dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2014-02-06 12:27:37: On the heels of recently hacking Bell Canada and exposing private small business customer data, a hacker collective calling itself the NullCrew now claims they've hacked into Comcast mail servers. ..

page: 1 · 2 · next


newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
kudos:1

4 recommendations

What I expect from Comcast

quote:
I've reached out to Comcast for confirmation and additional information.
They'll lie about it even if true.


AnonMe

@comcastbusiness.net

5 recommendations

It'll take Comcast two weeks, 50 CSR's, 8 managers, and 3 executives to understand the question!


IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1
Reviews:
·Verizon Broadban..
·Comcast

1 recommendation

Oh great

I use comcast.net for e-mail. I now have great concerns. These data breaches are becoming a way of life.

What's next, a data breach at CVS and the world finding out I take antipsychotic medication along with all of my personal identifying information. It would not have been possible back in the '70s and '80s when that data was stored in a filing cabinet and transmitted by US Mail or Fax machine. Now the DEA allow prescribers to e-prescribe Schedule II drugs, which required a written prescription for as long as I can remember and could not be refilled without a new prescription. Now wait until hackers get into that and start diverting OxyContin.

Nothing is secure now, the only way we can secure our data is to sever the physical internet connection between the United States and foreign countries that are not trusted by the United States.

I think the issue with identity theft could be resolved if they banned online credit applications and went back to paper and in-person credit applications.

Back in the early '90s when I was young, identity theft wasn't a major concern. Most credit transactions were done by US Mail or in person. And you don't screw with the US Mail as you'll have the postal inspectors at your door.

Maybe we need to go back twenty years and go back to paper credit transactions.

I think the laws need to be updated to impose severe penalties for computer crimes. These aren't kids in possession of teacher passwords in public schools changing grades, these are organized crime rings doing severe damage and I think there needs to be severe penalties. Maybe computer hacking needs to be made a federal offense.
--
I've experienced ImOn (when they were McLeod USA), Mediacom, Comcast, and Time Warner and I currently have DirecTV. They are much better than broadcast TV.

I have not and will not cut the cord.


Nob0dy

@rr.com

1 recommendation

Hackers? Hardly.

This is likely the Zimbra exploit that was published back in early December. The story here should be about Comcast's security practices (or lack thereof). Too much credit is given to a group of losers who just ran a published exploit script and called themselves hackers.


JimThePCGuy
Formerly known as schja01.
Premium,MVM
join:2000-04-27
Morton Grove, IL

2 recommendations

reply to IowaCowboy

Re: Oh great

Maybe we should go back 20 years when we used cash and didn't spend beyond our means.


ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4
reply to IowaCowboy
said by IowaCowboy:

I use comcast.net for e-mail. I now have great concerns. These data breaches are becoming a way of life.

What's next, a data breach at CVS and the world finding out I take antipsychotic medication along with all of my personal identifying information. It would not have been possible back in the '70s and '80s when that data was stored in a filing cabinet and transmitted by US Mail or Fax machine. Now the DEA allow prescribers to e-prescribe Schedule II drugs, which required a written prescription for as long as I can remember and could not be refilled without a new prescription. Now wait until hackers get into that and start diverting OxyContin.

Nothing is secure now, the only way we can secure our data is to sever the physical internet connection between the United States and foreign countries that are not trusted by the United States.

I think the issue with identity theft could be resolved if they banned online credit applications and went back to paper and in-person credit applications.

Back in the early '90s when I was young, identity theft wasn't a major concern. Most credit transactions were done by US Mail or in person. And you don't screw with the US Mail as you'll have the postal inspectors at your door.

Maybe we need to go back twenty years and go back to paper credit transactions.

I think the laws need to be updated to impose severe penalties for computer crimes. These aren't kids in possession of teacher passwords in public schools changing grades, these are organized crime rings doing severe damage and I think there needs to be severe penalties. Maybe computer hacking needs to be made a federal offense.

Maybe as a starter you don't want to post that you take that medication on a public website. Imagine that.....
--
"So, Lone Starr, now you see that evil will always triumph because good is dumb."

Have you been touched by his noodly appendage? »www.venganza.org


IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1
Reviews:
·Verizon Broadban..
·Comcast
Fortunately I don't take painkillers, I had those when I had my wisdom teeth out and when I was done with them I flushed them down the toilet.

Screw the environmentalists, when it comes to discarding no longer needed narcotic medication I think flushing them down the toilet is the most secure way to discard them. I also black out the labels on the bottles with a Sharpie when I discard the containers.
--
I've experienced ImOn (when they were McLeod USA), Mediacom, Comcast, and Time Warner and I currently have DirecTV. They are much better than broadcast TV.

I have not and will not cut the cord.
Expand your moderator at work


Riusaki

join:2000-09-14
Space
reply to IowaCowboy

Re: Oh great

Why are you using your ISP's email for email?? You are a DSLR member aren't you? C'mon man!


Jovi
Premium
join:2000-02-24
Mount Joy, PA
said by Riusaki:

Why are you using your ISP's email for email?? You are a DSLR member aren't you? C'mon man!

I don't know if you remember this but this very website was storing passwords in plain text when it was hacked if I seem to recall correctly.

»thehackernews.com/2011/04/dslrep···nts.html
--
"Some people have no respect for logic."


ArrayList
netbus developer
Premium
join:2005-03-19
Brighton, MA
reply to JimThePCGuy
nah. let people spend beyond their means. They screw up their credit and make me look even better.
--
A sane approach to our federal budget: Ignore the tea party


ArrayList
netbus developer
Premium
join:2005-03-19
Brighton, MA
reply to Nob0dy

Re: Hackers? Hardly.

get off your high horse. "hacker" doesn't mean what you think it means.
--
A sane approach to our federal budget: Ignore the tea party


FlsRend
Premium
join:2004-01-31
Philadelphia, PA
reply to Nob0dy
said by Nob0dy :

This is likely the Zimbra exploit that was published back in early December. The story here should be about Comcast's security practices (or lack thereof). Too much credit is given to a group of losers who just ran a published exploit script and called themselves hackers.

Just to clarify

The exploit was discovered and fixed by Zimbra in Feb of 2013 (Was "published" on Twitter in Dec 2013) (»www.zimbra.com/forums/announceme···oit.html)


telcodad
Premium
join:2011-09-16
Lincroft, NJ
kudos:15
Hacktivist Collective Takes Credit for Comcast Mail Server Hack
by Chris Brook, Threatpost - February 6, 2014
»threatpost.com/hacktivist-collec···k/104110
quote:
The compromised mail servers apparently run on Zimbra, a groupware email server client whose Lightweight Directory Access Protocol (LDAP) directory service was the target of the attack.

NullCrew was able to exploit a local file inclusion (LFI) vulnerability in LDAP to secure access to the credentials and passwords.

A LFI vulnerability can allow a hacker to add local files to web servers via script and execute PHP code. OWASP’s definition notes that hackers can take advantage of the vulnerability when sites allow user-supplied input without proper validation, something Comcast is apparently guilty of.

Through the vulnerability, NullCrew was able to access localconfig.xml, a file that contains Comcast LDAP administrative credentials, including LDAP passwords and credentials for MySQL and Nginx.

With the information they could be able to make an API call and then execute a privilege escalation, according to a chat log from a few weeks ago, posted today between two hackers familiar with the vulnerability, _MLT_, formerly of TeaMp0isoN and C0RPS3, also formerly of TeaMp0isoN but now with NullCrew.


PlusOne

@comcast.net
reply to ptrowski

Re: Oh great

said by ptrowski:

Maybe as a starter you don't want to post that you take that medication on a public website. Imagine that.....

+1


PlusOne

@comcast.net
reply to JimThePCGuy
said by JimThePCGuy:

Maybe we should go back 20 years when we used cash and didn't spend beyond our means.

+1


IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1
Reviews:
·Verizon Broadban..
·Comcast
reply to ArrayList
Or just have enough money to pay the bills each month and have a little left over for something nice until something happens. That happened to me this month, the cat got sick so I'm out $400 at the Vet and counting (which is not a problem, considering you take on that responsibility when you have the furry friends) but the real punch in the face is my electric bill where they screwed up the billing (not my fault) so now I owe a ton of money to keep the lights on, and I pay my bills faithfully. And the issues with my grandma are making life real fun, NOT.
--
I've experienced ImOn (when they were McLeod USA), Mediacom, Comcast, and Time Warner and I currently have DirecTV. They are much better than broadcast TV.

I have not and will not cut the cord.


FreeBSDuser

join:2013-05-15
Somers, NY
reply to IowaCowboy
Well WHY do you use comcast.net for email? It is well known on DSLR that you should avoid using ISP email when possiblr

Happydude32
Premium
join:2005-07-16
kudos:1
reply to JimThePCGuy
said by JimThePCGuy:

Maybe we should go back 20 years when we used cash and didn't spend beyond our means.

No thanks. Cash is only for the financially irresponsible. I enjoy and take full advantage of my cash back rewards by paying with plastic. Nothing like free money for buying things I'd buy anyway. I haven't personally paid for anything in cash for 5 years now and am better off for it.
--
Phil Robertson/Ted Nugent 2016
4/17/13 - A Beautiful Day For Freedom, Thank You United States Senate!
Message to Anti-Gun Liberals: HA HA! - Hussein Obama 0, American Public 1
Repeal 0bamacare Now!/Marriage = Man + Woman


JimThePCGuy
Formerly known as schja01.
Premium,MVM
join:2000-04-27
Morton Grove, IL

1 recommendation

You do realize you are paying 7.5% on average more just to support the Credit Card system?
I fully believe the economic crisis is due in large part to people who think and act like you.
There is no such thing as a "free" lunch or money.
Those CC companies aren't loosing money but we the consumer is.

Happydude32
Premium
join:2005-07-16
kudos:1
Hey, if price are 7.5% higher because of the existence of credit cards, only more the reason for me to take advantage of the offers, if I've got to pay 7.5% more, why not do all I can to alleviate that, right? If I didn't use plastic I'd still be paying the same amount with no benefit. So why not take advantage of it. I've received $2,000 in the past 4 1/2 years, working on another $500 right now, and I'm not too far off.

Credit Card companies can make their money on the deatbeats with their 25% APR. I could have paid for things with cash over the past five years and got nothing back, or paid with plastic and got something. Well, I am damn proud, if you blame the financial crisis on people like me. Someone who has absolutely zero debt, never missed a bill or been late with anything ever, someone who paid off a luxury SUV a full year before I had to, someone who will have a credit score of 800 prior to turning 30. Yes am I am to blame for financial crises all around the world LOL

I will continue to use my credit card for ever single purchase, including a 89 cent pack of gum at a mini mart. Thank you very much.
--
Phil Robertson/Ted Nugent 2016
4/17/13 - A Beautiful Day For Freedom, Thank You United States Senate!
Message to Anti-Gun Liberals: HA HA! - Hussein Obama 0, American Public 1
Repeal 0bamacare Now!/Marriage = Man + Woman


JimThePCGuy
Formerly known as schja01.
Premium,MVM
join:2000-04-27
Morton Grove, IL
You are the credit card companies dream. You believe what they tell you.

Happydude32
Premium
join:2005-07-16
kudos:1

1 recommendation

Can't say I give a shit. I have better things to worry about such nonsence that is well beyond my control. As long as I get my free $500/year, I don't give a rats ass. Credit card companies have been good to me.


IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1
Reviews:
·Verizon Broadban..
·Comcast
If I had a credit card, I'd rather have airline miles.

A trip to my hometown of Cedar Rapids, IA every year or two to catch up with old friends would be nice. But then there is the cost of a hotel room, rental car (unless you take their city buses that quit running at 6PM) and food.

Airfare from Bradley International Airport (BDL) to Cedar Rapids (CID) isn't cheap, it's almost $500 a ticket in coach.
--
I've experienced ImOn (when they were McLeod USA), Mediacom, Comcast, and Time Warner and I currently have DirecTV. They are much better than broadcast TV.

I have not and will not cut the cord.


JimThePCGuy
Formerly known as schja01.
Premium,MVM
join:2000-04-27
Morton Grove, IL
reply to Happydude32
What I a saying is that $500 is costing you $750. Do the math.

Happydude32
Premium
join:2005-07-16
kudos:1
How is it costing me $750? If I didn't use my credit card, it's not like magically I'd be paying less for anything I buy.


JimThePCGuy
Formerly known as schja01.
Premium,MVM
join:2000-04-27
Morton Grove, IL
The original premise was everyone to go back to cash and yes you would be paying a lot less.

ExoticFish

join:2008-08-31
Stuarts Draft, VA

2 recommendations

reply to IowaCowboy
said by IowaCowboy:

the world finding out I take antipsychotic medication

That explains it.
--
»www.VAJeeps.com | »www.APetForum.com

Happydude32
Premium
join:2005-07-16
kudos:1
reply to JimThePCGuy
Everyone's not going to go back to cash. Physical money is an outdated medium that has no place in society. Physical money is only going to further be less relevant in day to day life, so just accept it.


JimThePCGuy
Formerly known as schja01.
Premium,MVM
join:2000-04-27
Morton Grove, IL
I love cash. It's anonymous. It's immune from data theft identity theft and data breaches.