Who the fuck is yaron shohat and why does he want my social security number
I was trying to book a flight on jetblue.com yesterday, and I had a horrible experience. When you go to jetblue.com and search for a flight you are redirected to jetblueairways.com, initially I didn’t notice this. After I entered in my credit card information (with my Bank of America card) and hit submit, I was redirected to http://securesuite.com/bankofamerica , or a similar url. On this page I was asked for the last 6 digits of my social security number and my email address. I hesitated and looked up securesuite.com.
securesuite.com is apparently part of Visa’s “Verified by Visa” program. There were very few hits on google for the site, and most of them were people worried about phishing scams. I did a whois on securesuite.com and got these results.
Registrant:
cyota
yaron shohat
8200 Greensboro Drive Suite 1100
Mclean, VA 22102
Email: IAAG_DNS_Hostmaster@rsa.com
Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com
Domain Name: securesuite.net
Created on..............: Fri, Aug 23, 2002
Expires on..............: Sun, Aug 23, 2009
Record last updated on..: Sun, Nov 09, 2008
Administrative Contact:
RSA, The Security Division of EMC
IAAG DNS ADMIN
8200 Greensboro Drive Suite 1100
Mclean, Va 22102
US
Phone: +1.8665606153
Email: IAAG_DNS_Admin@rsa.com
Technical Contact:
RSA, The Security Division of EMC
IAAG DNS TECH
8200 Greensboro Drive Suite 1100
Mclean, Va 22102
MS
Phone: +1.8665606153
Email: IAAG_DNS_Tech@rsa.com
DNS Servers:
pdns1.ultradns.net
pdns5.ultradns.info
pdns4.ultradns.org
pdns6.ultradns.co.uk
pdns2.ultradns.net
pdns3.ultradns.org
Visit AboutUs.org for more information about securesuite.net
AboutUs: securesuite.net
Register your domain name at http://www.register.com
What the fuck. I don’t care if it is really sanctioned by Visa, and is a legitimate site, I won’t submit any information to such a poorly administered site. This is horrid, I don’t know who is responsible Visa, Bank of America, Jet Blue, a hacker who got into Jet Blue, or Jet Blue’s credit card processor, and frankly I don’t care.
At this point I went back to the previous page, and realized that I hadn’t been filing in my credit card information on jetblue.com, but jetblueairways.com. I opened a new browser and went to jetblue.com going through the same steps and I realized that searching for a flight on their home page redirects you to jetblueairways.com. Next I looked at the form on the last page from jetblueairways.com where I wrote in my credit card info, to see if it submitted to jetblueairways.com or securesuite.net, apparently that page does submit to jetblueairways.com and the response gives an http redirect to securesuite.net.
I will call jetblue and my bank today to see what is going on. Whatever the result, this was a horrible experience. If this was legitimate, in some ways it is even more scary. I had a hard time understanding what was happening, and I’m a programmer who deals with the web everyday, my parents are dead in the water.