Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Netflix Site may assist Phishing

from [pak_ml] Network Security [Permanent Link]
Subject: RE: Netflix Site may assist Phishing
Date: Thu, 28 Apr 2005 22:06:35 +0100 
Simple scan of UK banks will show that they are not the only one. HSBC is
the only bank where I could not find this kind of redirection...

Cheers

Pak76

-----Original Message-----
From: Sara Togian [mailto:saratogian@gmail.com] 
Sent: 28 April 2005 14:48
To: bugtraq@securityfocus.com; abuse@netflix.com
Subject: Netflix Site may assist Phishing

Hello,

Similar to the previously discussed issues with the eBay and Capital
One website, Netflix also has a redirect which can assist phishing.

https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ 

Or, it can be made even more obscure:

https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%6F%6
7%6C%65%2E%63%6F%6D%2F

I have not yet seen phishing emails to Netflix, but since they do have
credit card info, I can't see them not occuring at some point. In
either case, it's a major website with a silly issue. As well, it can
look even more valid as it is a link to a secure site.

History:

Netflix was notified on Wednesday April 20, 2005. I got a form letter
back, no other response, and the issue is still there.

I again tried Netflix on 4/25.  Customer Service response that the
email is being sent to the proper department. Issue still there.

4/28, I figured this was enough time for a fix or a response from the
"proper department" and reported the issue to BugTraq. Not fixed at
time of sending this.

Regards,
KM

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Borland Security Contact, KF (lists)
Next by Date:  Re: New auto download / install / exploit URL?, Nicob
Previous by Thread:  Netflix Site may assist Phishing, Sara Togian
Next by Thread:  Borland Security Contact, Dave Armstrong
Indexes:  [Date] [Thread] [Top] [All Lists]