FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Tabnabbing - Attacks and preventions





davidv
I have to make a short presentation to a couple students this Friday about tabnabbing, specifically about how it's used in attacks and methods to prevent it.

http://en.wikipedia.org/wiki/Tabnabbing

I have a general idea of how it works and I've spent a decent amount of time researching the topic but I don't feel completely confident with it. If anyone has had any experiences with tabnabbing and knows some useful resources online, I'd gladly appreciate it if you could share. Very Happy
foumy6
yes you wouldnt beileve how many people fall for simple scams like phishing it is very sad.
lightwate
I read the definition, and wow. That could really fool a lot of people. I'm surprised it's only coined at around the year 2010. And I can't believe I just found out about that method today.

Anyway, I had some experience with something like that, but not exactly like that. There are apps in facebook that redirects you to some kind of facebook login page that's exactly the real thing. (but of course, the url in the address bar is different) Once you enter your info, you're phished.

a little offtopic: is there a way to change the url in the addressbar without redirecting the page? if so, then that's a real problem.
davidv
I've seen demonstration videos that tested this attack on some of the popular web browsers (if I can find the link to them, I'll post it). The only browser that didn't pass the test was IE but it's not like we all didn't know IE sucked anyway. I'm saddened to see that 22.9% of user base still uses IE, http://www.w3schools.com/browsers/browsers_stats.asp

Quote:
That could really fool a lot of people. I'm surprised it's only coined at around the year 2010. And I can't believe I just found out about that method today.


According to a couple guys at StackOverflow, it's quite an old attack and nothing to get alarmed over. I've only just heard about it 2 weeks ago myself, never experienced something like this, only phishing websites. http://stackoverflow.com/questions/3077661/how-to-defend-against-tabnabbing

Quote:
yes you wouldnt beileve how many people fall for simple scams like phishing it is very sad.


Yes, some social engineering attacks are incredibly obvious to spot out. Although, this attack if still possible, I reckon has a higher probability to succeed. Especially during those all-nighters when you're half asleep and not fully conscious.
ankitdatashn
davidv wrote:
I have to make a short presentation to a couple students this Friday about tabnabbing, specifically about how it's used in attacks and methods to prevent it.

http://en.wikipedia.org/wiki/Tabnabbing

..........


I had made this blog a couple of years back maybe if this could help you in any way:
http://www.safetyaware.blogspot.com/

Also I made a fake orkut page to tell orkut users that how they can be deceived hence should stay protected, it's another matter that I faced abuses because people thought I am stealing their passwords. Neutral

Awaring people and you face brickbats... Sad
davidv
ankitdatashn wrote:
I had made this blog a couple of years back maybe if this could help you in any way:
http://www.safetyaware.blogspot.com/


Thanks for the link. Unfortunately there wasn't anything in there that I didn't already know beforehand.

So if anyone is still interested in tabnabbing, these are the slides I'll be using for my presentation. It's only 15mins and there aren't many slides.

http://www.ug.it.usyd.edu.au/~dvuo6720/info2315/assignment/assignment3/presentation.pdf
Related topics
Novell acquires Linux security company
The Unofficial Jokes Thread
Beware How You Google !!!
Pharming VOiP
Mexican president again attacks U.S. plans to build border f
Best way to prevent SQL injection attacks
protecting mysql databases from sql injection attacks
Recent attacks on Schools
France prepares 50,000 riot police for attacks
Scottish Smoking Ban Leads to Huge Drop in Heart Attacks
al-Jazeera Poll: 54% Agree With Algerian Suicide Attacks..
PAK SUICIDE ATTACKS
we condemn Mumbai attacks
Heart attack
Reply to topic    Frihost Forum Index -> General -> General Chat

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.