Most Internet users know to watch for the signs of a traditional phishing attack: an email that asks you to click on a link and enter your e-mail or banking credentials at the resulting Web site. But a new phishing concept that exploits user inattention and trust in browser tabs is likely to fool even the most security-conscious Web surfers.

As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.

Consider the following scenario: someone has six or seven tabs open, and one of the sites he has open (but not the tab currently being viewed) contains a script that waits for a few minutes or hours, and then quietly changes both the content of the page and the icon and descriptor in the tab itself so that it appears to be the login page for his favourite forum.

In this attack, the phisher need not even change the Web address displayed in the browser’s navigation toolbar. Rather, this particular phishing attack takes advantage of user trust and inattention to detail, or what Raskin calls “the perceived immutability of tabs.” Then, as the user scans their many open tabs, the favicon and title act as a strong visual cue, and the user will most likely simply think they left a Gmail tab open.

“When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in,” Raskin explained. “After the user has enter they have entered their login information and sent it back your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

It’s important to keep in mind that this attack could be used against any site, not just some forum. Also, Raskin includes a few suggestions about how this attack could be made far sneakier, such as taking advantage of CSS history attacks.

In digital media, a popular path of actualising a sheltering mechanism versus piracy is to practice a watermark to the delivery medium such that it becomes very tough to reproduce that mark into an illegitimate replicate. The software's carrying out is ended in case the mark is broken or can not be found due - at runtime - confirmation code ensures if the software is being run from the original distribution medium, or not. Comparable techniques were also researched for program protection, it is the so-called software protection through watermarking.

Copyright infraction is not a minor problem in the software industry. The lawful holder of the copyright frequently differs from the genuine creator of the merchandise. Also, techniques - e.g. watermarking - enforcing the utilisation of a software according to the correspondent license conditions are exigent because such measures are associated to resolving the uncertainties of online merchandising.

Vendors watermark a program by implementing unique identifiers. It maintains ownership to the legitimate owner. But, this processing can as well serve to track down the cracker after the illegal act. Indeed, software watermarking scares the hacker from copyright infringement by raising the possibility of getting captured. All matters put together, it does not inevitably prevent infringement of copyright. It must be mentioned watermarking is not a painless method, rather the contrary. Most other existing anti reverse engineering techniques are effortless to apply though their strength in forestalling cracking is oft doubtful. Additionally, nowadays, numerous applications are delivered in formats that are easy to plagiarise - see Microsoft Intermediate Language and Java Bytecode - so that as well in the case of watermarking, the cracker could decompile or study the source code under disassembler and/or debugger to situate and get rid of all remains of the method.

A unique identifier is embedded in the software data through software watermarking. This processing is similar to the methods applied in digital media watermarking. A unique identifier is embedded into the data from video, audio or images - the watermark - so that it can be recollected for intentions of proof of origination. The difference is that the implementing must be executed without spoiling the software data.

So, it does not determine digital media in a manner that it turns observant to users when overwriting modest totals of information. Software watermarking expects particular methods though because this needs a watermarking method not spoiling the natural workflow of the software.

Tracing the source of the unlawful action or relating a certain copy to the original client, necessitates a fingerprint rather than the familiar watermark. E.g., developer A sells a copy of his program to customer B. Before sending out the copy to B, A embeds a unique identifier - i.e. B's creditcard number - in the program. Now, if the developer receives a copy of his program which is dubious to be cracked, he extracts the watermark - in this instance named a fingerprint - through usage of his secret key. Because the fingerprint is B's creditcard number, A can prove that B is chargeable of copyright infringement.

In regard to software security, there are two overall categories of watermarking algorithms, static and dynamic. A dynamic algorithm trusts on information collected during executing of the program to apply or extract the watermark. Static algorithms only examine the code and information of the program on disk. There are few reviews describing the implementation of these algorithms. A variety of software watermarking techniques have been inquired though. Notice there are fewer dynamic watermarking algorithms than static because it is easier to obliterate in binary source code on disk than at runtime. A watermark must be easily recoverable by the creator of the program. Yet, it is not uncommon to state software watermarking systems provide a hidden form of protection against reversing because the watermark stays frequently unremarked during piracy attempts. The watermark in a software may even be left unknowingly alone during reversing attacks!

Watermarks are rather flexible. They often outlive illegitimate attacks of removal. Static watermarking techniques are said to be less secret and less flexible than dynamic watermarks, however, reports demonstrate they put up no powerful disfavour in driving back the attacker.

For a businesses in program programming, the interior value from trademarked products, but also from inventions and technologies, even from refreshing ideas and vision, score for approximately three quarters of its total market value. Computer Software is regarded a precious intellectual property, containing recognition as an important long term esteem. Thus, a major concern for computer software companies exists in all forms of piracy, forgery, patent infringement and theft of source code.

Hardly a few systems can be practiced - in a relatively solid fashion - to forestall piracy. An instance is server-side executing of software, one more is encryption where the total decryption/execution process takes place in specific computer hardware. Those options both put up good security against piracy. Indeed, the reverse engineer sustains a profound problem even reaching the code. Still, there are some essential downsides to these methods. Server-side execution performs worse than if operated locally and hardware execution necessitates the end user to have proper hardware. There are more security choices disposable though, one of which is code obfuscation. Even so, code obfuscation is rather a manner of making piracy economically unworkable in terms of time and resources required. Sure, the used methods should be effective to fend off attempts with deobfuscator tools.

To forestall plagiarism and to safeguard a registration function in a program, a possible solution consists in obfuscating the software. In fact, the aim of code obfuscation is making it tougher to read, translate and reverse engineer the code, it is done by transmuting the code but while entirely preserving the functionality of the program.

A painful fallout of obfuscating transformations is oftentimes a larger and slower resulting software. Thus, the developer should make sure the gain in security is worth this extra operating cost.

Code obfuscation methods can be divided in three categories. All are known for a matching mapping between the obfuscation type and the transformation type. It signifies that source code obfuscation makes transformations to the source code, bytecode obfuscation to the bytecode and binary obfuscation to the binary code.

Dotnet and Java programs are spread in architecture-independent formats. Such tools contain a great deal of the same data as the source code. Their compilation in intermediate code instead of native code, constitutes them much less complicated to crack because decompilation into the source code is nearly elementary.

Binary code obfuscation is sometimes also denoted to as code morphing because it obfuscates the machine language or object code rather than source code. Binary code obfuscation methods transform code at binary level, so in the compiled executable. The technology incorporates several hundreds of particular code translation forms, besides encrypted layers and virtual machine alike commands. Binary code obfuscation transmutates clean assembler instructions into a nearly impenetrable mess, extra conditional instructions purpose to distract from the normal codeflow. To deliver a correct disassembly and/or analysis becomes impossible, even for the solidest disassembler tools.

However, code obfuscation is an ambiguous weapon and it is oft used to hide the actual function of all sorts of malware. Likewise, spammers obfuscate scripts to cover the destination of links because they have long realised too that obfuscating code is great in hiding tricks, scripting attacks and web browser exploits.

Malign software is commonly written in assembler. It is done to find utmost control. Therefore, protection software analysts must examine a software at binary code and/or assembler level, it can be quite a problem to fight against and through such obfuscated code.