Browse all Tuscany traffic fine photos

Browse all Tuscany traffic fine photos

This is not really technical, just a quick write-up to show you the poor computer system behind Tuscany municipality police “POLIZIA MUNICIPALE”.
After you have violated some traffic rule, like speeding or entering a restricted traffic area (like I did), firstly you’ll receive a letter from your car rental company stating they’ve charged your credit card. This amount is for handing your personal info to the police, plus a 20% sales tax. After a while you’ll receive the actual fine. This is a registered letter from the traffic police with stamps, signatures and a silvery sticker for authentication. On the front you have your personal info, info about the car, where it’s rented, where and when the violation took place and what paragraph you violated. On the back you will see the two sums that add up to your total amount, and where to pay it.

This is where it gets interesting. You get a website URL to visit, http://www.emo.nivi.it, along with a user name and a password. With this info, you log in to this Italian website. The website and login page looks dodgy. There is no encryption yet (no HTTPS in the URL). After logging in you can choose to view images that will authenticate the fine. this is funny.

This is me,










and this is a person being caught somewhere else, two days prior,










Huh?
The links to my photos looked like this
http://www.emo.nivi.it/Comandi/P015/Foto/02658638.jpg
http://www.emo.nivi.it/Comandi/P015/Nol/02658638.jpg
http://www.emo.nivi.it/Comandi/P015/Verb/02658638.jpg

Now try to increase or decrease one of the numbers in the image file name. Yes, you can literally scroll through thousands of traffic fines with very little effort. Without logging in first. For a software guy, it would probably take him nothing but a few hours of coding and implementing an “image-to-text” converter on the license plate # (it’s always in the same spot, bottom left corner). This way, he could automatically download an extensive database of fines given to persons in this area or what-/wherever the images are from.

After logging in there is a time-out detection based on events like a proper secure connection would have. Also, when entering the actual payment sequence, there is a HTTPS connection.

This article has 2 comments

  1. It’s crazy how sometimes people invest huge amount of time and money in security and how other times, basic and easy to implement stuff is not done…
    I imagine it’s the same thing with physical security…

    dan

  2. BLOG: How to easily browse thousands of copies of fines and traffic camera images from Tuscany, Italy. http://t.co/qUk5Fyvp

Leave a Reply