A new type of phishing attack
Is it just me, or does this seem like it is scarily effective? Or am I just that horrible at computers that I could see myself getting fooled by this? Paging Cart!
http://www.azarask.in/blog/post/a-new-t ... ng-attack/
http://www.azarask.in/blog/post/a-new-t ... ng-attack/
Re: A new type of phishing attack
That's an interesting piece of social engineering there.
¯\_(ツ)_/¯ soak rifts or riot ¯\_(ツ)_/¯
- Cartollomew
- I has a monocle (Site Admin)
- Posts:8805
- Joined:22 Aug 2006, 12:11
- Location:Perth
Re: A new type of phishing attack
Very clever, and yes, potentially very effective.
One possible preventative measure (alluded to in the article) is to use an account manager ("save my login details"), which is less of a security risk than you might think, but obviously not always an option (on computers you share for example, or certain sites - like bnet or banking - you can't use account managers).
From a technical viewpoint, browsers could mitigate the issue by disallowing a change of favicon - Opera already does this (though I suspect more through not implementing it than preventing it), but that's only really half a solution, since a page could load with the gmail icon and the trick would still be effective.
Nah, I think this is a genuinely worrying technique, and deceptively primitive and simple to enact - I can see myself being fooled by this as well, particularly since I often have in excess of 30 tabs open at a time.
Hmm.
One possible preventative measure (alluded to in the article) is to use an account manager ("save my login details"), which is less of a security risk than you might think, but obviously not always an option (on computers you share for example, or certain sites - like bnet or banking - you can't use account managers).
From a technical viewpoint, browsers could mitigate the issue by disallowing a change of favicon - Opera already does this (though I suspect more through not implementing it than preventing it), but that's only really half a solution, since a page could load with the gmail icon and the trick would still be effective.
Nah, I think this is a genuinely worrying technique, and deceptively primitive and simple to enact - I can see myself being fooled by this as well, particularly since I often have in excess of 30 tabs open at a time.
Hmm.
Who do you think you are? If you'd stopped winning, you could have been the Biggest Loser, if you gave up, you could have been a Survivor, if you'd stopped reading Orwell, you could have been on Big Brother!
- Dropdeadqt
- Legendary
- Posts:4895
- Joined:05 Nov 2007, 01:27
- Location:Brisbane
Re: A new type of phishing attack
NoScript doesn't allow it to work =).
Re: A new type of phishing attack
Best addon I ever gotNoraneko wrote:NoScript doesn't allow it to work =).
Juke a DK/Warrior, Die Anyway ._.
- Cartollomew
- I has a monocle (Site Admin)
- Posts:8805
- Joined:22 Aug 2006, 12:11
- Location:Perth
Re: A new type of phishing attack
Noraneko wrote:NoScript doesn't allowithalf the web to work =).
...but it is very good if you want to be sure you'll be safe.
Ultimately though, issues like this (and clickjacking, which NS also protects against) are a result of web policy problems - ones that need to be prevented rather than fixing the symptoms.
So, you know, we can stop worrying about them in 5-10 years when we have "braintheft" or "bloodloggers" or something to worry about...
Who do you think you are? If you'd stopped winning, you could have been the Biggest Loser, if you gave up, you could have been a Survivor, if you'd stopped reading Orwell, you could have been on Big Brother!
- Dropdeadqt
- Legendary
- Posts:4895
- Joined:05 Nov 2007, 01:27
- Location:Brisbane
Re: A new type of phishing attack
I'd say it's probably closer to 80% of the web... but that's just my "professional" opinion.
Re: A new type of phishing attack
is braintheft a thoughtcrime?
"Life is no Nintendo game / But you lied again / Now you get to watch her leave / Out the window / Guess that's why they call it window pane" -Eminem 'Love the way you lie' - Award for Excellence in Puns in the medium of Rap 2010
- Cartollomew
- I has a monocle (Site Admin)
- Posts:8805
- Joined:22 Aug 2006, 12:11
- Location:Perth
Re: A new type of phishing attack
Only if it's premeditated...Mitra wrote:is braintheft a thoughtcrime?
Who do you think you are? If you'd stopped winning, you could have been the Biggest Loser, if you gave up, you could have been a Survivor, if you'd stopped reading Orwell, you could have been on Big Brother!
Re: A new type of phishing attack
*groan*
"Life is no Nintendo game / But you lied again / Now you get to watch her leave / Out the window / Guess that's why they call it window pane" -Eminem 'Love the way you lie' - Award for Excellence in Puns in the medium of Rap 2010