Wednesday, July 26, 2006

MBTA: e-mail snitches

So my buddy Rob decided to take the T Web site redesign survey yesterday. After he was done, he clicked on the link to see the overall results of the survey. That took him to a page asking for a password.

Most people would quit there, but Rob's a daredevil. He tried the first thing he could think of as a password for the MBTA: Charlie. It worked.

And what Rob found was the survey results, along with the e-mail addresses of everyone who submitted the info to the survey.

Yes, that's a small transgression, and the worst that'll happen is some harvester will collect those addresses and send people more spam, but seriously: The T couldn't take some step to protect this information? Yeesh. And why have a password at all if its going to be so damn easy to figure out? It's like using your own name or "money" for your ATM card.

But it was interesting to see what people would like to see on the T Web site. The best suggestions: T maps overlaid with street maps, the ability to recharge CharlieCards online, and overall suggestions to simplify the design.

The best snarky sugesstion (via Jason): "Here is, so far, my favorite response to the question of what should be on its new website: 'Why we have such poor service'"


Charlie said...

hey thanks for the heads up on the password vulnerability. We changed it to something more secure. Keep it real.

Gary McGath said...

Groan. And that degree of ineptitude in computer security is so common it's scary.