Quickflix Security

933 Words2 Pages

Quickflix is a DVD rental company, as it said, it is the leading online DVD rental operator in Australia. It allows members to select DVDs from an online library of movie, TV series and music titles and have them delivered through the mail. Members pay a monthly fee regardless of how many DVDs they rent or how long they keep each title. Here is the website www.quickflix.com.au

What assets might an attacker want to acquire from this target?

Physical Goods

As a DVD rental company, the most valuable assets of Quickflix are its physical goods, the DVDs. These plastic chips are storing in Quickflix's warehouse, and will be delivered by POST once it has been put on the list.

Service Availability

The other kind of assets is the service availability. This can be seperated into two aspect.

The first one is the safety of Quickflix's website. Generally, all interaction between Quickflix and renters takes place through the company's website. Once the website is down, all services to users become unavailable. They can not sign up, or browse and order DVD anymore. If that really happy, the lost could be huge. Another possibility is running out of inventory. Imaging that all copies of some heat movies being rent out and no spare one available. This will strike the confident of users to the company and may lead to a losing of customers.

Customer Information

Users information on Quickflix could be the assets wanted by an attacker.Membership System is implemented on Quickflix, users need to become a member before enjoying the DVD rental services. When new user signing up, personal information such as name, address, and creditcard details will be required by registration system. That suggests the company may probably storing ...

... middle of paper ...

...//www.selfseo.com/

Method: Google searching

Information 5: May be the email address of administrator of quickflix. simon@quickflix.com.au

Source: http://www.who.is/website-information/quickflix.com.au

Method: Google searching

Information 6: Vulnerability analysis report of quickflix

Web Server Uses Plain-Text Form Based Authentication

Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

SSL Certificate - Subject Common Name Does Not Match Server FQDN

Works Cited

https://freescan3.qualys.com/report.php?hemna=QdzkWSgNlJvVvTj5Mq%2FA6zPB%2Bikgp%2BYX8zRwRwpgokH5EG8Ignv3KA%3D%3D

More about Quickflix Security

Open Document