Friday, September 12, 2014

Fwd: [cap-talk] A new type of phishing attack



Sent from my iPhone

Begin forwarded message:

From: Sandro Magi <smagi@higherlogics.net>
Date: September 12, 2014 at 9:33:18 EDT
To: "General discussions concerning capability systems." <cap-talk@mail.eros-os.org>
Subject: [cap-talk] A new type of phishing attack
Reply-To: "General discussions concerning capability systems." <cap-talk@mail.eros-os.org>

Interesting new phishing idea:

http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

Basically exploiting a typical user's workflow where they have multiple tabs open. This highlights the real need for a functional petname system.

As a trivial countermeasure, I wonder if it's really necessary for JavaScript to run on inactive tabs.

Sandro

_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk