[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050428204246.19112.qmail@mail.securityfocus.com>
Date: Thu, 28 Apr 2005 22:06:35 +0100
From: "pak_ml" <pak_ml@...penworld.com>
To: "'Sara Togian'" <saratogian@...il.com>,
<bugtraq@...urityfocus.com>
Subject: RE: Netflix Site may assist Phishing
Simple scan of UK banks will show that they are not the only one. HSBC is
the only bank where I could not find this kind of redirection...
Cheers
Pak76
-----Original Message-----
From: Sara Togian [mailto:saratogian@...il.com]
Sent: 28 April 2005 14:48
To: bugtraq@...urityfocus.com; abuse@...flix.com
Subject: Netflix Site may assist Phishing
Hello,
Similar to the previously discussed issues with the eBay and Capital
One website, Netflix also has a redirect which can assist phishing.
https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/
Or, it can be made even more obscure:
https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%6F%6
7%6C%65%2E%63%6F%6D%2F
I have not yet seen phishing emails to Netflix, but since they do have
credit card info, I can't see them not occuring at some point. In
either case, it's a major website with a silly issue. As well, it can
look even more valid as it is a link to a secure site.
History:
Netflix was notified on Wednesday April 20, 2005. I got a form letter
back, no other response, and the issue is still there.
I again tried Netflix on 4/25. Customer Service response that the
email is being sent to the proper department. Issue still there.
4/28, I figured this was enough time for a fix or a response from the
"proper department" and reported the issue to BugTraq. Not fixed at
time of sending this.
Regards,
KM
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005
Powered by blists - more mailing lists