Full Disclosure mailing list archives
RE: http://www.chase.com/ vulnerability
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Sat, 29 May 2004 10:38:45 -0400
The Chase home page has been like this for over a year. I was a bit worried after the change, so I just bypassed it. If you feel more secure logging in on an SSL page, just do the following: 1. From the Chase home page, click on the lock icon next to the words "Access My Accounts" 2. On the page that appears, click on the "Log On Now" box sitting in the left border. 3. You will then arrive at the old login screen with the little golden lock icon. Log in and feel secure. Since Chase changed this page over a year ago, I'm sure we would have heard something if the Chase site was being exploited. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of gauntlet () nym hush com Sent: Friday, May 28, 2004 3:24 PM To: 'Perry E. Metzger'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] http://www.chase.com/ vulnerability Many financial institutions do the same thing. www.americanexpress.com: Security is important to everyone! Please be assured that, although the home page itself does not have an "https" URL, the login component of this page is secure. When you enter your User ID and password, your information is transmitted via a secure environment, and once the login is complete, you will be redirected to our secure area. If you wish to speak further with a technical specialist, please feel free to contact American Express Online Services at 1-800-297-1234, 24 hours/7 days. If you are outside the United States, please call collect at 1-336-393-1111. --------------- Rob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability Brandon (May 28)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability gauntlet (May 28)
- <Possible follow-ups>
- RE: http://www.chase.com/ vulnerability Schmidt, Michael R. (May 28)
- Re: http://www.chase.com/ vulnerability Dark-Avenger (May 28)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability James Patterson Wicks (May 29)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 29)
- Re: http://www.chase.com/ vulnerability http-equiv () excite com (May 29)
- RE: http://www.chase.com/ vulnerability Brandon (May 28)