serutan
msg:4141274 | 4:35 am on May 27, 2010 (gmt 0) |
Clever. Many people wouldn't bother to look up at the address bar.
|
J_RaD
msg:4141921 | 3:01 pm on May 27, 2010 (gmt 0) |
wow that is slick, the web page is saying hey nobody is looking lets make a quick swtich.
The article does say Chrome is affected.
|
jecasc
msg:4141966 | 3:39 pm on May 27, 2010 (gmt 0) |
| The article does say Chrome is affected. |
|
Haha, seems Chrome "fixed" the issue of not being affected with an update recently.
|
weeks
msg:4142899 | 2:16 pm on May 28, 2010 (gmt 0) |
Do watch the demo video. Very clear how this is a very serious issue.
|
mack
msg:4143172 | 7:10 pm on May 28, 2010 (gmt 0) |
This is a worry. Anyone could fall into that trap
Mack.
|
soluml
msg:4143190 | 7:39 pm on May 28, 2010 (gmt 0) |
This is the first Phishing attack in a long time that has me worried. The evidence is mounting for me to give in and install Noscript on Firefox.
|
Bewenched
msg:4143245 | 9:29 pm on May 28, 2010 (gmt 0) |
Wow .. that is very slick... and very scary!
|
physics
msg:4143254 | 9:48 pm on May 28, 2010 (gmt 0) |
My strategy is still to use one browser exclusively for very secure things and never for anything else - seriously reduces the risk of things like this happening.
|
sgietz
msg:4143273 | 10:08 pm on May 28, 2010 (gmt 0) |
Many people I know keep their Gmail window open all day, so I'm guessing that will be a primary target.
This is as brilliant as it is scary!
|
sgietz
msg:4143276 | 10:13 pm on May 28, 2010 (gmt 0) |
Bring back IE 6 with no tabs :P
|
lucylover
msg:4143338 | 1:33 am on May 29, 2010 (gmt 0) |
nice ~ wonderful
|
tangor
msg:4143357 | 2:09 am on May 29, 2010 (gmt 0) |
Heads up for FF running NoScript... it has been updated to prevent this...
|
jkovar
msg:4143630 | 5:56 pm on May 29, 2010 (gmt 0) |
Firefox users need an extension that causes the address bar to flash red if the content of the page has changed between the time they moved to a new tab and when they came back to the tab.
|
BillyS
msg:4143769 | 1:15 am on May 30, 2010 (gmt 0) |
That's very cool.
|
Sgt_Kickaxe
msg:4143811 | 6:22 am on May 30, 2010 (gmt 0) |
It would be more cool if tabs not in use were locked, as if someone pressed the little red x, unless that option is turned off by choice.
|
tangor
msg:4143834 | 7:47 am on May 30, 2010 (gmt 0) |
I am 1990s folk... I have ONE tab open at any time, and the second--when I opt for it--only open long enough to see that contents. There is a drawback to too many processes in use. Looking at this from the user side. And also seeing it from the giggle (sic) side as only small processes in use at any time expanded across multiple (x) processes (not processors) to get a job done.
Meanwhile commonsense is applied: if you only have one tab open, there's no way this newly discovered event can work against the user. Regardless of browser...
Reminded of those elder daze (sic) when multitasking was first introduced. And failures and reboots and... how cool is it that what has gone before comes back around to bite us in the arse? YMMV.
|
thecoalman
msg:4143959 | 4:07 pm on May 30, 2010 (gmt 0) |
| Firefox users need an extension that causes the address bar to flash red if the content of the page has changed between the time they moved to a new tab and when they came back to the tab. |
|
They need to lock the content on the tab or something like that. A flashing tab wouldn't work on my banks site because it logs you out after x minutes of inactivity. A flashing tab would not be anything out of the ordinary.
|
trillianjedi
msg:4143998 | 6:16 pm on May 30, 2010 (gmt 0) |
Oh that's utterly brilliant :)
Mega-slick.
|
MatthewHSE
msg:4144338 | 1:21 pm on May 31, 2010 (gmt 0) |
Consistent use of a good password manager, such as LastPass, should prevent this sort of attack since they would be looking at the actual URL of the page, not the appearance.
|
TheWhippinpost
msg:4147021 | 5:23 pm on Jun 4, 2010 (gmt 0) |
Try NOT switching to another tab - it still refreshed/redirected after 5 secs (at least in Maxthon 1).
|
sonjay
msg:4147521 | 10:49 pm on Jun 5, 2010 (gmt 0) |
| My strategy is still to use one browser exclusively for very secure things and never for anything else - seriously reduces the risk of things like this happening. |
|
That's exactly what I started doing after I first became aware of cross-site scripting attacks. I use one browser and one browser only for bank logins, PayPal, brokerage accounts, affiliate accounts -- all financial sites and other sites of all types where there's a strong need for security. I never use that browser to visit any other sites. Then there are all the other browsers I have and use -- they're never used for any important logins.
If the "wrong" browser was suddenly showing me a login page for one of those accounts, it would immediately send up red flags.
|
|
