Related Entries

Blaster laster
Ironic, is it not?
Another buffer overrun vulnerability
What's New in Windows 2003!
Security hole or stupidity?

« Hat problems
» Soup is beautiful

Amazon.com security request fraud

Not a new thing, but it mostly used to be e-Bay and PayPal. Now Amazon.com is also getting used.

Got an e-mail today, supposedly from Amazon.com to update my details. The URL goes to http://www.amazon.com@dalpin.com/exec/obidos/subst/home/?EnterConfirm&UsingSSL=0&pUserId=&us=445&ap=0&dz=1&Lis=10&ref=br_bx_c_2_2. Whatever login and password you give, is accepted and you get the privilege to shell out your credit card details.

Opera 8 Beta popped up a message whether I want to login to the server "dalpin.com" as user "www.amazon.com". That was good because I get some idea that I am not going to amazon.com server.

I worry about the non-technical folks who have accounts in Amazon.com.

As always, there is a small chance that amazon.com ran out of servers and are employing others to collect this information :-)