https://blog.cotti.com.br/en/categories/computing/Recent content in Computing on Conceptual OrthogonalityHugo -- gohugo.ioen-USThu, 16 Apr 2026 17:10:57 -0300https://blog.cotti.com.br/en/2026/04/16/copasa-is-killing-my-hopes/Thu, 16 Apr 2026 17:10:57 -0300https://blog.cotti.com.br/en/2026/04/16/copasa-is-killing-my-hopes/<img src="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/cover.png" alt="Featured image of post Copasa is killing my hopes" /><p>Today the missus sent me an image of an SMS sent to my father-in-law, wanting to know if I had received any water bills lately.</p> <p>The SMS had that classic scam vibe: trying to convey that sense of urgency. Sending a link with a little hash of an address that couldn&rsquo;t possibly be real: copasa.<strong>net</strong>.br. Well, Copasa is obviously .<strong>com</strong>.br, of course.</p> <p>&hellip;Right?</p> <p>I was just about to reply that <em>it&rsquo;s a scam, obviously! Just look at the domain</em>&hellip; But then I thought, &ldquo;wow, Copasa is really struggling with <em>infosec</em>, huh? They let some nutjob snatch up a .net.br with their name perfectly&rdquo;.</p> <p>Out of curiosity, I went to do a WHOIS on the domains.</p> <p><img src="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/whois-copasacombr.png" width="637" height="483" srcset="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/whois-copasacombr_hu_75d17f55eac9546f.png 480w, https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/whois-copasacombr_hu_2bb08f1de51c6eca.png 1024w" loading="lazy" alt="Copasa.com.br" class="gallery-image" data-flex-grow="131" data-flex-basis="316px" ></p> <p>OK, everything seems fine. And the scam one?</p> <p><img src="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/whois-copasanetbr.png" width="656" height="534" srcset="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/whois-copasanetbr_hu_ee4f22bbb2537bab.png 480w, https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/whois-copasanetbr_hu_6e64d18aad8b79e4.png 1024w" loading="lazy" alt="Copasa.net.br" class="gallery-image" data-flex-grow="122" data-flex-basis="294px" ></p> <p>&hellip;Huh?</p> <hr> <p>Okay, apparently Copasa has completely separated the institutional side from the customer service side, including not using the same domain. I don&rsquo;t really agree with it, but who knows how decisions are made there, aside from making my mother go without water for about 10 days out of pure procedural spite.</p> <p>But then you look at the certificate for the .net.br domain.</p> <p><img src="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/cert.png" width="827" height="722" srcset="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/cert_hu_eb85992873dd39c0.png 480w, https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/cert_hu_cb3befd42254c33c.png 1024w" loading="lazy" alt="Copasa.net.br’s certificate" class="gallery-image" data-flex-grow="114" data-flex-basis="274px" ></p> <p>Dude, are they seriously using the same certificate for staging and production? Seriously, they expose staging like this?</p> <p>You search for the domain on ye olde Googley, and their SEO is a degree worse than nonexistent, it&rsquo;s negligent. This is the first page:</p> <p><img src="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/copasa-p1.png" width="551" height="923" srcset="https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/copasa-p1_hu_c3bb96be036427cf.png 480w, https://blog.cotti.com.br/2026/04/16/a-copasa-tira-minhas-esperancas/copasa-p1_hu_c35e8e74d4030724.png 1024w" loading="lazy" alt="First page results for Copasa.net.br" class="gallery-image" data-flex-grow="59" data-flex-basis="143px" ></p> <p>Practically nothing added to facilitate a search result. But beyond that, you find a link on the first page to the admin panel of the SaaS they use for their customer service system. And beyond that, which is above the other, you also find a link to the admin panel in staging. I&rsquo;m not going any further with anything else for fear of knowing that this is also part of the structural decay, just to sell this state company for peanuts later.</p> <p>They use <a class="link" href="https://wetalkie.com/" target="_blank" rel="noopener" >WeTalkie</a>. Poor folks, paying for their sins by having a client like this. Copasa has been giving us headaches every now and then around here. The sad fate of the march of institutional decay is for it to become another CEMIG to convince the population that it&rsquo;s worthless. Lamentable.</p> <p>I remember going on a field trip to a treatment plant when I was a kid. I remember the filtration tanks, the settling tanks. But I don&rsquo;t remember when it was anymore, who I had as a classmate, things like that.</p> <p>It would be good if they &ldquo;treated&rdquo; the data security of the population that depends on them, because all this exposure is scary.</p>