Aspiring business students launch chain of Web sites

University students can access a new Web site designed to make their online lives easier although security concerns may be an issue.

Starting in late September, two sophomores from the University of Iowa launched a number of these Web sites at the University of Illinois, Ohio State University, the University of Wisconsin and the University of Minnesota. The University’s Web site was launched in early October.

The Web site, Uofihomepage.com, links to the login pages for campus e-mail, Yahoo!, Gmail, Twitter and MSN. Students can log in and be directed to the Enterprise and Compass home pages from the site.

Co-creator Kurt Smentek said he and co-creator Andrew Daniels sent Facebook messages to University students to promote the site.

“We thought ‘let’s make an easy, convenient Web site for students to use,'” Smentek said. “Everything’s in one place; they can just go to it. It’s basically making a Yahoo! for college students.”

The Web site provides several news feeds, a weather report and an entertainment section as well as links to the University’s home page, the Illinois directory, the campus calendar and the library. Smentek said they plan on adding a sports section.

The duo said the Web site links are not in violation of copyright laws.

“We don’t use any University logos or trademarks, so we don’t violate any copyright laws,” Smentek said. “So we don’t have to seek any permission from them.”

Smentek said they have received positive feedback from student users but not all students are on board with the site.

One student expressed concern over the possibility of students’ passwords being stolen and their University accounts being hacked.

“I just say ‘keep your eyes open, because stuff goes on all the time,'” said Jeff Schappaugh, sophomore in Engineering at the University. “I’d never expect anyone to try to get those (passwords), but I guess it can happen to anybody.”

Mike Corn, chief privacy and security officer for Campus Information Technology and Educational Services, agreed with Schappaugh’s concerns saying the site is “fundamentally insecure.”

“It’s not an encrypted page; it’s not a secure Web site – the https,” Corn said. “Its URL is ‘http,’ which means that when you provided your password, you’re providing it in plain text to anyone who happens to be looking at that network traffic.”

The Web site’s domain is misleading, and students may think it is a University-run Web site, which it is not, Corn said. Once students have logged in to the site, they have given access to their grades and personal information to anyone who monitors the site’s traffic. Students who have logged into their accounts through the Web site should change their passwords, he said.

“I have no idea what they’re doing with the site; it may not be malicious,” Corn said. “But what they are doing is exactly what the phishing people do.”

Smentek said he and Daniels started working on the University’s Web site in September and have received 10,000 hits since its creation. It was the first Web site either had created, Smentek said.

“It was a good idea,” Smentek said. “It’s not just a waste of time; its like ‘let’s actually do something productive.'”

Smentek said they plan on creating similar sites for other schools.

“We do plan on covering the entire Big Ten, probably from there go to the Pac Ten,” Smentek said. “Basically, hit the schools in the Midwest first and just expand from there.”