nanog mailing list archives
Re: Comcast storing WiFi passwords in cleartext?
From: Mark Foster <blakjak () blakjak net>
Date: Thu, 25 Apr 2019 10:45:06 +1200
On 25/04/2019 3:13 AM, Benjamin Sisco wrote:
I think we all understand the value of using one’s own equipment and keeping the firmware up to date if one is in any way concerned about security. We all should also understand that in a managed environment such as an ISP there should be no reasonable expectation of privacy regarding the configuration of the equipment attached to the ISP's network (rented or customer owned).
Accepting i'm not a North American...The reasonable expectation of privacy should be that the customer knows precisely what is private, and what is not. If the ISP makes it very clear that every configuration item on the edge device is known to, or accessible by, the ISP for support purposes, then there's no problem. At which point everyone's "reasonable expectations" are the same, and there's no issue.
(Those for whom the support provided by the ISP is key, will enjoy this service. Those who don't, have the option of doing their own thing. Even better.. provide the user the means to disable the sharing of this information by choice?? Would save buying and running additional hardware for those who don't feel the need to have their creds shared, for example). First thing i've done with all ISP-provided CPE is disable all the remote-login stuff that's enabled by default for tech support purposes. Full knowledge and disclosure is all that's needed!
The bigger concern should be the cleartext portion of the subject. There’s ZERO reason to store or transmit any credentials (login, service, keys, etc.), in any location, in an unencrypted fashion regardless of their perceived value or purpose. Unless you like risk.
As someone else said, the problem is the level of trust you're placing in your ISP and in their own security... a large aggregate of private information is just waiting to be pwned.
Mark.
Current thread:
- Re: Comcast storing WiFi passwords in cleartext?, (continued)
- Re: Comcast storing WiFi passwords in cleartext? K. Scott Helms (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Saku Ytti (Apr 26)
- Re: Comcast storing WiFi passwords in cleartext? Rich Kulawiec (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? K. Scott Helms (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? James R Cutler (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Mike Bolitho (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Töma Gavrichenkov (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Valdis Klētnieks (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Töma Gavrichenkov (Apr 26)
- Re: Comcast storing WiFi passwords in cleartext? K. Scott Helms (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Valdis Klētnieks (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Mike Bolitho (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Royce Williams (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Stephen Satchell (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Töma Gavrichenkov (Apr 26)
- Re: Comcast storing WiFi passwords in cleartext? Rich Kulawiec (Apr 26)
- Re: Comcast storing WiFi passwords in cleartext? Töma Gavrichenkov (Apr 26)