Hacking NetFlix

Christopher tipped me off to a Bugtraq Mailing list thread about a possible Netflix security problem involving "Phishing."

This is the Wikipedia definition of phishing:

In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. It is a form of social engineering attack.

Here's a link to an example of a phishing e-mail.

Update: Removed example of "phishing" code. Google it if you want to see what it look like. - Mike

This was just a warning and I have not heard of any phishing attempts involving Netflix.

When I inquired with Netflix about the Bugtraq report, they were already working on it, and they released the fix on Friday.

This is not the first time I've watched Netflix take a security threat seriously. Earlier this year there was a security issue that affected a very small number of users. Netflix responded immediately and fixed the problem within days.

While I believe this will be an ongoing battle for any e-commerce Web site, I've watched Netflix closely as they've responded to two different problems quickly and efficiently.

The LA Times is reporting that Disney is ending the MovieBeam service and the future is uncertain.

The company plans to close its experimental video-on-demand service this week in all three of its test cities. Disney spokeswoman Michelle Bergman said the shutdown was necessary to upgrade systems as the company seeks potential partners to explore MovieBeam's "next phase."

The story cited one possible reason for the move:

Some studio executives feared the service could cut into Disney's lucrative home video sales.

It was an interesting concept but faced serious competition from Blockbuster, Netflix, pay-per-view and low-cost retail DVD's.

One problem I have with video-on-demand is the limited time you have to watch a movie before it gets deleted and you have to pay again. I've purchased movies from these services and had them expire before I could watch them. I wonder if this is built into the business model? Do they pay the studio if you don't watch a movie?

Via PVRblog.

Paul noticed a new window on the back of the Netflix envelope:

Today I got new envelopes with a small window on the back that seem to allow scanning of the sleeve barcode without opening. However no suggestion is made that would lead someone to orient the sleeve to allow this.

Here's a picture of the barcode window:

Has anyone else seen this?

Update: Access Hollywood is reporting that as part of this promotion Netflix is donating $10 to the Starlight children's charity if you sign up before May 19th and use the code "STARLIGHT."

This is really bizarre. Seems like Netlix was involved in sending Bai Ling to visit the Star Wars Nerds, who may or may not be waiting at the wrong theater for the May 19th opening of the new Star Wars movie.

George Lucas would be rolling over in his grave, er, he's still alive and probably laughing all the way to the bank. Excellent use of a hot asian woman and geek icons to get some buzz going for Netflix.

Photo from dude. man. phat., and more photos at Wire Image.

Via dude. man. phat., Blogging L.A., and Boing Boing.

Michael writes:

I was about to send back a movie, when I notice the "Postage-Paid" area was missing and it had a "Place Stamp Here" box in it's place... Since the "Postage-Paid" area is always printed on and not a sticker this seems to be a BIG printing oversight... I called Blockbuster and was told I was the first to report it... The movie I received took a long time leading me to believe that it was not from my local distribution center...

Here's the picture he sent with the envelope:

Has anyone else seen this type of envelope?

Rich writes:

In the same vein as your post on upgrading Netflix, I wanted to share a bit of info on what happens when you downgrade. Instead of immediately adjusting you to the new program you selected, Netflix delays the change until your billing cycle date hits. It's nice because you can downgrade without losing unused service, and without having to remember to do it right at your cycle date.

Here's the Netflix Q & A on downgrading:

Q: Can I downgrade my program and still keep all the profiles I've created for my family members?

A: Yes. If the account owner elects to downgrade to a plan that doesn’t support the number of DVDs assigned out to their current number of profiles, at the end of the billing period (when the downgrade takes effect) we will reassign all DVDs out to the owner and reset DVDs out to additional profile to “0”. The owner must visit the Assign DVDs page to reallocate movies among their profiles. Because the end of the billing period, when the actual account downgrade will happen, may be days or weeks later, we will send the owner an email reminder when the change takes effect.

The Star-Telegram has a background story on Blockbuster antagonist Carl Icahn.

Icahn wants Blockbuster to concentrate on its core business, cut costs and pay out $330 million in dividends. As for Antioco's $51.6 million compensation package for 2004, Icahn called it "unconscionable." And he said Blockbuster made a "grave error" in abandoning its attempt to buy rival Hollywood Entertainment, which was snapped up by Movie Gallery at a cheaper price. He also has said that Blockbuster should be sold.

In a stinging letter April 7, Icahn announced his intention to run a dissident slate of three candidates for each of the board seats up for a vote, including Antioco's. The three include Icahn and two respected entertainment industry veterans, whose names immediately drew praise from some analysts.

Worth an estimated $7.6 billion and with a track record of being a ruthless corporate raider, I wouldn't want this guy after my job.

Slate has an amazing story (How to Finance a Hollywood Blockbuster) about how the movie studios use international tax law to help offset the financial risk in making a movie.

As paradoxical and absurd as it sounds, it's cheaper for a Hollywood studio to make a big-budget action movie than to make a shoestring art film like Sideways. Consider Paramount's 2001 action flick Lara Croft: Tomb Raider. On paper, Tomb Raider's budget was $94 million. In fact, the entire movie cost Paramount less than $7 million. How did the studio collect over $87 million before cameras started rolling?

Almost makes me with I went to law school or paid more attention in my accounting classes.

Charles writes:

I have been wondering: Who needs more DVDs than they can get with the 3-out plan? According to my Netflix Fee Calculator:

http://frogcircus.org/netflix/

As long as the transit time between you and Netflix is 1 day (as is presumably the case for most people), and as long as they send your next movie on the same day they receive your returned DVD (as they consistently do as of late for us), the 3-out plan will give you a DVD to watch 5 days a week, for an average of 22 DVDs per month.

Does anyone really watch more than 5 DVDs each week, or are the more-out plans appealing because you have more DVDs laying around to choose from when it comes time to watch?

I admit that the new Profiles feature is one way to viably increase your family's film throughput, but even then, how many movies a week does one person really watch?

So, how many movies do you watch a week?

Elaine writes about an interesting series of problems she had with Blockbuster Online:

Lately blockbuster has been doing some funky stuff with my queue and I wanted to know if anyone else has been experiencing what I have.

First it was that they weren't filling the 3rd available slot, and it would take days and several phone calls before finally filling it. This after it was taking them upwards of 4 days to receive my returns. Then 1 day before shipping out. This happened twice in a row, resulting in a 3 week span of only getting 3 movies, even though there were returns on time. They rewarded me an extra movie as an apology.

Then there was a problem with the priority list. They were sending out movies at the bottom of my list, and foregoing the ones at the top, even though they listed as "available now". It happened twice, and after a couple of calls I was told that by default the queues are set to give preference to movies that are available in my local center over higher priority movies that are in centers elsewhere. So I had them change that preference to give me the movies I want first on my list, no matter what center they come from. Sheesh. Again, I was rewarded with the extra movie.

NOW apparently, is a new problem. Yesterday I added some movies to my list because it was running low, and brought it up to 25 movies. Rerranged them the way I had wanted. I had 25 movies on the list - most of them were "available now". Yesterday I returned my movies, so I figured they may hit the center today. This morning I checked my queue and most of the movies were listed as "short wait" or "long wait", in addition to Toy Story 2 which was listed as "Coming Soon". What? How could that be? I called the customer service, who told me there was no problem either on the system or in my account. Fine. I added 20 movies to the queue today, bringing the total to 45. When I checked my queue - again, MOST OF THEM WERE NOT AVAILABLE. Out of 45 movies, only 18 were available, and some of them were "bonus disks". I called again, only to be told there there was, in fact, a problem with the online queue system, and that by noon it should clear up. Let's wait and see, but I'm not hopeful. They suggested that if by noon it hasn't cleared up, then I should rearrange my priority list just in case, because even though the movies are listed as not available, they may in fact be, so I should have them in the order I want them.

This is unacceptable. It's become much more unreliable and frustrating to add movies and expect them. This is lousy service, and has been for a couple of months. I'm giving this one last chance - any more problems and I'm leaving Blockbuster.

BTW, Netflix has gotten better with their turnaround time and availability, 2 issues that had originally convinced me to join Blockbuster Online to begin with.

Blockbuster is getting better at this, but they're still having a few problems. At least their customer service people are good about giving out free movies to help retain unhappy customers.

Have you had queue problems with Blockbuster or Netflix?