[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] http://www.chase.com/ vulnerability

To: gauntlet@xxxxxxxxxxxx, "Perry E. Metzger" <perry@xxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] http://www.chase.com/ vulnerability
From: "James Patterson Wicks" <pwicks@xxxxxxxxxx>
Date: Sat, 29 May 2004 10:38:45 -0400

The Chase home page has been like this for over a year.  I was a bit
worried after the change, so I just bypassed it.  If you feel more
secure logging in on an SSL page, just do the following:

1.  From the Chase home page, click on the lock icon next to the words
"Access My Accounts"

2.  On the page that appears, click on the "Log On Now" box sitting in
the left border.

3.  You will then arrive at the old login screen with the little golden
lock icon.  Log in and feel secure.

Since Chase changed this page over a year ago, I'm sure we would have
heard something if the Chase site was being exploited.



-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
gauntlet@xxxxxxxxxxxx
Sent: Friday, May 28, 2004 3:24 PM
To: 'Perry E. Metzger'; full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] http://www.chase.com/ vulnerability

Many financial institutions do the same thing. 

www.americanexpress.com:

Security is important to everyone!

Please be assured that, although the home page itself does not have an
"https" URL, the login component of this page is secure. When you enter
your
User ID and password, your information is transmitted via a secure
environment, and once the login is complete, you will be redirected to
our
secure area.

If you wish to speak further with a technical specialist, please feel
free
to contact American Express Online Services at 1-800-297-1234, 24
hours/7
days. If you are outside the United States, please call collect at
1-336-393-1111. 

---------------

Rob 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This e-mail is the property of Oxygen Media, LLC.  It is intended only for the 
person or entity to which it is addressed and may contain information that is 
privileged, confidential, or otherwise protected from disclosure. Distribution 
or copying of this e-mail or the information contained herein by anyone other 
than the intended recipient is prohibited. If you have received this e-mail in 
error, please immediately notify us by sending an e-mail to 
postmaster@xxxxxxxxxx and destroy all electronic and paper copies of this 
e-mail.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] http://www.chase.com/ vulnerability
  - From: Perry E. Metzger

Prev by Date: Re: [Full-Disclosure] Printer Buffer Security??
Next by Date: [Full-Disclosure] Re: rsynd-too-open.c posted on fd is backdoored. Don't run it!!!
Previous by thread: Re: [Full-Disclosure] http://www.chase.com/ vulnerability
Next by thread: Re: [Full-Disclosure] http://www.chase.com/ vulnerability
Index(es):
- Date
- Thread