Well, another day another attack! Today's is “Tabnapping.” Aza Raskin describes the attack on his blog. You can read all about it there. The key learning that I get from all of this is summed up in his last paragraph:

This kind of attack once again shows how important our work is on the Firefox Account Manager to keep our users safe. User names and passwords are not a secure method of doing authentication; it’s time for the browser to take a more active role in being your smart user agent; one that knows who you are and keeps your identity, information, and credentials safe.”

Indeed, people are easily fooled into believing a page is what it isn't (via the look of the page, included images and logos, etc. all of which can be forged). However the browser knows where it is sending information and should be able to avoid sending your password to the wrong site.

Copyright © 2009-2023 Jeffrey I. Schiller