Who the fuck is yaron shohat and why does he want my social security number
I was trying to book a flight on jetblue.com yesterday, and I had a horrible experience. When you go to jetblue.com and search for a flight you are redirected to jetblueairways.com, initially I didn’t notice this. After I entered in my credit card information (with my Bank of America card) and hit submit, I was redirected to http://securesuite.com/bankofamerica , or a similar url. On this page I was asked for the last 6 digits of my social security number and my email address. I hesitated and looked up securesuite.com.
securesuite.com is apparently part of Visa’s “Verified by Visa” program. There were very few hits on google for the site, and most of them were people worried about phishing scams. I did a whois on securesuite.com and got these results.
Registrant:
cyota
yaron shohat
8200 Greensboro Drive Suite 1100
Mclean, VA 22102
Email: IAAG_DNS_Hostmaster@rsa.com
Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com
Domain Name: securesuite.net
Created on..............: Fri, Aug 23, 2002
Expires on..............: Sun, Aug 23, 2009
Record last updated on..: Sun, Nov 09, 2008
Administrative Contact:
RSA, The Security Division of EMC
IAAG DNS ADMIN
8200 Greensboro Drive Suite 1100
Mclean, Va 22102
US
Phone: +1.8665606153
Email: IAAG_DNS_Admin@rsa.com
Technical Contact:
RSA, The Security Division of EMC
IAAG DNS TECH
8200 Greensboro Drive Suite 1100
Mclean, Va 22102
MS
Phone: +1.8665606153
Email: IAAG_DNS_Tech@rsa.com
DNS Servers:
pdns1.ultradns.net
pdns5.ultradns.info
pdns4.ultradns.org
pdns6.ultradns.co.uk
pdns2.ultradns.net
pdns3.ultradns.org
Visit AboutUs.org for more information about securesuite.net
AboutUs: securesuite.net
Register your domain name at http://www.register.com
What the fuck. I don’t care if it is really sanctioned by Visa, and is a legitimate site, I won’t submit any information to such a poorly administered site. This is horrid, I don’t know who is responsible Visa, Bank of America, Jet Blue, a hacker who got into Jet Blue, or Jet Blue’s credit card processor, and frankly I don’t care.
At this point I went back to the previous page, and realized that I hadn’t been filing in my credit card information on jetblue.com, but jetblueairways.com. I opened a new browser and went to jetblue.com going through the same steps and I realized that searching for a flight on their home page redirects you to jetblueairways.com. Next I looked at the form on the last page from jetblueairways.com where I wrote in my credit card info, to see if it submitted to jetblueairways.com or securesuite.net, apparently that page does submit to jetblueairways.com and the response gives an http redirect to securesuite.net.
I will call jetblue and my bank today to see what is going on. Whatever the result, this was a horrible experience. If this was legitimate, in some ways it is even more scary. I had a hard time understanding what was happening, and I’m a programmer who deals with the web everyday, my parents are dead in the water.
Yep, there seem to be people running critical stuff at Visa who appear to know nothing about internet security.
We’re told never to enter our card details into an unknown popup window, and then Visa’s securty system asks us to do exactly that. We’re told that if we’re dealing with a reputable financial company, they’ll NEVER suddenly switch us to an unfamiliar domain name mid-way through a transaction. And that’s exactly what Visa does. Who the hell are securesuite? Never heard of them. Why isn’t the Domain explicitly a Visa site? That’d at least give us the comfort of knowing that if the domain was fraudulently labelled, that the owners were probably comitting an offence somehow. But if you enter your card details into a completely unknown domain whose name doesn’t hook up to anything you’ve ever heard of, and it goes wrong, then that’s negligence on your part. We’re told that any user who’d do this is behaving irresponsibly. But they still ask us to do it.
And it gets even worse.
One of the giveaway signs of a phishing site is that their domain is one letter away from that of another “respectable” domain (say, micrcsoft.com). “Securesuite” sounds like a one-letter spin on “securesite”, so the name immediately sets alarm bells ringing.
So who the hell at Visa doesn’t know these things? And what the hell are they doing being allowed to set up redirects and javascript stuff on a Visa security site?
Comment by Eric Baird — December 25, 2009 @ 3:32 pm
I can’t believe that JetBlue does that.
That was truly a horrid online experience.
I was convinced that it was a phishing scam.
Why the hell are they asking for SS digits?
Comment by annoyed by securesuite.net — February 28, 2010 @ 9:59 pm