  LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5
1 edit |  Also a thread in the Comcast HSI forum
»Passwords of 8,000 Comcast Customers Exposed
Comcast customer support in the above msg thread claims that after duplicates in the list and inactive accounts were identified, there were only about 700 actual active accounts exposed. | |
|
 | Reviews:
 ·Armstrong Zoom ..
| Re: Also a thread in the Comcast HSI forum For a minute, I was surprised to see how many people used password as their... password?
Most ISPs usually require a number or something in there, but to allow for password to be the password is a little weird. Granted, it is all on the users side, for the ISP, spam and other problems are more the ISPs problem. | |
|
| | | | Re: Also a thread in the Comcast HSI forum RCN used to use "password" as a default password at one time. You are supposed to go on their web site and change it to something unique but some people never do. | |
|
| | |  dvd536as Mr. Pink as they comePremium
join:2001-04-27
Phoenix, AZ
kudos:4 | Re: Also a thread in the Comcast HSI forum said by WareWolF2k:RCN used to use "password" as a default password at one time. You are supposed to go on their web site and change it to something unique but some people never do. cox does the same thing.
-
if comcast still gives 2gb/mo on giganews, i bet lots of those were used to steal giganews service.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee | |
|
| | | | CorydonCultivant son jardinPremium
join:2008-02-18
Denver, CO | Re: Also a thread in the Comcast HSI forum They discontinued that a little while back. | |
|
| | |  cdruGo ColtsPremium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7 | said by WareWolF2k:RCN used to use "password" as a default password at one time. You are supposed to go on their web site and change it to something unique but some people never do. said by WareWolF2k:RCN used to use "password" as a default password at one time. You are supposed to go on their web site and change it to something unique but some people never do. That's why, as a system admin, I make the default password a 64-character mixture of upper and lower case letters, numbers, and symbols, and other unicode characters. Users get so frustrated the first time they have to enter the password and figure out how to type characters like ሎ, ১, and ש that they always change it. Of course they usually change it to "password" but at least the blame is on them and not me. | |
|
| | | |  aaronwtPremium
join:2004-11-07
Woodbridge, VA
 ·Verizon FiOS
1 edit | Re: Also a thread in the Comcast HSI forum said by cdru:said by WareWolF2k:RCN used to use "password" as a default password at one time. You are supposed to go on their web site and change it to something unique but some people never do. said by WareWolF2k:RCN used to use "password" as a default password at one time. You are supposed to go on their web site and change it to something unique but some people never do. That's why, as a system admin, I make the default password a 64-character mixture of upper and lower case letters, numbers, and symbols, and other unicode characters. Users get so frustrated the first time they have to enter the password and figure out how to type characters like ሎ, ১, and ש that they always change it. Of course they usually change it to "password" but at least the blame is on them and not me. 64 characters!?!?
I bet they love you. That is a crazy amount of characters to enter, even to initally setup up your own password. | |
|
| | | | | cdruGo ColtsPremium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7 | Re: Also a thread in the Comcast HSI forum said by aaronwt:64 characters!?!? I bet they love you. That is a crazy amount of characters to enter, even to initally setup up your own password. I wasn't serious. Typical password policy is 8 characters and must have at least 3 of the following 4 things: Uppercase, lowercase, number, symbol. | |
|
| |  pleekmoTriptoe Through The TulipsPremium
join:2001-09-14
Manchester, CT | Re: Passwords You just made my day! (Well, night, actually.)
I'd happened to find a Compaq Presario 6410nx in a midden. Wouldn't power up. I finally found out this evening that the thing uses standard ATX pinouts and I shove in a PSU that I happened to have lying about.
Powering up the computer I'm faced with an XP Pro login screen. Null password wouldn't work but your post prompted me to attempt "password". Well, it worked!
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front. | |
|
| | | Reviews:
·Armstrong Zoom ..
| Re: Passwords LOL... There are a lot of small businesses where I come in and do consulting for. When it is after the fact, meaning I come in after server and some PCs are setup, I try the following combination (50% say "I do not know the password" but login everyday)...
password (username as a password) null computer "the company phone number" "the company name" I
I
n many cases the password is written on a yellow sticky note buried in a pile or on the side of a monitor...
It is the age old security problem, password. I wish biometrics would be used more (I used to have an HP laptop that had a fingerprint scanner on it). Just have the user login using their fingerprint... they have to have fingers to type.
I wonder WHY have biometrics not become main-stream? They are cheap now, easy to use, and should be incorporated into the operating system (and they are in Windows, just like a smartcard)??? | |
|
| | | | DonLibesPremium,ExMod 2001
join:2003-01-19 | Re: Passwords Biometrics have all sorts of problems. It's all there in the literature. | |
|
|  LocoObviously InsanePremium
join:2002-11-09
405 Freeway
kudos:2 | Awesome ! | |
|
|
1 edit | And you believe them?
If they say the number is 700, you better wake up and realize it is probably triple that. That is nothing more then damage control talking, not reality.
Working for a IDS/IPS Security Operations Center, we handle outsourced accounts for allot of companies. I see first hand that what is reported as being compromised to the public is nothing more then PR talk. The real number of compromised accounts will most likely never see the light of day.
Security is most always an afterthought, especially in the world of ISP's. | |
|
 Smith6612Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:22
 ·Verizon Online DSL
·Frontier Communi..
| Freezing accounts... Well, it isn't much of a shock to hear of this considering I've ran into people from time to time that use admin or password for their passwords. At least Comcast is teaching their users about having good passwords, so they are taking a positive step in my direction for this. | |
|
Stumbles
join:2002-12-17
Port Saint Lucie, FL Reviews:
·AT&T U-Verse
| The smell of "eh"? Ermm, sounds like to me Comcast needs to "educate" their own syadmins/security experts about their own use of safe passwords. Now, maybe, just maybe those 8000 names *were* gathered from phishing attempts, but that is an awful lot of names from just *one* ISP. So the question is; is Comcast lying, or has other ISPs had similar phishing attempts with their customers. And if so, why is there no news about that? | |
|
|  en102Canadian, eh?
join:2001-01-26
Valencia, CA | Re: The smell of "eh"? I disagree on the 'number' at being from Comcast.
8,000 out of 15 million. That also may be 15 million 'subs' which may generate +30 million email adresses.
8,000/15,000,000 = 0.05%. | |
|
| |  jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | Re: The smell of "eh"? One of our PR folks (Charlie Douglas) just posted this on another site. Thought it may be interesting in relation to the question at hand:
Based on an initial analysis of the document, we have identified that only about 700 of these accounts are real. The list was likely generated as the result of a phishing scam or some kind of malware that affected customer computers. We have no reason to believe that any Comcast systems have been compromised. The site has removed the document and we are in the process of freezing access to any customer’s account on that list. We are also in the process of proactively contacting customers to let them know about this situation and the steps they can take to help protect themselves. It's precisely because of this kind of thing that we have been providing free security software and tools for years to help customers protect themselves from phishing scams and malware. The authorities have been alerted and we'll help with any investigation.
--
JL
Comcast | |
|
| | Caps I'm sure someone will find a way to relate this to Comcast's caps.  | |
|
| | | Re: Caps Yes, it is this type of account exposure that causes the ISPs to implement caps.
DOWN WITH CAPS. Free Tibet. Legalize pot.
Sorry... | |
|
| | | | Re: Caps said by keyboard5684:Yes, it is this type of account exposure that causes the ISPs to implement caps. DOWN WITH CAPS. Free Tibet. Legalize pot. Sorry... LOL that is good signature material... | |
|
| | | | | Re: Caps said by fifty nine:said by keyboard5684:Yes, it is this type of account exposure that causes the ISPs to implement caps. DOWN WITH CAPS. Free Tibet. Legalize pot. Sorry... LOL that is good signature material... I second that. Hey Karl - make that the offical slogan of DSLReports  . | |
|
| |  h7
@charter.com | said by keyboard5684:Yes, it is this type of account exposure that causes the ISPs to implement caps. DOWN WITH CAPS. Free Tibet. Legalize pot. Sorry... Heh yep. 8000 + password + Scribd + vuthanhan2004 + Comcast = CAPS! Heh.
h#7 | |
|
quatrixPremium
join:2005-02-11
South FL
kudos:2 | Out of how many millions of customers? This is nothing. | |
|
| en102Canadian, eh?
join:2001-01-26
Valencia, CA | Re: Out of how many millions of customers? Yup - like I posted... ~ 0.05% (assuming 8000/15million)
--
Canada = Hollywood North | |
|
| | | | Re: Out of how many millions of customers? said by en102:Yup - like I posted... ~ 0.05% (assuming 8000/15million) Comcast has right at 27.7 million user ids. | |
|
| | | h7
@charter.com | Re: Out of how many millions of customers? said by TraumaJ :said by en102:Yup - like I posted... ~ 0.05% (assuming 8000/15million) Comcast has right at 27.7 million user ids. Well according to both of those guesstimations then the answer would be ( 27.7M x 0.05% = ) 13850, not 8000. But I doubt that; if Comcast can't get their facts straight, then we probably aren't either... :P
h#7 | |
|
|  ptrowskiGot Helix?Premium
join:2005-03-14
Putnam, CT
kudos:4 | It's only nothing if you are not one of the affected folks. | |
|
| | s maybe i can finally figure out my password | |
|
| DesdinovaPremium
join:2003-01-26
Gaithersburg, MD | Re: s Just google yer username and it'll probably pop up on a phished list somewhere...  | |
|
| | | | Re: s I just did that and the only thing that came up was my post here at DSLR. | |
|
| | | DesdinovaPremium
join:2003-01-26
Gaithersburg, MD | Re: s That's what They WANT you to think...MOOOOOO HA HAAAA!! | |
|
 mobOn the next level..Premium
join:2000-10-07
·SureWest Internet
| Only 8,000? Why that's COMCASTIC!
Seriously, they are setting new standards in F#*%&%(@ up.
They should merge with AIG, they got skills to save teh day!
--
If we do not succeed, then we run the risk of failure - J. Danforth Quayle
Ich habe kein Mitleid - Me | |
|
| ebubman
join:2002-01-17
Mechanicsburg, PA | Re: Only 8,000? ummm, if our goods were out there, is comcast going to let us know or do we have to wait until something happens to find out? | |
|
| Bill03Premium
join:2007-11-26
Richmond, VA | said by mob:Why that's COMCASTIC! Seriously, they are setting new standards in F#*%&%(@ up. Naw, they are pikers. See these links:
»www.msnbc.msn.com/id/11064775/
And the Hotels.com article at »catless.ncl.ac.uk/Risks/24.31.html#subj3
Not to mention two of my credit card companies who have had to send me (and thousands of my fellow card holders) new credit cards in the last six month due to stolen data. | |
|
 ff1324Everybody Goes HomePremium
join:2002-08-24
On Four Day | Plain text? More importantly, why are the passwords being maintained in plain text instead of being hashed? | |
|
| |
 CUBS_FANNext Year Again..
join:2005-04-28
Chicago, IL
kudos:1 | Common Courtesy Do you think Comcast would or could notify the unfortunate accounts that their UN + PW's are exposed asking them to change their publicly known password? | |
|
| | Please Wouldn't surprise me if this was a Comcast rouse, that they leaked it themselves, in order to further push that crappy useless McAfee "Security Suite" junk on customer's computers. They've already been falsely accusing customers of sending spam in order to do that. Comcast must make a percentage off every unsuspecting customer they can install that garbage software on. | |
|
| CUBS_FANNext Year Again..
join:2005-04-28
Chicago, IL
kudos:1 Reviews:
 ·Vonage
·Comcast
·magicjack.com
| Re: Please said by EndCorpscumbags :
Wouldn't surprise me if this was a Comcast rouse, that they leaked it themselves, in order to further push that crappy useless McAfee "Security Suite" junk on customer's computers.
I just had to reformat a friends laptop that had preinstalled McAfee on it. Rootkits got to it so bad that when I scanned it and found 50 viruses I couldn't boot the poor thing up. Nothing but Blue Screen Of Death! Something went wrong with the pci.sys file. I also noticed in the log after the scan was performed with Avira something about beep.sys infections. Anyways when I restored the laptop I made sure to uninstall McAfee and run the McAfee cleanup application to get rid of it completely. F.W.I.W there was 250 other detections when using Adaware.
Other installed apps that failed this computer:
•Syware Nuker
•SuperAntispyware
•AVG anti spyware | |
|
| | h7
@charter.com | Re: Please said by CUBS_FAN:said by EndCorpscumbags :
Wouldn't surprise me if this was a Comcast rouse, that they leaked it themselves, in order to further push that crappy useless McAfee "Security Suite" junk on customer's computers.
I just had to reformat a friends laptop that had preinstalled McAfee on it. Rootkits got to it so bad that when I scanned it and found 50 viruses I couldn't boot the poor thing up. Nothing but Blue Screen Of Death! Something went wrong with the pci.sys file. I also noticed in the log after the scan was performed with Avira something about beep.sys infections. Anyways when I restored the laptop I made sure to uninstall McAfee and run the McAfee cleanup application to get rid of it completely. F.W.I.W there was 250 other detections when using Adaware. Other installed apps that failed this computer: •Syware Nuker •SuperAntispyware •AVG anti spyware Yeah I hear you on that. I did the same thing but for them it had been going on for about 3 years (via the system history and data) with at least 2 different owners and a grand total of over 37,000 adware/malware/virus/rootkit/trojan/worm related files. It had turned into a zombie machine by the time I had come to it and was using the wireless connection to connect to several virus servers and downloading the latest on those every time it was turned on. It took a ton of work and some pretty shrewd fixes and rooting out as well as your standard extreme tactics (software and hardware) over 2 weeks. I sort of wish I would have thought to record a video of it just so people would know what happens when you figure you're just going to be alright before "surfing the internet" without even using computers before. BTW most of the programs purporting to be anti-spyware and anti-adware et al are none other than exactly what they say they get rid of. Unfortunate for those who figure they'll just download something and there are popups telling them "Click HERE to fix the viruses and spyware found on your computer". Sad.
h#7 | |
|
| | aaronwtPremium
join:2004-11-07
Woodbridge, VA Reviews:
·Verizon FiOS
1 edit | said by CUBS_FAN:said by EndCorpscumbags :
Wouldn't surprise me if this was a Comcast rouse, that they leaked it themselves, in order to further push that crappy useless McAfee "Security Suite" junk on customer's computers.
I just had to reformat a friends laptop that had preinstalled McAfee on it. Rootkits got to it so bad that when I scanned it and found 50 viruses I couldn't boot the poor thing up. Nothing but Blue Screen Of Death! Something went wrong with the pci.sys file. I also noticed in the log after the scan was performed with Avira something about beep.sys infections. Anyways when I restored the laptop I made sure to uninstall McAfee and run the McAfee cleanup application to get rid of it completely. F.W.I.W there was 250 other detections when using Adaware. Other installed apps that failed this computer: •Syware Nuker •SuperAntispyware •AVG anti spyware I've been using Mcafee for years. I have it on my Windows Home server and also on 7 PCs. I've never had any problems with viruses, and I also get around one thousand emails a day through my 50 email accounts.
Although I only use the Virus scanning, site advisor and Spam protection. I don't use anything else in the security suite. | |
|
| | Exposed. Dirty old man you are comcast!
- A
--
LETS GO METS! | |
|
|
|
