Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] http://www.chase.com/ vulnerability

from [James Patterson Wicks] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] http://www.chase.com/ vulnerability
Date: Sat, 29 May 2004 10:38:45 -0400 
The Chase home page has been like this for over a year.  I was a bit
worried after the change, so I just bypassed it.  If you feel more
secure logging in on an SSL page, just do the following:

1.  From the Chase home page, click on the lock icon next to the words
"Access My Accounts"

2.  On the page that appears, click on the "Log On Now" box sitting in
the left border.

3.  You will then arrive at the old login screen with the little golden
lock icon.  Log in and feel secure.

Since Chase changed this page over a year ago, I'm sure we would have
heard something if the Chase site was being exploited.



-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
gauntlet@nym.hush.com
Sent: Friday, May 28, 2004 3:24 PM
To: 'Perry E. Metzger'; full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] http://www.chase.com/ vulnerability

Many financial institutions do the same thing. 

www.americanexpress.com:

Security is important to everyone!

Please be assured that, although the home page itself does not have an
"https" URL, the login component of this page is secure. When you enter
your
User ID and password, your information is transmitted via a secure
environment, and once the login is complete, you will be redirected to
our
secure area.

If you wish to speak further with a technical specialist, please feel
free
to contact American Express Online Services at 1-800-297-1234, 24
hours/7
days. If you are outside the United States, please call collect at
1-336-393-1111. 

---------------

Rob 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This e-mail is the property of Oxygen Media, LLC.  It is intended only for the 
person or entity to which it is addressed and may contain information that is 
privileged, confidential, or otherwise protected from disclosure. Distribution 
or copying of this e-mail or the information contained herein by anyone other 
than the intended recipient is prohibited. If you have received this e-mail in 
error, please immediately notify us by sending an e-mail to 
postmaster@oxygen.com and destroy all electronic and paper copies of this 
e-mail.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Printer Buffer Security??, Etaoin Shrdlu
Next by Date:  [Full-Disclosure] Re: rsynd-too-open.c posted on fd is backdoored. Don't run it!!!, Cory Donnelly
Previous by Thread:  Re: [Full-Disclosure] http://www.chase.com/ vulnerability, Perry E. Metzger
Next by Thread:  Re: [Full-Disclosure] http://www.chase.com/ vulnerability, Perry E. Metzger
Indexes:  [Date] [Thread] [Top] [All Lists]