Apr. 13th, 2010

andrewducker: (Default)
So, I got an email from The Student Loans Company.

Well, it _said_ it was from the SLC, but I don't have a student loan any more.

And when I hovered over the link to the website that wanted me to "verify your details", it didn't seem to be pointing to the website that the text would indicate.

Not that it was easy to tell - as the popup with the link text in it only showed 80 characters - the last 80 characters.

So I clicked on it.  On my phone, as I figured that the number of viruses, etc. that target Webkit on a Nokia must be somewhere near zero.

And then discovered that the only way to find out what the actual address of the page you're on under the Nokia Webkit browser is buried in the menu system.

So when I got the page name I decided to visit the root domain and see what that was.

Lo and Behold - a WordPress install, last updated in 2008.  And thus undoubtedly full of holes.

So I used the "contact" form there to drop the owner an email.  Which will probably go to a dead email box that they haven't checked since 2008.

Further checking shows that the Student Loans Company don't have an SPF record set up to prevent people from impersonating them when sending email.  Which means that botnets are free to send email that "comes from" them.

And this is why we can't have nice things.
andrewducker: (Default)
andrewducker: (geekiness = sexiness)
(On bilingual signage)
Klingon Signs would probably say "only a man with no honor would park here between the hours of 9am and 5pm!"

From

August 2025

S M T W T F S
      1 2
3 4 5 6 7 8 9
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 10th, 2025 07:46 am
Powered by Dreamwidth Studios