|
A Mozilla developer
has demonstrated that 'TabNapping' is possible including TabNapping Firefox and
TabNapping IE (Internet Explorer).
What is TabNapping: The TabNapping,
aka TabJacking, seems to occur if a user opens a tab, then a
second tab. Whilst in the second tab, the website in the first tab changes,
to what could be a phishing site for example.
This could be problem since the changed tab could be used to trap user
information if used for Phishing, or perhaps even deliver a more sinister
payload.
This problem is thought to apply to tabbed browsers including TabNapping IE and
TabNapping Firefox. It is thought that some other tabbed browsers may also be
affected.
How to avoid TabNapping:
It is still largely unclear as to how to avoid this
dilemma. We would think that perhaps avoiding changing tabs at
critical times would help. For example if logging into an account then don't
change tabs during the log on-actions-log out time line.
However it is thought that TabNapping could occur even without
opening a second tab, since the TabJacking could occur in the currently
opened tab, before your eyes. So if you looked away then you might not even
notice this.
Other tips include ensuring your SSL is still valid if logged in. Changing
passwords regularly could also help if you have already been a victim.
Also using comprehensive Security Software may
help if this tabjacking technique is used for MalWare for example.
So extreme vigilance will be needed for avoid TabNapping. Hopefully the
browser developers will find a way to prevent this in the near future.
|
