Security Basics mailing list archives
Re: Comcast Cable Setup Security Issue
From: Gandalf The White <gandalf () digital net>
Date: Tue, 20 Jul 2004 21:02:54 -0500
Greetings and Salutations: On 7/20/04 5:20 PM, "Seth Hall" <seth () iotaengineering com> wrote:
Sorry, but I think everyone needs to realize that this is just reality for effective phone troubleshooting. When you are troubleshooting an issue over the phone, it is all about identifying the core problem. When I was doing end user Windows XP/ME/98 support via phone, one of the first things we would do on just about ANY problem would be to disable -and sometimes even uninstall- the antivirus/firewall software. We were not trained to configure these 3rd party systems and were punished if we spent time attempting to do so.
Aye. There's the rub. The CD I inserted told me to disable both of these *before* I even had to call tech support. Their "account activation" software required me to disable these before I even started. Now imagine your normal user going through the setup. They don't know WHAT they are doing, fumbling around trying to find the account number and password, they have completely disabled their antivirus and firewall, their Microsoft machine is happily talking on ports 134 - 139 and 445 (and who knows what other ports / what software they have installed) to any hacker that wanders by, and as I mentioned in a previous post:
From slide 45:
http://www.blackhat.com/presentations/bh-usa-03/ bh-us-03-honeynet-project/bh-us-03-honeynet.pdf "Fastest time honeypot manually compromised, 15 minutes" "Its only getting worse". I can EASILY see them taking 2, 3, 4, or more HOURS to finally get everything set up. In the meantime some hacker (BTW, guess what, the hackers know where the cable modem networks are and they scan those for easy prey) has been running something like enum and is actively trying / has cracked the password and installed a back door. Yes I am paranoid. Being in network security seems to have that effect on you. Especially when you see THOUSANDS of hits on your outside border router EVERY DAY on Microsoft ports.
I cannot tell you how many "problems" this step has solved by itself. Zonealarm in its early days was a nightmare. Norton was a total pain. These programs can completely break critical functionality, and the only way to restore usability is to uninstall them (sometimes manually, meaning having to rip registry keys manually and delete files manually).
No surprise here.
But the phone tech doesn't know that, and you are calling him for help. He has to fix that problem and he doesn't know the things that you think you know, so he has to get rid of factors that have proven to be problem-causing in the past. That means dumping glitchy antivirus software and disconnecting misconfigured firewalls, among other things. You may not have either of those, but he doesn't know that and has to assume that you do have those things. He knows just as well as any of us that there are risks of infection.
I just have to think that Comcast could have a much better way of activating your account or cable modem. I know that *I* could tell the IP and MAC address of a machine that is talking to me and (somehow) get that tucked that away into a database. I think that they are just being lazy / not creative enough to figure out how to get around disabling anti-virus and firewall software.
That said, it's not like he's asking you to get on IRC and download the latest warez while setting up your email account to get confirmation with a side of viruses. I know many here will "freak out" but the fact of the matter is if you are visiting official Comcast sites with a patched up box and are done and reconnected in under 10 minutes, your risk of infection is infinitesimally small. They aren't asking you to run forever without protection, just for now while they are on the clock and trying to get you up and running.
See the above. Between the compromised honeynet project and the fact that I know an inexperienced user will not be able to complete a daunting (yes, daunting to them, not to you or I) task like this in under 10 minutes I think we have lots of reasons to "freak out". Add to that that the user may or may not remember to turn the anti-virus and firewall software back on (I am assuming that they didn't uninstall the software because that is what they thought that they were being asked to do) I think that this is a problem.
If you're really concerned, keep a linux box nearby and hook that up. They need not know the details, as long as you can hook up a box and get on their site, they are happy. /Seth Hall
Again, easy for you or me to do. I am concerned with the normal user. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Comcast Cable Setup Security Issue, (continued)
- RE: Comcast Cable Setup Security Issue dave kleiman (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Burton M. Strauss III (Jul 21)
- Re: Comcast Cable Setup Security Issue Calvin Maready (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Michael Cecil (Jul 21)
- RE: Comcast Cable Setup Security Issue Steve Hillier (Jul 20)
- RE: Comcast Cable Setup Security Issue mike (Jul 21)
- RE: Comcast Cable Setup Security Issue Burton M. Strauss III (Jul 21)
- RE: Comcast Cable Setup Security Issue Seth Hall (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue SMiller (Jul 22)
- RE: Comcast Cable Setup Security Issue Andrew Aris (Jul 23)
- RE: Comcast Cable Setup Security Issue roger . smith (Jul 22)
- Re: Comcast Cable Setup Security Issue Brett (Jul 21)
- RE: Comcast Cable Setup Security Issue Steve Bostedor (Jul 20)
- Re: Comcast Cable Setup Security Issue pingywon MCSE (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- Re: Comcast Cable Setup Security Issue pingywon MCSE (Jul 21)
- Re: Comcast Cable Setup Security Issue pingywon MCSE (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- Re: Comcast Cable Setup Security Issue John Harmon (Jul 21)