Tabnabbing - Security Boulevard


As described by Aza Raskin, tabnabbing goes like this: when a simple JavaScript detects that the user has moved to another browser tab or has been inactive for some time, a URL in an open tab of the browser is changed to a phishing site

Tabnabbing is a kind of phishing. It’s basically a computer exploit which entices the user to submit his login details and password to a known website by imitating those sites. The attack takes advantage of the trust of victim and and the ability of modern web pages to rewrite tabs and their contents for a long time after the page has been loaded.

Most of us who are webmasters, i.e. people who do website development stuff, know how Google indexing is done. Others might not have that information, though, so let me explain first.

How does any website results appear in Google search results? You’ve made the website, but how does Google know about it? Search engines use spider and crawler software over the web to index the new websites or latest changes in the existing websites in order to give users the best, latest results. The indexing of the website depends on a file which is at the root level of all web hosting websites. If it’s not present, Google treats it as full index.

Most people think that the robots.txt file is used to tell Google to index your website, but actually the robots.txt file is used to tell Google what you want to index from your website and what you don’t want indexed. The robot file allows full indexing, i.e. all files are indexed, even password and database files. Woo!

Now here comes the interesting part. Most of the hackers use free web hosting websites to run the (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Sayaala. Read the original post at: