Security Basics mailing list archives
RE: Comcast Cable Setup Security Issue
From: "Taylor, Bud" <BTaylor () stginc com>
Date: Wed, 21 Jul 2004 13:50:14 -0400
LOL....I had one sitting there for almost three hours telling me there was something wrong with my PC. After I assisted him we were eventually able to ping. Seems two of the nics he brought did not play well with my hardware...Chuckle Heads ! -----Original Message----- From: Calvin Maready [mailto:cc.cal () verizon net] Sent: Wednesday, July 21, 2004 12:28 AM To: security-basics () securityfocus com Subject: Re: Comcast Cable Setup Security Issue My brother just got cable here from charter communications, and the guy downloaded a free virus scan that will work for 30 days, then it expires, and told him to uninstall the firewall i installed for him. He said now that since has the virus scan its ok to uninstall the firewall, it will just be a hassle 'n cause problems. I know the routers Charter issues does not have a built in firewall. Makes me wonder, do any of the cable technicians that hook up the cable have any knowledge of computers? Do they have to know anything about computers or networking to become a cable hooker-upper? My opinion is they should just be a cable person and leave the computer security to people who know what they're doing. ----- Original Message ----- From: "dave kleiman" <dave () isecureu com> To: <security-basics () securityfocus com> Cc: "'Gandalf The White'" <gandalf () digital net> Sent: Tuesday, July 20, 2004 12:25 AM Subject: RE: Comcast Cable Setup Security Issue
Ken, You actually have to install software to utilize Comcast's cable network? So in your scenario, where you removed the Router installed and
reconnected,
if you add/switch computers behind the router do you have to install/reinstall? You have no option to use your own cable modem? Vote Adelphia, and no I do not work them. ______________________________________ Dave Kleiman, CISSP, CISM, CIFI, MCSE www.SecurityBreachResponse.com -----Original Message----- From: Gandalf The White [mailto:gandalf () digital net] Sent: Sunday, July 18, 2004 22:14 To: security-basics () securityfocus com Subject: Comcast Cable Setup Security Issue Greetings and Salutations: I am beginning to get a feel for why Comcast is at the top of the list for zombie spam boxes. I just set up an account for a friend who had a connection on the Comcast cable network. The instructions on the included CD-ROM (as soon as the CD started up) was to turn off all Anti-Virus and Firewall software on the computer. I
called
up Comcast tech support and told them that I was I was nervous about doing this, but I was assured that my computer would *only* be talking to the Comcast activation server. Lets just ignore that the computer would be talking to all the other machines on my local cable segment also. I had a router with firewall in between the computer and the Comcast
network
so I went ahead and deactivated the anti-virus and firewall software on
the
computer. I got half way through the activation and all of the sudden the process dies. Claimed I could not reach the HTTPS server or that I had not activated within the time allowed. I tried everything to start up the process again with no success. Called Comcast tech support. The tech (he was very efficient and nice)
told
me to DISCONNECT THE COMPUTER FROM THE ROUTER AND PLUG THE COMPUTER
DIRECTLY
INTO THE CABLE MODEM. This made me EXTREMELY nervous. I now have a computer (that was patched and up to date of course) ... BUT ... The antivirus and personal firewall software was PURPOSEFULLY turned off. By Comcast instructions. He walked me through connecting to the Comcast website and finishing up the activation steps. I tried (in the middle of his instructions) to ask if I could hook back into my router for a modicum of protection and was told no, I had to finish the setup. When I finished the setup (again, he was very nice and pleasant) I
rebooted,
hooked the computer back to the router/firewall, verified my antivirus and firewall were working and indeed everything worked fine. Being a computer / security professional I was (of course) thinking about all the very bad things that could happen to this computer while following Comcast's instructions. I know (and I think it is almost criminal) that many cable companied hook PC's up to a cable modem *all the time* without antivirus / firewall / updates / any kind of protection. But you would think that an
installation
would not require you to take away any kind of protection that a computer has. I can see some overzealous PC owner deleting the anti-virus and firewall software just to get their cable modem working. Ken --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Comcast Cable Setup Security Issue, (continued)
- Re: Comcast Cable Setup Security Issue John Harmon (Jul 21)
- RE: Comcast Cable Setup Security Issue tbishop (Jul 20)
- RE: Comcast Cable Setup Security Issue Herman F. Ebeling Jr. (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Lopez, Jason (ISS Southfield) (Jul 21)
- RE: Comcast Cable Setup Security Issue Tim Sceurman (Jul 22)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- Re: Comcast Cable Setup Security Issue - Follow-up jpc (Jul 27)
- RE: Comcast Cable Setup Security Issue - Follow-up Burton M. Strauss III (Jul 28)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- RE: Comcast Cable Setup Security Issue SMiller (Jul 23)
- RE: Comcast Cable Setup Security Issue Taylor, Bud (Jul 22)
- RE: Comcast Cable Setup Security Issue Ryan Murphy (Jul 22)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 22)