RE: Comcast Cable Setup Security Issue

tbishop_at_micron.com
Date: 07/20/04

  • Next message: Ruiz Cifuentes, Rolando: "RE: Minimum password requirements"
    Date: Tue, 20 Jul 2004 09:00:43 -0400
    To: <security-basics@securityfocus.com>
    
    

    I am not sure why you had to go through such hoops to get a Comcast
    installation working. I have performed a dozen or so Comcast
    installations for friends and family without a hitch. The CD that you
    used is completely unnecessary. All you have to do is hookup your
    equipment, call Comcast to register your modem's MAC, and poof, you're
    done. I am not writing this to insult you (or your intelligence), but
    instead to hopefully save you time should you need to perform a Comcast
    installation in the future.

    -Thomas

    -----Original Message-----
    From: Gandalf The White [mailto:gandalf@digital.net]
    Sent: Sunday, July 18, 2004 10:14 PM
    To: security-basics@securityfocus.com
    Subject: Comcast Cable Setup Security Issue

    Greetings and Salutations:

    I am beginning to get a feel for why Comcast is at the top of the list
    for
    zombie spam boxes.

    I just set up an account for a friend who had a connection on the
    Comcast
    cable network.

    The instructions on the included CD-ROM (as soon as the CD started up)
    was
    to turn off all Anti-Virus and Firewall software on the computer. I
    called
    up Comcast tech support and told them that I was I was nervous about
    doing
    this, but I was assured that my computer would *only* be talking to the
    Comcast activation server. Lets just ignore that the computer would be
    talking to all the other machines on my local cable segment also.

    I had a router with firewall in between the computer and the Comcast
    network
    so I went ahead and deactivated the anti-virus and firewall software on
    the
    computer.

    I got half way through the activation and all of the sudden the process
    dies. Claimed I could not reach the HTTPS server or that I had not
    activated within the time allowed. I tried everything to start up the
    process again with no success.

    Called Comcast tech support. The tech (he was very efficient and nice)
    told
    me to DISCONNECT THE COMPUTER FROM THE ROUTER AND PLUG THE COMPUTER
    DIRECTLY
    INTO THE CABLE MODEM. This made me EXTREMELY nervous. I now have a
    computer (that was patched and up to date of course) ... BUT ... The
    antivirus and personal firewall software was PURPOSEFULLY turned off.
    By
    Comcast instructions. He walked me through connecting to the Comcast
    website and finishing up the activation steps. I tried (in the middle
    of
    his instructions) to ask if I could hook back into my router for a
    modicum
    of protection and was told no, I had to finish the setup.

    When I finished the setup (again, he was very nice and pleasant) I
    rebooted,
    hooked the computer back to the router/firewall, verified my antivirus
    and
    firewall were working and indeed everything worked fine.

    Being a computer / security professional I was (of course) thinking
    about
    all the very bad things that could happen to this computer while
    following
    Comcast's instructions.

    I know (and I think it is almost criminal) that many cable companied
    hook
    PC's up to a cable modem *all the time* without antivirus / firewall /
    updates / any kind of protection. But you would think that an
    installation
    would not require you to take away any kind of protection that a
    computer
    has. I can see some overzealous PC owner deleting the anti-virus and
    firewall software just to get their cable modem working.

    Ken

    ---------------------------------------------------------------
    Do not meddle in the affairs of wizards for they are subtle and
    quick to anger.
    Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC
    WWW Page - http://digital.net/~gandalf/
    Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
    Trolls crossposts - http://digital.net/~gandalf/trollfaq.html

    ------------------------------------------------------------------------

    ---
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    off 
    any course! All of our class sizes are guaranteed to be 10 students or
    less 
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of
    in-the-field 
    pen testing experience in our state of the art hacking lab. Master the
    skills 
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Ruiz Cifuentes, Rolando: "RE: Minimum password requirements"

    Relevant Pages

    • RE: Comcast Cable Setup Security Issue
      ... Comcast Cable Setup Security Issue ... to turn off all Anti-Virus and Firewall software on the computer. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Comcast Cable Setup Security Issue
      ... Comcast Cable Setup Security Issue ... to turn off all Anti-Virus and Firewall software on the computer. ... antivirus and personal firewall software was PURPOSEFULLY turned off. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Comcast Cable Setup Security Issue
      ... Every time you deal with tech support, one of the first things they ask ... Comcast Cable Setup Security Issue ... > anti-virus and firewall software on the computer. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Comcast Cable Setup Security Issue
      ... Comcast Cable Setup Security Issue ... I had a router with firewall in between the computer and the Comcast ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: Comcast Cable Setup Security Issue
      ... I have performed a dozen or so Comcast ... >> installation in the future. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)