It's nice to hear about some new online scam or phishing method, worry slightly because it's really clever, but then realize that I'm actually not exposed to it. Well, not as exposed as I could be.
Here's an explanation of a new type of phishing attack. Basically a tabbed malicious page can tell when it's not in focus, and when you're not looking it will change itself to look like a familiar login screen, Gmail for example.
Distracted users click over to that tab, assume they left Gmail open and enter their credentials without thinking about it.
So why am I not exposed? Or as exposed? 2 reasons:
1) I use No Script, the Javascript and Flash blocker for Firefox. You can block or unblock sites. I have Google unblocked, so if I got a notification that Java or Flash were being blocked that would be a helpful yet easily missed clue that I'm not on the site I think I am.
2) I use an in-browser password management plugin. If my user name and password aren't already entered in the form (and it wouldn't be because the domain has to be right for them to enter information), I'll know something's up.
Three password management plugins I have used (and like):
Xmarks - it's decent, I currently use it for bookmark syncing but not password, though I have used it for pasword syncing with no trouble. Xmarks also allows you to view open tabs on other computers a la Weave.
Mozilla Weave - for Firefox only, it syncs passwords, bookmarks, open tabs and history. I stopped using it as it would regularly lock up my netbook during it's scans/syncs.
LastPass - A fairly secure (I hope) password safe that works with most major browsers, and there's a bookmarklet to use in browsers that don't support it.
No comments:
Post a Comment