Treo bridge tolling account and spam

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>]

Recently one of the bridges in my area was replaced by a new one.  The new Port 
Mann Bridge is, at the moment, apparently the widest in the world, and will 
relieve congestion on the existing bridge, which has been a huge bottleneck for 
years.  (Why do I keep flashing on an old saying about "traffic expands to fill 
anything made available for it ..."?)

In order to pay for it, our currently right-wing) provincial government has formed 
a "public/private partnership" with a shell corporation which gets to "lease" the 
bridge for about fifity years and put tolls on it.

I'm not sure I'll have a lot of use for the Port Mann Bridge when it gets tolled 
(except to get out to the Olive Garden, until they build one closer in).  It's been 
such a bottleneck for so long that I've found all kinds of ways to avoid it.  (There 
is another tolled bridge in the area, and I've only traveled over it once, in the first 
"free" week, just to find out where it was and went.)  But I figured I'd get the decal 
anyway, especially since it gets you a discount, and some extra bucks (equivalent 
to about 20 free trips) to start off.

You'll have heard about the debacle in regard to the phone registration, where 
some of the clerks were in business for themselves, and stole credit card numbers.  
So I figured I'd register via the Website.  The process wasn't too arduous, although 
I found it odd that American Express, which I use for most of my pre-authorized 
charges, wasn't acceptable.  (I also found out that my password algorithm, while it 
is long, complex, and uses mixed case and non-alphabetic characters, doesn't 
generate a number in all cases.  Apparently you have to have a number.)

I didn't realize that I didn't get a confirmation email until this morning, when I 
checked the spam filters.  There it was.

And, I have to agree.  If *I* was a spam filter, I'd have said it was spam, too.  It's a 
mess.  Looking at the body, I can't make out anything it is trying to do (other 
than create all kinds of buttons).  The spam report says:
        0.00 NO_REAL_NAME           From: does not include a real name
        0.00 BSF_SC0_MISMATCH_TO    Envelope rcpt doesn't match header
        0.00 MIME_HTML_ONLY         BODY: Message only has text/html MIME 
parts
        0.00 URI_TRUNCATED          BODY: Message contained a URI which was 
truncated
        0.00 HTML_MESSAGE           BODY: HTML included in message

Treo itself seems to use a system called Barracuda, and this system also scores the 
message as spam.  (It also seems to have an AV scanner, which appears to be 
turned off.  Apparently Treo is not concerned about sending viruses out to infect 
other people.)

So, the Treo people don't seem to be very concerned about information security.  
Which gets me thinking:

Is the bridge safe?

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
People demand freedom of speech as a compensation for the freedom
of thought which they seldom use.                - Soren Kierkegaard
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.