umpteenth time that you have no
brains or a backbone. You friggin 2 faced thief,liar and Troll

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect

"~BD~" <(E-Mail Removed)> wrote in message
news:i0j6n5$cfc$(E-Mail Removed)...
>
> "The Real Truth MVP" <(E-Mail Removed)> wrote in message
> news:i0j55q$tm8$(E-Mail Removed)...
>>A Firefox developer is warning of a new kind of phishing attack that preys on
>>users' inattention to which tabs they have open in their browsers. The attack is
>>perpetrated by JavaScript code in a specially-crafted page. When users have
>>several tabs open and are not viewing the site with the malicious code, the code
>>surreptitiously changes the destination page after several minutes of inactivity;
>>the favicon and title of the page are changed as well. The attack can be made more
>>personal by perusing users' browsing histories and making the page appear to be
>>one that the user frequents, such as Facebook or a banking login page. When the
>>user goes back to the tab, there is a sign-on screen asking for login credentials.
>>The vulnerability affects all major browsers that run on Mac OS X and Windows.
>>
>> How the Attack Works
>>
>> 1.A user navigates to your normal looking site.
>>
>> 2.You detect when the page has lost its focus and hasn't been interacted with for
>> a while.
>>
>> 3.Replace the favicon with the Gmail favicon, the title with "Gmail: Email from
>> Google", and the page with a Gmail login look-a-like. This can all be done with
>> just a little bit of Javascript that takes place instantly.
>>
>> 4.As the user scans their many open tabs, the favicon and title act as a strong
>> visual cue-memory is malleable and moldable and the user will most likely simply
>> think they left a Gmail tab open. When they click back to the fake Gmail tab,
>> they'll see the standard Gmail login page, assume they've been logged out, and
>> provide their credentials to log in. The attack preys on the perceived
>> immutability of tabs.
>>
>> 5.After the user has entered their login information and you've sent it back to
>> your server, you redirect them to Gmail. Because they were never logged out in
>> the first place, it will appear as if the login was successful.
>>
>>
>>
>> The referenced article below gives more details and methods of avoiding being
>> tabnabbed. Primarily, if an open tab requests a login when you return to it close
>> the tab and go directly to the site.
>>
>> http://www.computerworld.com/s/artic...?taxonomyId=85
>>
>
> Thank you for advising of same TRT
>
> If you have time, would you please post to my pals in alt.politics.scorched-earth?
>
> Cheers
>
> Dave

Chris

WTF are you posting a known issue for. Are you trying to recruit new recruits to
your P0rn infected sites. Go away and take a 20-50 yr sabbatical from posting

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect

"The Real Truth MVP" <(E-Mail Removed)> wrote in message
news:i0j55q$tm8$(E-Mail Removed)...
>A Firefox developer is warning of a new kind of phishing attack that preys on
>users' inattention to which tabs they have open in their browsers. The attack is
>perpetrated by JavaScript code in a specially-crafted page. When users have several
>tabs open and are not viewing the site with the malicious code, the code
>surreptitiously changes the destination page after several minutes of inactivity;
>the favicon and title of the page are changed as well. The attack can be made more
>personal by perusing users' browsing histories and making the page appear to be one
>that the user frequents, such as Facebook or a banking login page. When the user
>goes back to the tab, there is a sign-on screen asking for login credentials. The
>vulnerability affects all major browsers that run on Mac OS X and Windows.
>
> How the Attack Works
>
> 1.A user navigates to your normal looking site.
>
> 2.You detect when the page has lost its focus and hasn't been interacted with for
> a while.
>
> 3.Replace the favicon with the Gmail favicon, the title with "Gmail: Email from
> Google", and the page with a Gmail login look-a-like. This can all be done with
> just a little bit of Javascript that takes place instantly.
>
> 4.As the user scans their many open tabs, the favicon and title act as a strong
> visual cue-memory is malleable and moldable and the user will most likely simply
> think they left a Gmail tab open. When they click back to the fake Gmail tab,
> they'll see the standard Gmail login page, assume they've been logged out, and
> provide their credentials to log in. The attack preys on the perceived
> immutability of tabs.
>
> 5.After the user has entered their login information and you've sent it back to
> your server, you redirect them to Gmail. Because they were never logged out in the
> first place, it will appear as if the login was successful.
>
>
>
> The referenced article below gives more details and methods of avoiding being
> tabnabbed. Primarily, if an open tab requests a login when you return to it close
> the tab and go directly to the site.
>
> http://www.computerworld.com/s/artic...?taxonomyId=85
>
> --
> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
> *WARNING* Please Do NOT follow any advice given by the Trolls listed
> below. Trolls CAN NOT help you. They latch on to my posts like leeches.
> David H Lipman, Peter Foldes, Barry Schwarz, PA Bear, Leythos.
>
>
>
>