dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
120789

rolfp5
join:2001-09-12
Oakland, CA

rolfp5 to pflog

Member

to pflog

Re: Comcast hacked?

said by pflog:

said by rolfp5:

idk but, from what I have read, if "social engineering" led to a Comcast netadmin facilitating access, giving up password, or whatever, to the comcast administrator console @ Network Solutions, you couldn't say that was the fault of NS. No ISP would take the blame if a customer gave out their email password to some baddy. Just hypothetical, mind you.
In the one article I read, "Deviant" or whatever stated that the vulnerability or attack vector for the network solutions information is still vulnerable and others could be compromised in a similar manner. That leads me to believe it wasn't social engineering but rather some sort of flaw in Network Solutions' administration page or similar.
Yes, I had seen the following, but did not recall it, atm, which makes that hypothesis more likely, unless the rebuttal by the NS spokeswoman is more accurate.....
said by blog.wired :

The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.

Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."

Bartleby Here
@comcast.net

Bartleby Here to eddieozzie

Anon

to eddieozzie
CCCarole,

I don't think it's "panic" change my password time, but caution in a situation like this is ever a virtue. And I normally change mine every so often anyway. I made PW changes via Acct Mgmt, and the only issue I ran into was having to play around to get the mailbox manager to let me get all my accounts available in the Message Center for my primary. (The usual delete and re-add them routine.) Trying to do it in webmail took a bit of persuading.

(All related to various issues with undoing the havoc caused.) It's not as simple as just flipping the "switch" back, since the hack wasn't that simple either.

Metsfan4Ever
@familyescape.org

Metsfan4Ever to madylarian

Anon

to madylarian
I also picked up the backdoor virus:
backdoor.subserver.5.m via UA120.exe
I accessed webmail and the next day I had this in my computer feel it may be connected. It may be beneficial to run your virus scan if you accessed web mail during while it was compromised.
eddieozzie
Premium Member
join:2008-05-29
Palos Heights, IL

eddieozzie to Bartleby Here

Premium Member

to Bartleby Here
Hi Bartleby- I did change my Primary password and my OE password. Flushed dns. I received a PM from someone that it appears the reason I cannot get into the Help Forums yet has something to do with scripting. Getting way over my head. I certainly understand it may take a few days until this is all back to normal.
I do change my passwords often...but probably should change them even more often than I do. Thanks for your reply.
eddieozzie

eddieozzie

Premium Member

I also ran full scans on both my desktop and laptop. No problems found.

not
@comcast.net

not to Morac

Anon

to Morac
said by Morac:

I'm curious as to why anything on the Comcast site was changed in the first place. Since the only thing that was hacked was the DNS registries, simply changing them to point back to Comcast's servers should have fixed all the problems (baring DNS caching). There shouldn't have been any need to modify the Comcast.net server code at all.

In any case, it looks like the forum scripts have been fixed which is good.
I have a feeling that Comcast didn't know what exactly was going on to begin with. I bet they thought that the original site was hacked and they scrambled to get he site back up on another server farm... hence the website being on akamai host now. This wasn't the case before as they were hosting it inside the Comcast network. I'm willing to bet whoever started on the "fix" didn't even bother to ping the server name and notice that the IP had changed and was pointing somewhere else. Later on, once they noticed they probably couldn't get back into management on Netsol or even noticed that their local DNS records had changed for the IPs, they finally put two and two together and found out the real issue, but were too far along in this route fix to get back. Heck, maybe it's as simple as them not being able to remember what IP went to what host they had registered on Netsol. Wouldn't be the first time an admin didn't keep clear records. A request to Netsol for a backup restore of 2 prior days ago would have also solved their issues without having to lift a finger (they'd just have to wait for it to propagate back). Honestly, based on the info the hackers gave in terms of the arrogance the Comcast domain admin gave them on the initial cell phone call they made to him about them changing just the registration info on the record (prior to even touching the IP host listings) should show you just how invincible that guy thought he was. What's funny is these teens called this guy at home on his cell phone and he wrote them off like nothing. That's what triggered them to go the extra mile and teach him a lesson. (This was all in the interview news story linked above in one of these posts.) If I was him I would have checked my records immediatly while keeping them on the phone (stretching the conversation) and if they were telling the truth, then hang up on them. He would have seen the defacement on a simple whois lookup at Netsol's page. The whole thing could have been overted. Sounds like someone needs to get re-evaluated by management. You don't just dismiss a threat like this called in. That's a silly move on the admin's part.
JCK
join:2002-05-23
Mountain View, CA

JCK to Morac

Member

to Morac
said by Morac:

In any case, it looks like the forum scripts have been fixed which is good.
Forum is still redirecting for me.

Morac
Cat god
join:2001-08-30
Riverside, NJ

Morac

Member

said by JCK:

said by Morac:

In any case, it looks like the forum scripts have been fixed which is good.
Forum is still redirecting for me.
Try clearing out your browser cache and if that doesn't work also clear out your cookies.
Michael2
Premium Member
join:2003-04-01
Owings Mills, MD

Michael2 to not

Premium Member

to not
said by not :

I have a feeling that Comcast didn't know what exactly was going on to begin with...
not,

While conspiracy theories can be fun, I can assure you that this is not even close to what happened. We were aware of the actual problem early on and took the necessary steps to get control of the domain back. Also, with regard to the referenced article, you are only getting one side of the story. I would caution against accepting everything you read as fact.

newview
Ex .. Ex .. Exactly
Premium Member
join:2001-10-01
Parsonsburg, MD

1 edit

newview to Morac

Premium Member

to Morac
said by JCK:
said by Morac:

In any case, it looks like the forum scripts have been fixed which is good.
Forum is still redirecting for me.

Still redirecting for me also.
said by Morac:

Try clearing out your browser cache and if that doesn't work also clear out your cookies.

Tried that . . . no dice . . . still fubared.

The ONLY thing that allows me into the forums is turning off javascript immediately before clicking the link off the portal page to enter the forums.
JCK
join:2002-05-23
Mountain View, CA

1 edit

JCK to Morac

Member

to Morac
said by Morac:

said by JCK:

said by Morac:

In any case, it looks like the forum scripts have been fixed which is good.
Forum is still redirecting for me.
Try clearing out your browser cache and if that doesn't work also clear out your cookies.
Thanks, tried both no luck. Keeps redirecting to:

»www6.comcast.net/a/?prvt ··· r06ss%3D

CUBS_FAN
2016 World Series Champs
join:2005-04-28
Chicago, IL

CUBS_FAN

Member

Turning off the javascript and then enabling them again if you want to create posts.
JCK
join:2002-05-23
Mountain View, CA

JCK

Member

Thanks, that seemed to work, hope they fix it soon.

not
@comcast.net

not to Michael2

Anon

to Michael2
said by Michael2:

said by not :

I have a feeling that Comcast didn't know what exactly was going on to begin with...
not,

While conspiracy theories can be fun, I can assure you that this is not even close to what happened. We were aware of the actual problem early on and took the necessary steps to get control of the domain back. Also, with regard to the referenced article, you are only getting one side of the story. I would caution against accepting everything you read as fact.
Well, like you said, we can sit here all day and speculate without the facts (which the big C isn't forthcoming with). The bottom line is, if you guys can't get Netsol to simply see the error of their ways and escalate the reversal of such an unauthorised change, there's no hope for anyone else in such a situation. Trust me, I've had my fair share with domain registrars and their hoopla of domain control and changes, we all know it's not fun, even when legit. I find it interesting that Netsol apperently didn't expedite this or see a need to expedite this change BACK after it was clear that someone got the better of both companies. Surely someone higher up could have intervened and put stuff back and locked it down tighter then a frog's you know what in no time at all. You are the #2 host in the US after all. If you can't get that kind of responce from them, that should say something about Netsol in general. I find it weird that it wasn't handled just as that. After all, doesn't matter what happened after it was changed or what it was pointing to. If nothing was affected on Comcast's end servers, then the only thing changed were the DNS pointers. Fix that and you fix the problem (after propegation). All this hosting changes that you guys are going through makes no logical sense, if and only if, the DNS records were the only things changed/hacked. Either way, what's done is done... I think everyone who has a brain has seen how badly this could have gone if the hackers would have put up sites that looked identical to Comcast's websites. Ouch... if anything, provisions will probably be made now with registrars to make domain changes even more of a pain because of this.
not

not

Anon

said by not :

You are the #2 host in the US after all.
Ooops, that should read #2 ISP, not host.
jl747
join:2005-03-24
Mount Prospect, IL

jl747 to madylarian

Member

to madylarian
Well now when you try to go to comcast.net site you get the old site page. After entering your log on and password it then goes to the current page.

But when you try to go to the web mail site you get an error and a redirect.

I am also getting very few emails.

jsimmons
MVM
join:2000-04-24
Falls Church, VA

jsimmons to madylarian

MVM

to madylarian
I understand webmail not being accessible, but I've been sending email from a non Comcast email system to my father who has an @comcast.net address. He is not currently receiving these messages through his Outlook mail client.

Wonder if the domain issues are causing problems for external mail systems to forward email to Comcast servers?

Anyone know if this is an issue?

bigchris
Do Not Shoot The Messenger
Premium Member
join:2002-04-29
Leesburg, VA

bigchris

Premium Member

Likely although the TTL on the mail systems should have it resolving correctly by now. It's going to depend a lot on the sending systems DNS infrastructure as to whether they are resolving the dns entries correctly for delivery.
eddieozzie
Premium Member
join:2008-05-29
Palos Heights, IL

eddieozzie

Premium Member

FYI-
I can get to webmail and also to Outlook Express as well (have OE set to leave a copy on the server) Mailbox Manager is showing three out of four e-mail addreses as "Unavailable". Did change all the passwords earlier, so maybe that has something to do with it? Still get the re-direct when trying to get to the Help Forums- However, I have not disabled Javascript yet... Might try that.

noddy
Premium Member
join:2002-04-08
Danville, CA

noddy to madylarian

Premium Member

to madylarian
Is anyone having problems with the Digital voice center connected to this ?, I keep getting the DVC 270 when trying the check my calls

bpvwebdesigns
@comcast.net

bpvwebdesigns to madylarian

Anon

to madylarian
Once again for anyone still having resolution issues, I recommend updating DNS to the Comcast servers.

68.87.72.130 & 68.87.77.130 are the ones I am using.

If you are less tech savvy, or helping a family/friend, and don't want to physical do it on their machine, you can use my tool below. (Windows 2k, XP only)

1) Click here to download


2) Double-Click the icon on your desktop to run the program


3) The program should run, and appear as below


4) Once the program has completed the changes, this message will appear


Again Y.M.M.V, and it is at your own risk. Just figured I would pass along the tool I am using the help clients/relatives.
eddieozzie
Premium Member
join:2008-05-29
Palos Heights, IL

eddieozzie

Premium Member

I just did the "ipconfig /all" The DNS servers listed are the same ones you are using.

Bink63
Namedrop THIS
Premium Member
join:2002-10-06
Everywhere

Bink63 to Michael2

Premium Member

to Michael2
said by Michael2:
said by not :

I have a feeling that Comcast didn't know what exactly was going on to begin with...
not,

While conspiracy theories can be fun, I can assure you that this is not even close to what happened. We were aware of the actual problem early on and took the necessary steps to get control of the domain back. Also, with regard to the referenced article, you are only getting one side of the story. I would caution against accepting everything you read as fact.
The "one side of the story" is the only side I've seen available in the e-media©...

*IF* a Comcast corporate official would care to go on the record in an exclusive interview with me, I would be more than happy to provide a venue for the "other side of the story" on my website.

madylarian
The curmudgeonly
Premium Member
join:2002-01-03
Parkville, MD

madylarian to eddieozzie

Premium Member

to eddieozzie
said by eddieozzie:

FYI-
I can get to webmail and also to Outlook Express as well (have OE set to leave a copy on the server) Mailbox Manager is showing three out of four e-mail addreses as "Unavailable". Did change all the passwords earlier, so maybe that has something to do with it? Still get the re-direct when trying to get to the Help Forums- However, I have not disabled Javascript yet... Might try that.
Carole, did you see my post about this problem in the Help Forums? See these:

»forums.comcast.net/comca ··· 6#M23226

»forums.comcast.net/comca ··· 2#M23242

»forums.comcast.net/comca ··· 5#M23245

mady

Douglas Goodall
@goodall.com

Douglas Goodall to mike12806

Anon

to mike12806
This is what I am still getting at 19:17 PST in California.

I think they still have some big trouble.
Douglas Goodall

Douglas Goodall to madylarian

Anon

to madylarian

Re: What to do now

Given that the redirected ip might have sent my login attempts to a hostile server, what do we do now...

I can browse to www.comcast.com but when it asks me for my username and password, I freeze up. I have no confidence that I am connected to their real servers. I want to change my email password, but the process requires me to type in my password. This is a chicken and egg situation I don't see an answer to. They have compromised my basic trust. Where do we go from here?

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

1 recommendation

EG

Premium Member

said by Douglas Goodall :

They have compromised my basic trust. Where do we go from here?
Prozac ??

Douglas Goodall
@goodall.com

Douglas Goodall to madylarian

Anon

to madylarian

Re: Comcast hacked?

And you would have me purchase it where? Should I type in my credit card number using my Comcast Internet service?

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

EG

Premium Member

said by Douglas Goodall :

Should I type in my credit card number using my Comcast Internet service?
So you no longer trust SSL ?

Bartleby Here
@comcast.net

Bartleby Here to eddieozzie

Anon

to eddieozzie
CCCarole,

That "unavailable" message is exactly what happens when you've changed passwords on accounts that you previously used mailbox manager to set up and allow access to, from another account.

(And fixing it was the problem I noted earlier in this thread.)

I found that I could persuade webmail to get me back to the webmail preferences page, under the account I wanted to allow access to the others from. (It took some patience, and even a few "back" browser requests and retries--hence my term "persuading".) Eventually, I could use the mailbox manager link from preferences to select and remove them, then re-add them. It basically clears then reestablishes the necessary links after you changed passwords. Even happens if you change the primary, but not the secondaries it has access to.

And even before this incident, that was the "fix", only it was easier to navigate through.

By the way, mady, I couldn't use at least your first link, even after I completed the signin page. Got a "can't find that message" message. But at least ended up being able to access the help forum.