This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Is 1Password safe from this new phishing attack?

ltx
ltx Junior Member
edited December 1969 in Mac
A new phishing attack has been developed! As [URL="http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/"]this[/URL] article states:



[QUOTE]A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.[/QUOTE]



[QUOTE]In this attack, the phisher need not even change the Web address displayed in the browser’s navigation toolbar.[/QUOTE]



If a further development modified the address bar and made the trick visually seamless, would 1Password see the site as fraudulent or legitimate? Does 1Password look at the address bar to determine if the site you're on has a saved login, or does it use something more trustworthy?



Thanks.

Comments

  • MartyS
    MartyS AgileBits Customer Care (retired)
    edited December 1969
    To determine the picks for Fill, 1Password relies on what the web browser is telling us about the current URL, not what's on the current HTML page. How that that internal information is impacted by this new attack vector is unclear at best and might be best addressed with Apple (for Safari), Mozilla (for Firefox), ...