Security Basics mailing list archives
RE: Comcast Cable Setup Security Issue
From: Ryan Murphy <RMurphy () irvinecompany com>
Date: Wed, 21 Jul 2004 09:56:34 -0700
What did you mean when you wrote:
With Microsoft XP vulnerabilities and the way that it readily broadcasts
any
password information that it is asked for, please reassure me that I shouldn't be concerned.
Do you have an article you can link me to that explains how XP readily broadcasts PW information? Thanks, Ryan -----Original Message----- From: Gandalf The White [mailto:gandalf () digital net] Sent: Tuesday, July 20, 2004 6:42 PM To: pingywon MCSE; Steve Bostedor Cc: security-basics () securityfocus com Subject: Re: Comcast Cable Setup Security Issue Greetings and Salutations: On 7/20/04 3:10 PM, "pingywon MCSE" <pingywon () gmail com> wrote:
While I agree that some ISP make things a little more difficult then they need to be (in most cases AV doesn't need to be turned off)
Not only that, you shouldn't need to have special software to register your system. Just activate your account from that computer and viola, it reads your MAC address from the router automagically.
...but its the better "un"safe then sorry mentality. I mean as far a comcast is concerned .. I have NEVER used thier silly CD to set up their cable Internet. What does it even really do ? .... make sure my TCP/IP stack is conffiged to DHCP ?
That passed though my mind also. What *IS* this software doing and what personal information is it sending to Comcast?
All in all I feel you gentlemen are being a little overly zealous, I mean how long was your PC really connected to the Internet without AV/firewall ....should of only been minutes. If someone decided to go surfing during that time ...then that is on them.
From slide 45:
http://www.blackhat.com/presentations/bh-usa-03/ bh-us-03-honeynet-project/bh-us-03-honeynet.pdf "Fastest time honeypot manually compromised, 15 minutes" "Its only getting worse". With Microsoft XP vulnerabilities and the way that it readily broadcasts any password information that it is asked for, please reassure me that I shouldn't be concerned.
There is alot of software out there that tell yous you to disable AV while installing. I have NEVER done this ...and I have NEVER had a problem. just my 2 cents ~pingywon MCSE
I would have LOVED to have no disabled the software but I had a live person on the phone telling me that if I didn't then the setup wouldn't work. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- ============================= Notice to recipient: This e-mail is meant for only the intended recipient of the transmission, and may be a confidential communication or a communication privileged by law. If you received this e-mail in error, any review, use, dissemination, distribution, or copying of this e-mail is strictly prohibited. Please notify us immediately of the error by return e-mail and please delete this message from your system. Thank you in advance for your cooperation. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Comcast Cable Setup Security Issue, (continued)
- RE: Comcast Cable Setup Security Issue tbishop (Jul 20)
- RE: Comcast Cable Setup Security Issue Herman F. Ebeling Jr. (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Lopez, Jason (ISS Southfield) (Jul 21)
- RE: Comcast Cable Setup Security Issue Tim Sceurman (Jul 22)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- Re: Comcast Cable Setup Security Issue - Follow-up jpc (Jul 27)
- RE: Comcast Cable Setup Security Issue - Follow-up Burton M. Strauss III (Jul 28)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- RE: Comcast Cable Setup Security Issue SMiller (Jul 23)
- RE: Comcast Cable Setup Security Issue Taylor, Bud (Jul 22)
- RE: Comcast Cable Setup Security Issue Ryan Murphy (Jul 22)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 22)