Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Can someone explain to me how tabnabbing works?
New Posts  All Forums:Forum Nav:

Can someone explain to me how tabnabbing works?

post #1 of 5
Thread Starter 
I first found out about it here (see point # 12):
http://finance.yahoo.com/family-home...ears-top-scams
Someone showed me the article, and me being the IT guy, I look at the article and get very suspicious of how the hell it could even work. It just doesn't make any sense unless there was a major trojan horse at work.

So I do some basic research and find this:
http://en.wikipedia.org/wiki/Tabnabbing
http://www.azarask.in/blog/post/a-ne...ishing-attack/
http://www.tuaw.com/2010/06/01/prote...om-tabnabbing/

The third article helped enlighten me (I think), even though the 2nd link is run by the guy who apparently coined the term.
If I'm understanding this right, this only works if you have a dubious site already open, and it reloads itself into something completely different that looks like your bank's web site, for example.

The Yahoo article makes it sound like if you're already on your bank's web site, and you navigate to another tab for whatever reason, and then go back to your bank's tab, that tab could have been magically switched by a hacker into a phishing web site looking exactly like your bank. The way I understand it, that would involve someone actively watching what you're doing in your browser, which means you have a nasty unpatched exploit or a trojan horse, and they're somehow able to replace a tab with another looking like the original, without you noticing. Far-fetched to say the least.

Rather, what it is is something much more "harmless" that's just above phishing, whereby a web site, looking unsuspicious, reloads itself into mimicking a web site they want your credentials to, e.g. your bank, PayPal, Facebook and who knows what. I see how that is crafty and cunning and evil, but fail to see how it's worth making such a big deal over.

And it seems to me Yahoo definitely is making it sound a million times worse than it actually is.

What it boils down to, to me at least, is: don't leave a million tabs open in your browser, or be damn sure that the tabs you have open aren't suspicious sites.

Still though, I'm posting this here just to get a few opinions and double check I understood this right. So, did I?
Edited by Shub - 1/5/11 at 2:09pm
post #2 of 5
Sounds like BS to me.

Unless your browser\\computer is compromised and already under the fully control of a hacker it isn't really possible.

Sounds like your standard Hollywood "hackers can always magically reach out and magically access your PC".

EDIT: I re-read it, yes it is kind of possible, but it is the standard "make the page look official and hope some one falls for it" hack.
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
post #3 of 5
Yea I don't see how that would work if you already have the bank page open. You have already initiated your SSL connection, and sent your credentials through. I would hope the bank page is using SSL anyway.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #4 of 5
Quote:
Originally Posted by Thorn-Blade View Post
Yea I don't see how that would work if you already have the bank page open. You have already initiated your SSL connection, and sent your credentials through. I would hope the bank page is using SSL anyway.
If they dont use SSL, might look into a new bank lol
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
post #5 of 5
Thread Starter 
Alright, so I did understand that right.
Thanks guys
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Can someone explain to me how tabnabbing works?