InformationWeek: Beware ‘Tabnappers’ On Phishing Expeditions
The exploit developed by Mozilla’s Aza Raskin involves substituting bogus content on a hidden but open tab page so it appears to be a log-in for an online service. Browser companies need to figure out how to stop it, users need to be wary of entering log-in information in unexpected circumstances.
“Mozilla’s creative lead for Firefox, Aza Raskin, has developed novel phishing attack that Firefox engineers will need address.
Raskin calls the attack “tabnapping” because it can replace the content of a Web page that’s open in an inactive browser tab — and thus isn’t visible at the moment it’s being changed — with a page designed to capture personal information.”
