Aza Raskin reports of a Javascript new tool in the phishing scammer’s arsenal that allows a phishing site opened in a tab in your web browser to change its content after focus is lost on that tab. A user opens the site in a tab, leaves it, and after a few seconds, it looks just like his gmail site that he needs to log into again. This attack could be combined with other types of attacks designed to detect browser history so that the site that appears will seem normal to the end user.
Using the NoScript plugin in Firefox is probably one of the best ways to avoid this trap, though I’m still trying to decide whether this provides some true, additional danger or is simply an interesting novelty. Regardless, it does take advantage of our tendency to have so many things open in our browser at one time that it would be easy to think that we actually DID open that Gmail page and simply forgot about it. I have seen end users with up to 30-40 tabs open at the same time.
I’ll probably be saying more about this as I have a look at the Javascript source that Raskin provides on his site.
David H.