| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9296b1f805042806478c7f268@mail.gmail.com> Date: Thu, 28 Apr 2005 09:47:49 -0400 From: Sara Togian <saratogian@...il.com> To: bugtraq@...urityfocus.com, abuse@...flix.com Subject: Netflix Site may assist Phishing Hello, Similar to the previously discussed issues with the eBay and Capital One website, Netflix also has a redirect which can assist phishing. https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ Or, it can be made even more obscure: https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F I have not yet seen phishing emails to Netflix, but since they do have credit card info, I can't see them not occuring at some point. In either case, it's a major website with a silly issue. As well, it can look even more valid as it is a link to a secure site. History: Netflix was notified on Wednesday April 20, 2005. I got a form letter back, no other response, and the issue is still there. I again tried Netflix on 4/25. Customer Service response that the email is being sent to the proper department. Issue still there. 4/28, I figured this was enough time for a fix or a response from the "proper department" and reported the issue to BugTraq. Not fixed at time of sending this. Regards, KM
Powered by blists - more mailing lists