Those hackers. They’re just getting smarter all the time. Aza Raskin, the creative lead for Firefox, gives us the latest version of “trickier than you”.
Have you ever had a few tabs open in your Firefox, went away for a bit and then forgotten what you were looking at in the first place? This is exactly what Raskin is showing as a target scenario.
Let’s say you’re browsing a few channels here on TNW, and you look up to realize that a tab is open to your Gmail. So, of course you’re going to click the tab and login, then be taken directly to your gmail account. No harm done, eh?
Right. Except that you just gave your login information to a phisher.
Raskin goes on to explain how a simple sniffer of CSS files can show off a breadcrumb trail of where you’ve visited, such as Twitter, your bank or otherwise. Dangerous ground, to say the least.
Google is chiming in about the situation, as Aza has been having a discussion over Twitter with Matt Cutts, Google’s webspam guru.
Clearly Googlers recognize the value in understanding how white-hat hacking works. According to Cutts:
the next step would be to only bait-and-switch the page/favicon if you could detect that more than >N browser tabs were open..
Though you can rest easy…for now. Raskin replies that he’s not certain how he’d go about implementing Cutts’ idea, expounding by saying that
I can’t think of anyway to detect the number of tabs currently open — although perhaps heuristically. Good call, though.
Do yourselves a favor, folks. Make certain that you’re using a browser that diligently looks for and warns you about phishing attacks. Then take your security one step further by using antivirus and anti-malware software. By now, it should go without saying.