For the uninitiated, a story that’s been buzzing lately in the tech community is “Tabnapping”:
A Mozilla user interface specialist has published proof-of-concept code for a new phishing technique, which makes use of morphing browser tabs to trick people into giving away login information.
[via ZDNet]
The key phrase here is proof-of-concept. Nobody’s done this yet outside a lab environment. Think about that for a moment–Is it not possible, or even likely, that by inventing these new attack vectors security researchers are creating a self-fulfilling prophecy? What if nobody would’ve thought of this if the “good guys” hadn’t come up with it first?
To put this into perspective, here’s another “proof-of-concept” where a researcher hacked a Pacemaker with a cell phone and instructed it to fatally shock its owner. The detail of this story that most media coverage unfortunately neglected to mention, however, is that it took him two teams of specialists and four years in a controlled laboratory environment to study how to use household technology to kill the elderly. “Yeah,” you say, “but that sounds really dangerous–someone could kill people undetectably with this method and it’s a miracle that he discovered how vulnerable this technology is.” Consider that someone could also kill a lot of people with a bomb made from household chemicals, but we tend to lock up the ones who try to “innovate” in that context instead of praising them in academic journals.
Subscribe RSS
Follow Me!