Molotov

Is it just me, or does this seem like it is scarily effective? Or am I just that horrible at computers that I could see myself getting fooled by this? Paging Cart!

http://www.azarask.in/blog/post/a-new-t ... ng-attack/

That's an interesting piece of social engineering there.

Very clever, and yes, potentially very effective.

One possible preventative measure (alluded to in the article) is to use an account manager ("save my login details"), which is less of a security risk than you might think, but obviously not always an option (on computers you share for example, or certain sites - like bnet or banking - you can't use account managers).

From a technical viewpoint, browsers could mitigate the issue by disallowing a change of favicon - Opera already does this (though I suspect more through not implementing it than preventing it), but that's only really half a solution, since a page could load with the gmail icon and the trick would still be effective.

Nah, I think this is a genuinely worrying technique, and deceptively primitive and simple to enact - I can see myself being fooled by this as well, particularly since I often have in excess of 30 tabs open at a time.

Hmm.

NoScript doesn't allow it to work =).

Noraneko wrote:NoScript doesn't allow it to work =).

Best addon I ever got

Noraneko wrote:NoScript doesn't allow it half the web to work =).

...but it is very good if you want to be sure you'll be safe.

Ultimately though, issues like this (and clickjacking, which NS also protects against) are a result of web policy problems - ones that need to be prevented rather than fixing the symptoms.

So, you know, we can stop worrying about them in 5-10 years when we have "braintheft" or "bloodloggers" or something to worry about...

I'd say it's probably closer to 80% of the web... but that's just my "professional" opinion.

is braintheft a thoughtcrime?

Mitra wrote:is braintheft a thoughtcrime?

Only if it's premeditated...

*groan*