Tabnapping Scams Around the Corner?

scamdetect pointed us to an interesting bit of news about a new security risk called tabnapping that was recently outlined by Aza Raskin. The short story is that background tabs are updated with login forms impersonating the sites they originally contained, but hosted by helpful third parties primarily interested in your password. (CT:Original writeup removed at request of submitter)

disabling scripts on unfocused tabs?

[roman_mir]

Maybe it is time for the browsers to take matters more seriously and block any scripts from running in tabs that are not currently in focus.

But this can be done in separate windows too, not just in tabs. In terms of whether this is a new concept, let's just say that I have 'seen' this done 10 years ago to gain access to some chat accounts.

Re:Not exactly.

[WrongSizeGlass]

So his "exploit" is to wait until you are away from HIS tab and then alter HIS tab to look like it is a different site.

Exactly ... but if the 'fake' site checks your browser history for the specific fake login screens they have in their repertoire then they can show one that you have used recently.