That's kind of sketchy, NetFlix

Posted on May 26, 2005 at 7:30 AM in 'Random Crap I Found On The Internet' with tags 'netflix, phishing, google'

I was reading a blog entry describing a cool website that analyzes your NetFlix rental statistics, and I decided to finally subscribe to NetFlix as I've been considering for months. I clicked the link to NetFlix in the blog entry and started filling out the subscription forms.

As I got to the last page of the registration, where you are asked to enter your credit card information, I glanced around the page before submitting the form. I noticed that although it claimed it was a secure server, the address bar was white (Firefox colors the address bar yellow when you are on a secure site). What's more, when I looked closer at the URL, I noticed it was http://www.netflex.com/, not netflix.com. A chill ran down my spine as I thought I had just come inches away from giving my credit card information to a phishing site.

However, when I viewed the source of the http://www.netflex.com site, it was just a frameset with one frame pointing to https://www.netflix.com/. Though the IP address that http://www.netflex.com points to is in the same class A network as http://www.netflix.com's IP address, the netflex IP address is shown as belonging to Network Solutions, not NetFlix. Just to be sure, I manually typed in https://www.netflix.com/ and carefully inspected the SSL certificate before completing my subscription.

As far as I can tell, the http://www.netflex.com page isn't malicious. It looks like NetFlix (or someone) just set it up to catch typos (like what happened in the blog entry) and direct them to the real website. In fact, I know that Network Solutions offers a free frameset "redirect" (it's really just masking the forwarded URL inside a frame as described above) when you register a domain name with them. That would explain why the IP address doesn't belong to NetFlix; someone probably registered the netflex.com domain, set it up to "forward" to http://www.netflix.com, and forgot about it. But with the prevalence of phishing attacks these days, that approach is not acceptable. They should configure a real web server that simply forwards all requests to the correct website with an HTTP 301 ("Moved Permanently") redirect or something along those lines. That's basically what Google does:

$ curl -I http://www.gogle.com/
HTTP/1.1 302 Found
Location: http://www.google.com/

Oh well, despite that brief bit of unpleasantness, I'm excited to finally be subscribed to NetFlix.

| Revision: 3 | (6 comments) | Comments are closed for this entry.

Comments

Posted by jenn 2 hours, 21 minutes later

netflix is amazing and totally worth the money.

Posted by Marie 3 days, 9 hours later

What DVDs did you ask for?

Posted by Dan 1 hour, 26 minutes later

Funny you should ask, because I just wrote a little script to show my current NetFlix queue just like the one I did to show what's currently on my Tivo. You can see my NetFlix queue here. It doesn't show the three DVDs that they've already sent me; I've currently got Run Lola Run, The Office: Series 1 (the British version), and City Of God on the way.

Posted by Antonio 4 days, 15 hours later

The problem with Tivo and PR is that the location where you return the movies is not the same location from where you send them. This may cause some delay in them sending you a dvd. Plus, PR mail sucks donkey cooch.

Posted by Dan 3 minutes later

NetFlix, you mean? Interesting, didn't know that. And that's true, mail takes so much longer here. Oh well, hopefully I'll get an idea of how bad it is before the two-week trial period is over. Thanks for the heads up.

Posted by Antonio 3 minutes later

Yea Netflix, not Tivo. Don't mind me, I'm a crackhead.

If you're ever up this way (D.C.), let me know!