funsec mailing list archives
Treo bridge tolling account and spam
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Sat, 6 Oct 2012 11:21:18 -0800
Recently one of the bridges in my area was replaced by a new one. The new Port Mann Bridge is, at the moment, apparently the widest in the world, and will relieve congestion on the existing bridge, which has been a huge bottleneck for years. (Why do I keep flashing on an old saying about "traffic expands to fill anything made available for it ..."?) In order to pay for it, our currently right-wing) provincial government has formed a "public/private partnership" with a shell corporation which gets to "lease" the bridge for about fifity years and put tolls on it. I'm not sure I'll have a lot of use for the Port Mann Bridge when it gets tolled (except to get out to the Olive Garden, until they build one closer in). It's been such a bottleneck for so long that I've found all kinds of ways to avoid it. (There is another tolled bridge in the area, and I've only traveled over it once, in the first "free" week, just to find out where it was and went.) But I figured I'd get the decal anyway, especially since it gets you a discount, and some extra bucks (equivalent to about 20 free trips) to start off. You'll have heard about the debacle in regard to the phone registration, where some of the clerks were in business for themselves, and stole credit card numbers. So I figured I'd register via the Website. The process wasn't too arduous, although I found it odd that American Express, which I use for most of my pre-authorized charges, wasn't acceptable. (I also found out that my password algorithm, while it is long, complex, and uses mixed case and non-alphabetic characters, doesn't generate a number in all cases. Apparently you have to have a number.) I didn't realize that I didn't get a confirmation email until this morning, when I checked the spam filters. There it was. And, I have to agree. If *I* was a spam filter, I'd have said it was spam, too. It's a mess. Looking at the body, I can't make out anything it is trying to do (other than create all kinds of buttons). The spam report says: 0.00 NO_REAL_NAME From: does not include a real name 0.00 BSF_SC0_MISMATCH_TO Envelope rcpt doesn't match header 0.00 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.00 URI_TRUNCATED BODY: Message contained a URI which was truncated 0.00 HTML_MESSAGE BODY: HTML included in message Treo itself seems to use a system called Barracuda, and this system also scores the message as spam. (It also seems to have an AV scanner, which appears to be turned off. Apparently Treo is not concerned about sending viruses out to infect other people.) So, the Treo people don't seem to be very concerned about information security. Which gets me thinking: Is the bridge safe? ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org People demand freedom of speech as a compensation for the freedom of thought which they seldom use. - Soren Kierkegaard victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Treo bridge tolling account and spam Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 06)
- Re: Treo bridge tolling account and spam Rich Kulawiec (Oct 06)