New phishing technique and a creepy proof of concept. Article

Wow, I am anal about how I keep my pc clean but this actually scares me a bit.

I don't know, it assumes that you click on links willy nilly. You still have to open a tab to an infected site or honeypot, and then forget that you opened it. If you spend a lot of time on warez/porn/farting-desktop-widget-of-the-day sites (the kinds of places where stuff like this will live) and you're not already really careful about what you're doing, you're probably already disease ridden.

I just read the article. The proof of concept site is blocked at work. They also talk about the possibility of combining it with the :visited w3c specification exploit (proof of concept: Start panic).

It's just interesting. I don't do any "high risk" browsing, as you said, so its still very low risk for me. It just has the potential of making phishing sites harder to detect.

And they said the proof of concept site for the phishing exploit doesn't work at all in Chrome... which is what I use at home (not sure if that is just because it was a Mozilla blogger or not).

Yea, I guess it's more of an impact if your trust level is high. I still remember the "wild west" of the internet and am still inherently skeptical of any site that I visit.

[Update: As several readers have correctly pointed out, this attack does in fact work against Chrome, although it doesn't seem to change the favicon in Chrome tabs].