Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Netflix Site may assist Phishing

From: Sara Togian (saratogiangmail.com)
Date: Thu Apr 28 2005 - 08:47:49 CDT


Similar to the previously discussed issues with the eBay and Capital
One website, Netflix also has a redirect which can assist phishing.


Or, it can be made even more obscure:


I have not yet seen phishing emails to Netflix, but since they do have
credit card info, I can't see them not occuring at some point. In
either case, it's a major website with a silly issue. As well, it can
look even more valid as it is a link to a secure site.


Netflix was notified on Wednesday April 20, 2005. I got a form letter
back, no other response, and the issue is still there.

I again tried Netflix on 4/25. Customer Service response that the
email is being sent to the proper department. Issue still there.

4/28, I figured this was enough time for a fix or a response from the
"proper department" and reported the issue to BugTraq. Not fixed at
time of sending this.