RE: Comcast Cable Setup Security Issue
roger.smith_at_calyonfinancial.com
Date: 07/21/04
- Previous message: Ryan Murphy: "RE: Comcast Cable Setup Security Issue"
- In reply to: Seth Hall: "RE: Comcast Cable Setup Security Issue"
- Next in thread: Brett: "Re: Comcast Cable Setup Security Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Wed, 21 Jul 2004 12:31:31 -0500
I agree with this Seth's post. There are two sides to every support call.
The ordinary end user rarely understands how their AV or FW work and often
misconfigure them then.....woops! They don't have internet access or a
clue what they might have done. Even the people with clues can't put it
into words when they speak to tech support. It's a maze of
miscommunication.
On the other hand - often the gal/guy installing the unit knows less than
either the end user or the tech support when it comes to AV and personal
firewalls. They are trained to know what works and to scrap all the rest
because it's well beyond their responsibility to do customized
installations.
I haven't encountered two home or SOHO PCs that are configured the same.
There are two but I haven't encountered them.
My recommendation: keep reminding the designers of these products there is
a lot of room for improvement. Until they do....it's good job "security"
:)
Whatever happened to Larry Ellison's Internet Appliance PC? ;)
Roger Smith
"Seth Hall"
<seth@iotaenginee
ring.com> To
"'Gandalf The White'"
07/20/2004 05:20 <gandalf@digital.net>,
PM <security-basics@securityfocus.com>
cc
Subject
RE: Comcast Cable Setup Security
Issue
Sorry, but I think everyone needs to realize that this is just reality
for effective phone troubleshooting. When you are troubleshooting an
issue over the phone, it is all about identifying the core problem. When
I was doing end user Windows XP/ME/98 support via phone, one of the
first things we would do on just about ANY problem would be to disable
-and sometimes even uninstall- the antivirus/firewall software. We were
not trained to configure these 3rd party systems and were punished if we
spent time attempting to do so.
I cannot tell you how many "problems" this step has solved by itself.
Zonealarm in its early days was a nightmare. Norton was a total pain.
These programs can completely break critical functionality, and the only
way to restore usability is to uninstall them (sometimes manually,
meaning having to rip registry keys manually and delete files manually).
Now that I have come over to a Network Admin position for a
small-to-medium, I understand that one might think "But I -know- that my
firewall/antivirus isn't the problem, because I thoroughly researched
these things and have reasons X Y and Z why it couldn't be those
things." Yes, that's true.
But the phone tech doesn't know that, and you are calling him for help.
He has to fix that problem and he doesn't know the things that you think
you know, so he has to get rid of factors that have proven to be
problem-causing in the past. That means dumping glitchy antivirus
software and disconnecting misconfigured firewalls, among other things.
You may not have either of those, but he doesn't know that and has to
assume that you do have those things. He knows just as well as any of us
that there are risks of infection.
That said, it's not like he's asking you to get on IRC and download the
latest warez while setting up your email account to get confirmation
with a side of viruses. I know many here will "freak out" but the fact
of the matter is if you are visiting official Comcast sites with a
patched up box and are done and reconnected in under 10 minutes, your
risk of infection is infinitesimally small. They aren't asking you to
run forever without protection, just for now while they are on the clock
and trying to get you up and running.
If you're really concerned, keep a linux box nearby and hook that up.
They need not know the details, as long as you can hook up a box and get
on their site, they are happy.
/Seth Hall
-----Original Message-----
From: Gandalf The White [mailto:gandalf@digital.net]
Sent: Sunday, July 18, 2004 7:14 PM
To: security-basics@securityfocus.com
Subject: Comcast Cable Setup Security Issue
Greetings and Salutations:
I am beginning to get a feel for why Comcast is at the top of the list
for
zombie spam boxes.
I just set up an account for a friend who had a connection on the
Comcast
cable network.
The instructions on the included CD-ROM (as soon as the CD started up)
was
to turn off all Anti-Virus and Firewall software on the computer. I
called
up Comcast tech support and told them that I was I was nervous about
doing
this, but I was assured that my computer would *only* be talking to the
Comcast activation server. Lets just ignore that the computer would be
talking to all the other machines on my local cable segment also.
I had a router with firewall in between the computer and the Comcast
network
so I went ahead and deactivated the anti-virus and firewall software on
the
computer.
I got half way through the activation and all of the sudden the process
dies. Claimed I could not reach the HTTPS server or that I had not
activated within the time allowed. I tried everything to start up the
process again with no success.
Called Comcast tech support. The tech (he was very efficient and nice)
told
me to DISCONNECT THE COMPUTER FROM THE ROUTER AND PLUG THE COMPUTER
DIRECTLY
INTO THE CABLE MODEM. This made me EXTREMELY nervous. I now have a
computer (that was patched and up to date of course) ... BUT ... The
antivirus and personal firewall software was PURPOSEFULLY turned off.
By
Comcast instructions. He walked me through connecting to the Comcast
website and finishing up the activation steps. I tried (in the middle
of
his instructions) to ask if I could hook back into my router for a
modicum
of protection and was told no, I had to finish the setup.
When I finished the setup (again, he was very nice and pleasant) I
rebooted,
hooked the computer back to the router/firewall, verified my antivirus
and
firewall were working and indeed everything worked fine.
Being a computer / security professional I was (of course) thinking
about
all the very bad things that could happen to this computer while
following
Comcast's instructions.
I know (and I think it is almost criminal) that many cable companied
hook
PC's up to a cable modem *all the time* without antivirus / firewall /
updates / any kind of protection. But you would think that an
installation
would not require you to take away any kind of protection that a
computer
has. I can see some overzealous PC owner deleting the anti-virus and
firewall software just to get their cable modem working.
Ken
---------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- DISCLAIMER: This communication may contain privileged and/or confidential information and is intended only for the use of the individual or entity to whom it is addressed. No waiver of confidentiality or privilege is made by mistransmission. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized dissemination, distribution, reading, printing, copying and/or use of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by return e-mail and delete this message from your system as well as destroy any paper copies made. Calyon Financial makes no representation or warranty regarding the correctness of any information contained herein, or the appropriateness of any transaction for any person. Nothing herein shall be construed as a recommendation to buy or sell any financial instrument or security. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Ryan Murphy: "RE: Comcast Cable Setup Security Issue"
- In reply to: Seth Hall: "RE: Comcast Cable Setup Security Issue"
- Next in thread: Brett: "Re: Comcast Cable Setup Security Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
