June 2007 IT News

Power Issues don't stop Campus Systems

Campus power outages during July 5 & 6 did not have any effect on critical applications. Some trouble with Rocky Mountain Power last week caused a campus switch to blow up. Fortunately, the generator system worked. No production system went down – and that’s a big deal.

Note: the following is the first of new regular security articles from the U's Information Security Office.

HTML Obfuscated Redirections

The Web is great for disseminating and acquiring information. However, the Web contains many unscrupulous sites that aren't what you want or expect. For example: let's say you are interested in finding a recipe for Meatloaf Pie. You do a NetSearch with your favorite search engine, and start looking at the results.

One of your search results is a link to: <http://thebestmeatloafpie.com/meatloaf.recipe.html>
This looks like a potential solution for the recipe. However, closer investigation of the URL itself, reveals the following: <http://thebestmeatloafpie.com.obsficated.url.something.ok/meatloaf.recipe?xxx123>

The suspicious part of this URL is what lies between "http://" and the next "/". This is the name of the machine you will be directed to, which in this case is: <thebestmeatloafpie.com.obsficated.url.something.ok>.

Hmm. The link said you were going to go to: <thebestmeatloafpie.com>. Yes, you should have alarms going off. This information does not match.

Let's assume you didn't take the time to look at the URL, you visit the site in question, and click on a link to download the recipe. The recipe may not be what you expect. It may, in fact, be a virus or worm, or worse, a program that records all your key strokes, even the ones you use to do your online banking.

How about another scenerio. You receive an email message like this:

From: businessservice.ref12345x.uofu@uofucreditunion.com
Subject: Service Message

Dear University of Utah Credit Union Member,

The University of Utah Credit Union Service Team requests you complete the Customer Confirmation Form (CCF).
This procedure is obligatory for all members of the University
of Utah Credit Union.
Pleasse click the hyperlink below to access the Customer
Confirmation Form (CCF)
http://uofuccu-2007.uofucreditunion.com/ccf/ccf.asp

Investigation of the URL shows the following:

<a href="http://uofuccu-2007.uofucreditunion.com.uofu.ok/ccf/ccf.asp">http://uofuccu-2007.uofucreditunion.com/ccf/ccf.asp</a>

Hmm. Again, the actual URL is obfuscated, and directs you to a machine in the "uofu.ok" domain.

So, how do you avoid these problems?

A) View the source code of the Web page. Look for "http://" and inspect the URL.
B) Don't allow execution of binaries you download when browsing.
C) Use caution when visiting both trusted and untrusted sites.

Why should you be cautious with a trusted site? Because it may be an untrusted site obfuscated to appear as a trusted site. True, this will affect the easy Point-And-Click method of using your computer, but the time spent is less than that required to:
i) rebuild your computer
ii) restore your credit

Additionally, you should never respond to requests like the example above. Your bank will NEVER send you email for confirmation.

For security-related issues and information, the Information Security Office invites you to visit:
<http://iso.utah.edu/security/>