<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Simon,</p>
    <p>This vulnerability is one of these that Google don't seem to care
      about - see this article:</p>
    <p><a class="moz-txt-link-freetext" href="https://sites.google.com/site/bughunteruniversity/nonvuln/phishing-with-window-opener">https://sites.google.com/site/bughunteruniversity/nonvuln/phishing-with-window-opener</a></p>
    <p>So, for the taxonomy -  the attack is called "reverse
      tabnabbing"  - feel free to create and author an OWASP Wiki page.
      I have found quite a lot of reference material by doing a search
      on Google.<br>
    </p>
    <p>Regards,</p>
    <p>Sam</p>
    <pre class="moz-signature" cols="72">-- 

Sam Stepanyan
OWASP London Chapter Leader
<a class="moz-txt-link-abbreviated" href="mailto:sam.stepanyan@owasp.org">sam.stepanyan@owasp.org</a>
<a class="moz-txt-link-freetext" href="https://www.owasp.org/index.php/London">https://www.owasp.org/index.php/London</a>
Follow OWASP London Chapter on Twitter: @owasplondon 
"Like" us on Facebook: <a class="moz-txt-link-freetext" href="https://www.facebook.com/OWASPLondon">https://www.facebook.com/OWASPLondon</a>

Consider giving back and supporting the open community by becoming an OWASP member today!
</pre>
    <div class="moz-cite-prefix">On 13/02/2018 18:10, psiinon wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAORxfg6M6tMcfjc2ODQaFbA5vt_rRO78Ly5iFWpGL5vOVzgc+w@mail.gmail.com">
      <div dir="ltr">
        <div>
          <div>
            <div>
              <div>
                <div>
                  <div>Leaders,<br>
                    <br>
                  </div>
                  We've just added a ZAP passive scan rule for detecting
                  unsafe links which use a target of '_blank' and dont
                  use either 'noopener' or 'noreferer' in the 'rel'
                  attribute.<br>
                </div>
                I was somewhat disappointed not to find an OWASP wiki
                page that we could refer to.<br>
              </div>
              I think we should have something for it on the wiki, maybe
              a 'Link target _blank' '<a
                href="https://www.owasp.org/index.php/Category:Attack"
                moz-do-not-send="true">Attack</a>' page?<br>
            </div>
            I'm happy to write the first version (if no one else would
            rather do it) but taxonomy has never been one of my
            strengths ;)<br>
          </div>
          <div>Thoughts?<br>
          </div>
          <div><br>
          </div>
          Cheers,<br>
          <br>
        </div>
        Simon<br clear="all">
        <div>
          <div>
            <div>
              <div>
                <div>
                  <div>
                    <div>
                      <div><br>
                        -- <br>
                        <div class="gmail_signature"
                          data-smartmail="gmail_signature"><a
                            href="https://www.owasp.org/index.php/ZAP"
                            target="_blank" moz-do-not-send="true">OWASP
                            ZAP</a> Project leader<br>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">
</pre>
  </body>
</html>