Ya Sandy, It was a spelling mistake.... sorry for that.
Tabnabbing --- awesome attack, I am much surprised with it. It would be great if we can detect such process proactively. Do you think Anti-Spam / Anti-Phishing softwares will be able to detect it? Cheers, 0xN41K On Sun, Jul 4, 2010 at 1:08 AM, Sandeep Thakur <[email protected]> wrote: > Naik, I assume you would be referring to the latest kind of phishing attack > called as Tabnabbing. > > *Tabnabbing* is a computer exploit and phishing attack, which persuades > users to submit their login details and passwords to popular websites by > impersonating those sites and convincing the user that the site is genuine. > The attack was discovered and named by Aza > Raskin<http://en.wikipedia.org/wiki/Tabnabbing#cite_note-1>a security > researcher and design expert. The attack takes advantage of user > trust and inattention to detail in regard to tabs, and the ability of modern > web pages to rewrite tabs and their contents a long time after the page is > loaded. > The exploit employs script to rewrite a page of average interest with an > impersonation of a well-known website, when left unattended for some time. A > user who returns after a while and sees the rewritten page may be induced to > believe the page is legitimate and enter their password and other details > which will be used for improper purposes. The attack can be made more likely > to succeed if the script checks for well known websites the user has loaded > in the past or in other tabs, and loads a simulation of the same websites. > This attack can be done even if Javascript is disabled, using the refresh > meta element, an HTML attribute used for page redirection that causes a > reload of a specified new page after a given time interval. > > > A Live example can be further be studied and seen here in the below link: > (For education purpose only) > http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ > > > Regards > Sandeep Thakur > > On Sat, Jul 3, 2010 at 2:11 AM, Srinivas Naik <[email protected]>wrote: > >> Hi Geeks, >> >> Today I was browsing keeping my Gmail logged in, while browsing in >> different tabs I came back to my Gmail Tab. >> >> It was asking me to login.....! >> >> Then I left the tab in same way and opened a new browser and tried >> google.com; My session was active with google. >> then I opened Gmail, it automatically to me to my Account. >> >> Later when I was searching..... I came across a New Phishing Attack... * >> "Tababbing*". >> >> >> Please be aware of such attacks. >> >> >> >> Thanks & Regards, >> 0xN41K >> >> -- >> You received this message because you are subscribed to the Google Groups >> "nforceit" group. >> To post to this group, send an email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<nforceit%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/nforceit?hl=en-GB. >> > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
