Phishers (and I’m sure marketing jerks too) love universal redirects. A universal redirect is when you visit a url that looks like one domain and it redirects you to a different site. They have their purpose, but if a site doesn’t implement protections properly it could be brand damaging. Especially in markets like finance where trust is very important, any erosion of trust can be very costly. The examples I’m about to provide can be prevented by having your website audited regularly.

The reason that phishers get away with what they do is that it’s easy to mimic the look and feel of a site, which builds your trust. We see a logo and certain colors and we respond appropriately. Companies put a ton of money into building these brands only to have that power used against them.  Now people are getting leery about clicking on just any link in an email or website, so if phishers can make it appear like you are clicking on a valid link and then whisk you away to their evil site all the better for their con.

So for a quick example. Let’s say example.com wants to keep track of who clicks on their partner site link. They might have something like.

http://www.example.com/redirect.cfm?siteURL=http://www.ngenuity-is.com

When you click on that link in theory it would record your entry in a log file and send you to ngenuity-is.com

Stop talking and get to Dave Ramsey already:

The reason I bring up daveramsey.com is because they have a similar redirect, are in an industry where trust is very important and have tried to put protections in place to prevent what I’m talking about here. If you mouse over the left hand navigation you will see that a few of the links go to a page that looks like this.

http://www.daveramsey.com/redirect/redirect.cfm?strPath=…

Dave’s team of crafty website ninjas figured that phishers would love to direct themselves anywhere so if you try and put in your own website after strPath it will just redirect back to the main site. That is where the trusty null byte comes in handy. Slipping in a single byte into the link and you have yourself a working universal redirect.

Example: http://www.daveramsey.com/redirect/redirect.cfm?strPath=%00http://www.ngenuity-is.com

The end.

October is National Cyber Security Awareness Month. It gives all of us that are security focused the opportunity to spread some information about security and safety to others.

To do our part DC509 is putting on another community outreach event. This time it’s going to be bigger and better than ever. We have 4 speakers on the agenda this time, speaking on a wide variety of topics. To not put the audience to sleep, each speaker will have 15 minutes to speak and 15 minutes for Q&A. Please join us and show support for helping to secure our community.

Speakers:

• Aaron Howell – Phishing; Don’t take the bait
• Adam Baldwin – Building trust with website visitors
• Lynda True – Information sharing on social networks
• Thomas Feduk, Jr – Basic best practices for staying safe online

You can find out more information about the event by going to ngenuity-is.com/events or more information about National Cyber Security Awareness Month by going to www.staysafeonline.org

This is a fantastic deal that PayPal and Ebay should be seriously promoting. PayPal and Ebay are both giant phishing targets. They have been offering a 2 factor authentication token for a while now. The cost to you, $5. Includes shipping, no other costs, no hidden fees and it’s easy to use. I highly recommend anybody with a paypal or ebay account get one immediately.

Find out more here:
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey-outside

Side Note:
If you are in the Tri-Cities, WA area and want to learn more about Phishing (and other security topics) come to the DC509, National Cyber Security Month Event being held in October. Aaron Howell from nGenuity will be presenting on Phishing. I will post more information as the event nears.