Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Netflix Site may assist Phishing

from [Sara Togian] Network Security [Permanent Link]
Subject: Netflix Site may assist Phishing
Date: Thu, 28 Apr 2005 09:47:49 -0400 
Hello,

Similar to the previously discussed issues with the eBay and Capital
One website, Netflix also has a redirect which can assist phishing.

https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ 

Or, it can be made even more obscure:

https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F

I have not yet seen phishing emails to Netflix, but since they do have
credit card info, I can't see them not occuring at some point. In
either case, it's a major website with a silly issue. As well, it can
look even more valid as it is a link to a secure site.

History:

Netflix was notified on Wednesday April 20, 2005. I got a form letter
back, no other response, and the issue is still there.

I again tried Netflix on 4/25.  Customer Service response that the
email is being sent to the proper department. Issue still there.

4/28, I figured this was enough time for a fix or a response from the
"proper department" and reported the issue to BugTraq. Not fixed at
time of sending this.

Regards,
KM
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits., Romain Francoise
Next by Date:  Borland Security Contact, Dave Armstrong
Previous by Thread:  phpBB Notes Mod SQL Injection Vulnerability, GulfTech Security Research
Next by Thread:  RE: Netflix Site may assist Phishing, pak_ml
Indexes:  [Date] [Thread] [Top] [All Lists]