lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <0E565C4C9391DE4D856F725294E8730D014C9DE6@MI8NYCMAIL04.Mi8.com>
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: http://www.chase.com/ vulnerability

The Chase home page has been like this for over a year.  I was a bit
worried after the change, so I just bypassed it.  If you feel more
secure logging in on an SSL page, just do the following:

1.  From the Chase home page, click on the lock icon next to the words
"Access My Accounts"

2.  On the page that appears, click on the "Log On Now" box sitting in
the left border.

3.  You will then arrive at the old login screen with the little golden
lock icon.  Log in and feel secure.

Since Chase changed this page over a year ago, I'm sure we would have
heard something if the Chase site was being exploited.



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
gauntlet@....hush.com
Sent: Friday, May 28, 2004 3:24 PM
To: 'Perry E. Metzger'; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] http://www.chase.com/ vulnerability

Many financial institutions do the same thing. 

www.americanexpress.com:

Security is important to everyone!

Please be assured that, although the home page itself does not have an
"https" URL, the login component of this page is secure. When you enter
your
User ID and password, your information is transmitted via a secure
environment, and once the login is complete, you will be redirected to
our
secure area.

If you wish to speak further with a technical specialist, please feel
free
to contact American Express Online Services at 1-800-297-1234, 24
hours/7
days. If you are outside the United States, please call collect at
1-336-393-1111. 

---------------

Rob 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ