More genius:

[14:45:27 jaidev@~]$ host -t mx yahoogroups.com
yahoogroups.com mail is handled by 10 mta2.grp.vip.scd.yahoo.com.
yahoogroups.com mail is handled by 20 mta1.grp.vip.re1.yahoo.com.
yahoogroups.com mail is handled by 30 mta12.grp.scd.yahoo.com.
yahoogroups.com mail is handled by 30 mta13.grp.scd.yahoo.com.
yahoogroups.com mail is handled by 30 mta14.grp.scd.yahoo.com.
[14:45:31 jaidev@~]$ telnet mta2.grp.vip.scd.yahoo.com 25
Trying 66.218.67.194…
Connected to mta2.grp.vip.scd.yahoo.com.
Escape character is ‘^]’.
220 yahoogroups.com ESMTP
helo <censored>
250 yahoogroups.com
mail from: <censored>
250 ok
rcpt to: <censored>@yahoogroups.com
250 ok
data
354 go ahead
Subject: Photos
.
554 we cannot accept this message because it appears to contain virus (#5.7.1)
quit
221 yahoogroups.com
Connection closed by foreign host.


Yahoogroups just refuses to accept emails with a subject line containing just Photos. Wow, my spamassassin setup is better than that.

Permalink | Trackback | Rants, Tech

No Comments

Is it just me or does this seem like a badly thought out one? I’m not questioning its feasibility or anything - throw a billion people at any venture and it is bound to be a success or rather won’t be a miserable failure. But, given how crowded our trains are, and how unsafe they feel at most times, I wonder how many people would dare withdrawing any amount of money in full view of a hundred people with whom they’d have to spend the next few hours / days. The other ATMs are different as one isn’t obliged to stick around the ATM and with the people around the ATM.

My evil mind already has a game to spook the users. Hang around these ATMs, the moment somebody uses it, follow them back and note down their seat numbers. On a 48 hour train, its bound to give them a couple of sleepless nights!

Permalink | Trackback | Humour, Rants

No Comments

Just when I thought I was having a good start to the week -

Jaidev:

There is some custom setting on your email client which is adding “|” characters and makes it pretty hard to follow the history of email. See below. Would appreciate if we can do something there.

Thanks
~~~~~~

I spent a good amount of time thinking what my response should be -

• google.com/search?q=email+quoting
• Don’t ****in read it, you inconsequential CC recipient

Eventually I chose discretion over valour and decided to post it here instead. Somebody in this industry has got to figure out what to do with pointy haireds‘ time.

Permalink | Trackback | Humour, Rants

1 Comment

Yes, I’m back to ranting about everybody’s favourite e-mail address vendor bank. Citibank’s online banking code goes something like this -

switch ($input) {
        case x:
                /* User wants what we want him to want. Ooooh baby!
                  * We love him. Lets give him what he wants. */
                $email = lookup_email ($user);
                send_email_address_to_spammers ($email);
                handle_user_request();
                break;
        default:
                /* Uh, oh! I don't think we'd ever be here. */
                $email = lookup_email ($user);
                send_email_address_to_spammers ($email);
                do_logout ($user);
                break;
}

So every time I select something that they didn’t expect, I get logged off. This, of course, is browser dependent which makes it all the more stupid. Is this paranoid programming?

Wait, there’s more stupidity. RBI introduced real time fund transfer between banks called RTGS. Citibank, of course, has to screw up this simple facility. They decided to make a cool drop down box to help us choose the bank and the branch. Now I know that there are strong emotions regarding the change in Bangalore’s name to Bengalooru, but Citibank takes it to an entirely new level. If you don’t find your bank / branch under one version of the city’s name, you’re expected to try another variant. Thats not all, they even list suburbs like BANNERGHATTA and JAYANAGAR. Citibank somehow managed to screw up the presentation of a simple simple list published by the RBI. I don’t know if Bangalore is known by another mysterious name, but I didn’t find HSBC Bangalore in that list!

Permalink | Trackback | Rants, Tech

1 Comment

Its not secret that Indian banks now encourage online banking. This is very cost-effective for them, and hassle free for the customers. One major worry of course, is security. With great powers comes great responsibility, and banks do anything to project a secure image of their online services.

Case in study, my favourite spammer and email address vendor bank citibank.

The Citi, of course, never sleeps. Sometime last year they introduced a javascript based virtual keyboard for logins. This was designed to ensure that key-logging trojans don’t log passwords, but it only lulls the user into a false sense of security.

Security that never sleeps

Firstly, it makes passwords themselves less secure by making them case-insensitive and shorter. Moreover, since evil hax0rs have already broken into your box to install key-loggers, whats stopping them from installing a screen capturing program to record your clicks? Better still, why not redirect the poor user to the hax0r’s own version of the virtual keyboard and log the password? Oh yeah, and its already been compromised.

That’s not all. Enter a wrong password and it takes you to a page with a message that reads “For your protection you’ve been logged off. Please close all your active windows and try login again“. Theres more. The window itself self-destructs in a few seconds. Cool ain’t it? Wait there’s more. You’ll not be able to login without closing all your browser windows.

In fact, this fantastic security measure is more annoying than useful. All it does is maps the failed login to a cookie on your machine which expires with the browser session. As long as the browser sends the cookie (citibank.co.in, JSESSIONID), you’ll not be able to login. If it was indeed an illegal attempt, this is akin to catching a thief red-handed and subsequently asking him to carry a tag branding him a robber. Delete the cookie and you’ll be able to login again. In fact, they offer the solution themselves. Close all the browser windows, and you’ll be able to login again. If you’re a wannabe hacker, why wouldn’t you try again this way?

All this “security measure” does is annoy the legitimate user when he inadvertently enters the wrong password. Absolutely nothing else. Most other banks deal better with this. They offer you 3 tries and lock you out until you contact them offline.

These are just two fancy toys masquerading as “security measures” designed to make the user feel comfortable. I believe that the real measures should be transparent to the user. If their in-your-face security features are so useless, I for one, would begin to wonder if any of their security measures are any good.

Permalink | Trackback | Rants, Tech

No Comments