[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <0E565C4C9391DE4D856F725294E8730D014C9DE6@MI8NYCMAIL04.Mi8.com>
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: http://www.chase.com/ vulnerability
The Chase home page has been like this for over a year. I was a bit
worried after the change, so I just bypassed it. If you feel more
secure logging in on an SSL page, just do the following:
1. From the Chase home page, click on the lock icon next to the words
"Access My Accounts"
2. On the page that appears, click on the "Log On Now" box sitting in
the left border.
3. You will then arrive at the old login screen with the little golden
lock icon. Log in and feel secure.
Since Chase changed this page over a year ago, I'm sure we would have
heard something if the Chase site was being exploited.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
gauntlet@....hush.com
Sent: Friday, May 28, 2004 3:24 PM
To: 'Perry E. Metzger'; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] http://www.chase.com/ vulnerability
Many financial institutions do the same thing.
www.americanexpress.com:
Security is important to everyone!
Please be assured that, although the home page itself does not have an
"https" URL, the login component of this page is secure. When you enter
your
User ID and password, your information is transmitted via a secure
environment, and once the login is complete, you will be redirected to
our
secure area.
If you wish to speak further with a technical specialist, please feel
free
to contact American Express Online Services at 1-800-297-1234, 24
hours/7
days. If you are outside the United States, please call collect at
1-336-393-1111.
---------------
Rob
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.
Powered by blists - more mailing lists