Bugtraq mailing list archives
Netflix Site may assist Phishing
From: Sara Togian <saratogian () gmail com>
Date: Thu, 28 Apr 2005 09:47:49 -0400
Hello, Similar to the previously discussed issues with the eBay and Capital One website, Netflix also has a redirect which can assist phishing. https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ Or, it can be made even more obscure: https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F I have not yet seen phishing emails to Netflix, but since they do have credit card info, I can't see them not occuring at some point. In either case, it's a major website with a silly issue. As well, it can look even more valid as it is a link to a secure site. History: Netflix was notified on Wednesday April 20, 2005. I got a form letter back, no other response, and the issue is still there. I again tried Netflix on 4/25. Customer Service response that the email is being sent to the proper department. Issue still there. 4/28, I figured this was enough time for a fix or a response from the "proper department" and reported the issue to BugTraq. Not fixed at time of sending this. Regards, KM
Current thread:
- Netflix Site may assist Phishing Sara Togian (Apr 28)
- RE: Netflix Site may assist Phishing pak_ml (Apr 28)