Re: Comcast hacked? in Comcast HSI

Re: Comcast hacked?

Mon, 02 Jun 2008 02:27:06 EDT

madylarian :

said by WhichDNS :

I guess I just was not clear enough about what I was attempting to say.

Especially as I did not say that.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Mon, 02 Jun 2008 00:13:29 EDT

EG : Thanks sorto :)

I didn't think of linking to that FAQ.. :(

Re: Comcast hacked?

Mon, 02 Jun 2008 00:03:30 EDT

sortofageek :

said by EG :

I think that some of the confusion lies with your choices of who you are replying to..

Take your last post for example. Were you replying to madylarian or me ?

This FAQ might help?

»Site FAQ »How do I post?
--
Join Team Helix * I am praying for these friends .

Re: Comcast hacked?

Sun, 01 Jun 2008 20:51:11 EDT

EG : I think that some of the confusion lies with your choices of who you are replying to..

Take your last post for example. Were you replying to madylarian or me ?

Re: Comcast hacked?

Sun, 01 Jun 2008 20:47:16 EDT

anon : I guess I just was not clear enough about what I was attempting to say.

If you live in Chicago, then I guess you can use the IP's that bpvwebdesigns posted, otherwise it would make more sense to use the ones posted here.

»www.dennek.com/index.php?option=···temid=25

Re: Comcast hacked?

Sun, 01 Jun 2008 20:23:18 EDT

anon : Post number 530
by
bpvwebdesigns
It's on page 27

Re: Comcast hacked?

Sun, 01 Jun 2008 20:14:19 EDT

EG : Huh.. ?

Re: Comcast hacked?

Sun, 01 Jun 2008 19:56:32 EDT

anon : I was replying to the following...

said by madylarian :

Once again for anyone still having resolution issues, I recommend updating DNS to the Comcast servers.

68.87.72.130 & 68.87.77.130 are the ones I am using.

If you are less tech savvy, or helping a family/friend, and don't want to physical do it on their machine, you can use my tool below. (Windows 2k, XP only)

1) Click here to download

Not everyone lives in chicago, and it looks like this litte program specifically changes the DNS to the chicago ones.

Re: Comcast hacked?

Sun, 01 Jun 2008 19:35:16 EDT

EG :

said by WhichDNS :

Probably using the national DNS's is a better choice than one tied to a specific market.

Why's that ?

Re: Comcast hacked?

Sun, 01 Jun 2008 19:09:43 EDT

anon : Probably using the national DNS's is a better choice than one tied to a specific market.

»www.dennek.com/index.php?option=···temid=25

Re: Comcast hacked?

Sun, 01 Jun 2008 01:52:22 EDT

johnpd : Hi gang. I have been getting a lot of DNS errors. I can't reach our alternate Comcast invisionfree forums now. I wonder if a lot of ISP's are clearing their DNS cache. These guys really did a number on the Internet. My worry is that if one can do it, more can and really cause some havoc.

Edit: It appears that my connection problems are Cox related.

Re: Comcast hacked?

Sun, 01 Jun 2008 01:14:47 EDT

BlueJay :

said by Bartleby Here :

Not sure I made much difference, but I tried. ;)

Bartleby, You always make a difference. And a very positive one at that. Your knowledge is phenomenal and willingness to share is greatly appreciated.. :)

ciao, bj

Re: Comcast hacked?

Sat, 31 May 2008 23:20:24 EDT

anon : Thanks for the "quick loan" again, Bartleby.

CCCarole...In case you haven't gotten the OE identity fixed, just go to File>Identities>Manage Identities, in OE. You'll see yours, and a drop down list below that says which one to use at startup. Not sure how it got deselected, but that's where you fix it. (And I'll bet you've figured that out, or got the answer in CHF, by now.)

I'm still on CHF "vacation". And a nice one, so far.

Thanks for the kind words re: my efforts to wade in when I knew many regulars might not be able to. Not sure I made much difference, but I tried. ;)

Re: Comcast hacked?

Sat, 31 May 2008 21:53:54 EDT

CUBS_FAN : Sounds to me like someone got into your account unless its someone you know messing around with you.

Re: Comcast hacked?

Sat, 31 May 2008 14:38:25 EDT

anon : After I signed into Comcast.net my greeting said,"Hi!, staaash". Can someone explain how they did that?

Re: Comcast hacked?

Sat, 31 May 2008 13:50:48 EDT

CCCarole : Hey my friend, you deserve a break after all of the helping you have done! Got the mailbox Mgr. straightened out. Still need to fix OE so it doesn't ask for Idenity sign in, but no worries, I'll get it fixed too. No, do not use webmail as primary means of access. Have a nice break, will catch ya here, there, or one of the 'others'. :)

Re: Comcast hacked?

Sat, 31 May 2008 12:11:58 EDT

anon : CCCarole...no worries. Hope you manage to get them sorted (even though webmail sure isn't your primary means of access). Site may even be getting more cooperative, as time passes, and the junk behind the scenes dies off. I'm still planning on a weekend "away"...from Comcast Help forum anyway. Maybe even a bit longer. I can find other ways to mildly aggravate myself.

(And mady, forgot to mention the links here did go to that thread, when I tried them again while already logged in to the forum. Opened fine as another tab. In between the random "boots" back to the home page, of course.)

Apologies to the regular BBR member named "Bartleby" (excellent choice of ID, by the way). I would prefer not to borrow it any longer, even with the slight variation that allowed me to.

Re: Comcast hacked?

Sat, 31 May 2008 11:03:17 EDT

CCCarole : Bartleby, Mady, EG- I'm late getting here this morning- posted my problems with webmail & OE on THF, only to find your answers here just now. I think going back and forth from here to there last night has fried my brain. :huh: Thank you as always...

Re: Comcast hacked?

Sat, 31 May 2008 08:52:26 EDT

newview : Saturday 8:50am.
I am no longer getting redirected when accessing »forums.comcast.net/comcastsupport

Re: Comcast hacked?

Sat, 31 May 2008 06:11:13 EDT

Bluegrassman :

said by Joel :

These redirects are a pita. I'm taking the rest of the weekend off. See you guys Monday... maybe.

"Come Monday, it'll be all right...."
Jimmy Buffett

Re: Comcast hacked?

Sat, 31 May 2008 01:25:47 EDT

rolfp :

said by blog.wired article :

Comcast boasts 14 million subscribers nationwide, and handling the massive traffic aimed at Comcast.net was no easy task. The hackers stayed up most of the night opening new webhosting accounts, and constantly moving the DNS to follow them. In all, they claim, they burned through 50 different hosts to keep their defacement alive. "You know how hard it is to find hosting handling that kind of traffic?" says EBK "The first one went in two minutes."

•Wouldn't that 'web hosting' sort of thingy cost some serious "El Moolah"?
•Mebbe burning through 50 of them in a couple hours would attract some attention, create a e-trail.

Re: Comcast hacked?

Sat, 31 May 2008 00:51:21 EDT

Sly : It's already been posted before but here's an interview with the hackers who took Comcast down. Interesting... »blog.wired.com/27bstroke6/2008/0···cke.html
--
"The penalty good men pay for indifference to public affairs is to be ruled by evil men."
- Plato -

Re: Comcast hacked?

Sat, 31 May 2008 00:41:26 EDT

EG : I should do the same.. Enjoy your weekend bud ! :)

Re: Comcast hacked?

Sat, 31 May 2008 00:40:37 EDT

EG : I should do the same.. Enjoy your weekend bud !

Sunday is supposed to be the better day of the two.

Re: Comcast hacked?

Sat, 31 May 2008 00:28:44 EDT

Joel : These redirects are a pita. I'm taking the rest of the weekend off. See you guys Monday... maybe.
--
There is no dark side of the moon really, matter of fact it's all dark

Re: Comcast hacked?

Sat, 31 May 2008 00:27:06 EDT

madylarian :

said by Bartleby Here :

CCCarole,

By the way, mady, I couldn't use at least your first link, even after I completed the signin page. Got a "can't find that message" message. But at least ended up being able to access the help forum.

Hmmm...I just tried and got the post. At least you know which thread it's from.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Fri, 30 May 2008 23:43:07 EDT

EG : Good ta see ya "here" Bartleby ! ;) :D

Re: Comcast hacked?

Fri, 30 May 2008 23:27:02 EDT

anon : I would prefer just to be Bartleby. But it says I can't (Bartleby is taken or unavailable)...and I'm not going to create even a free account if I can't be, "me". So "Bartleby Here" it is.

We now return you to the general consternation, wailing and gnashing of teeth. Some justified, and some clearly not.

Re: Comcast hacked?

Fri, 30 May 2008 23:16:19 EDT

EG : Bartleby here ? ;)

Re: Comcast hacked?

Fri, 30 May 2008 23:06:09 EDT

anon : CCCarole,

That "unavailable" message is exactly what happens when you've changed passwords on accounts that you previously used mailbox manager to set up and allow access to, from another account.

(And fixing it was the problem I noted earlier in this thread.)

I found that I could persuade webmail to get me back to the webmail preferences page, under the account I wanted to allow access to the others from. (It took some patience, and even a few "back" browser requests and retries--hence my term "persuading".) Eventually, I could use the mailbox manager link from preferences to select and remove them, then re-add them. It basically clears then reestablishes the necessary links after you changed passwords. Even happens if you change the primary, but not the secondaries it has access to.

And even before this incident, that was the "fix", only it was easier to navigate through.

By the way, mady, I couldn't use at least your first link, even after I completed the signin page. Got a "can't find that message" message. But at least ended up being able to access the help forum.

Re: Comcast hacked?

Fri, 30 May 2008 22:59:01 EDT

EG :

said by Douglas Goodall :

Should I type in my credit card number using my Comcast Internet service?

So you no longer trust SSL ?

Re: Comcast hacked?

Fri, 30 May 2008 22:51:48 EDT

anon : And you would have me purchase it where? Should I type in my credit card number using my Comcast Internet service?

Re: What to do now

Fri, 30 May 2008 22:45:37 EDT

EG :

said by Douglas Goodall :

They have compromised my basic trust. Where do we go from here?

Prozac ?? :o :D

Re: What to do now

Fri, 30 May 2008 22:33:08 EDT

anon : Given that the redirected ip might have sent my login attempts to a hostile server, what do we do now...

I can browse to www.comcast.com but when it asks me for my username and password, I freeze up. I have no confidence that I am connected to their real servers. I want to change my email password, but the process requires me to type in my password. This is a chicken and egg situation I don't see an answer to. They have compromised my basic trust. Where do we go from here?

Re: Comcast hacked?

Fri, 30 May 2008 22:18:59 EDT

anon : This is what I am still getting at 19:17 PST in California.

I think they still have some big trouble.

Re: Comcast hacked?

Fri, 30 May 2008 22:16:10 EDT

madylarian :

said by CCCarole :

FYI-
I can get to webmail and also to Outlook Express as well (have OE set to leave a copy on the server) Mailbox Manager is showing three out of four e-mail addreses as "Unavailable". Did change all the passwords earlier, so maybe that has something to do with it? Still get the re-direct when trying to get to the Help Forums- However, I have not disabled Javascript yet... Might try that.

Carole, did you see my post about this problem in the Help Forums? See these:

»forums.comcast.net/comcastsuppor···6#M23226

»forums.comcast.net/comcastsuppor···2#M23242

»forums.comcast.net/comcastsuppor···5#M23245

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Fri, 30 May 2008 21:54:23 EDT

Bink63 :

said by Michael2 :

said by not :

I have a feeling that Comcast didn't know what exactly was going on to begin with...

not,

While conspiracy theories can be fun, I can assure you that this is not even close to what happened. We were aware of the actual problem early on and took the necessary steps to get control of the domain back. Also, with regard to the referenced article, you are only getting one side of the story. I would caution against accepting everything you read as fact.

The "one side of the story" is the only side I've seen available in the e-media©...

*IF* a Comcast corporate official would care to go on the record in an exclusive interview with me, I would be more than happy to provide a venue for the "other side of the story" on my website.
--
»www.otadigitaltv.com

Re: Comcast hacked?

Fri, 30 May 2008 18:13:59 EDT

CCCarole : I just did the "ipconfig /all" The DNS servers listed are the same ones you are using.

Re: Comcast hacked?

Fri, 30 May 2008 17:36:16 EDT

anon : Once again for anyone still having resolution issues, I recommend updating DNS to the Comcast servers.

68.87.72.130 & 68.87.77.130 are the ones I am using.

If you are less tech savvy, or helping a family/friend, and don't want to physical do it on their machine, you can use my tool below. (Windows 2k, XP only)

1) Click here to download

2) Double-Click the icon on your desktop to run the program

3) The program should run, and appear as below

4) Once the program has completed the changes, this message will appear

Again Y.M.M.V, and it is at your own risk. Just figured I would pass along the tool I am using the help clients/relatives.

Re: Comcast hacked?

Fri, 30 May 2008 17:26:41 EDT

noddy : Is anyone having problems with the Digital voice center connected to this ?, I keep getting the DVC 270 when trying the check my calls

Re: Comcast hacked?

Fri, 30 May 2008 17:14:17 EDT

CCCarole : FYI-
I can get to webmail and also to Outlook Express as well (have OE set to leave a copy on the server) Mailbox Manager is showing three out of four e-mail addreses as "Unavailable". Did change all the passwords earlier, so maybe that has something to do with it? Still get the re-direct when trying to get to the Help Forums- However, I have not disabled Javascript yet... Might try that.

Re: Comcast hacked?

Fri, 30 May 2008 17:07:43 EDT

bigchris : Likely although the TTL on the mail systems should have it resolving correctly by now. It's going to depend a lot on the sending systems DNS infrastructure as to whether they are resolving the dns entries correctly for delivery.

Re: Comcast hacked?

Fri, 30 May 2008 16:54:06 EDT

jsimmons : I understand webmail not being accessible, but I've been sending email from a non Comcast email system to my father who has an @comcast.net address. He is not currently receiving these messages through his Outlook mail client.

Wonder if the domain issues are causing problems for external mail systems to forward email to Comcast servers?

Anyone know if this is an issue?
--
"Everything should be made as simple as possible, but not one bit simpler." - Albert Einstein

Re: Comcast hacked?

Fri, 30 May 2008 16:49:18 EDT

jl747 : Well now when you try to go to comcast.net site you get the old site page. After entering your log on and password it then goes to the current page.

But when you try to go to the web mail site you get an error and a redirect.

I am also getting very few emails.

Service Unav···mail.pdf
Comcast .net···site.pdf

Re: Comcast hacked?

Fri, 30 May 2008 16:47:28 EDT

anon :

said by not :

You are the #2 host in the US after all.

Ooops, that should read #2 ISP, not host.

Re: Comcast hacked?

Fri, 30 May 2008 16:44:20 EDT

anon :

said by Michael2 :

said by not :

I have a feeling that Comcast didn't know what exactly was going on to begin with...

Well, like you said, we can sit here all day and speculate without the facts (which the big C isn't forthcoming with). The bottom line is, if you guys can't get Netsol to simply see the error of their ways and escalate the reversal of such an unauthorised change, there's no hope for anyone else in such a situation. Trust me, I've had my fair share with domain registrars and their hoopla of domain control and changes, we all know it's not fun, even when legit. I find it interesting that Netsol apperently didn't expedite this or see a need to expedite this change BACK after it was clear that someone got the better of both companies. Surely someone higher up could have intervened and put stuff back and locked it down tighter then a frog's you know what in no time at all. You are the #2 host in the US after all. If you can't get that kind of responce from them, that should say something about Netsol in general. I find it weird that it wasn't handled just as that. After all, doesn't matter what happened after it was changed or what it was pointing to. If nothing was affected on Comcast's end servers, then the only thing changed were the DNS pointers. Fix that and you fix the problem (after propegation). All this hosting changes that you guys are going through makes no logical sense, if and only if, the DNS records were the only things changed/hacked. Either way, what's done is done... I think everyone who has a brain has seen how badly this could have gone if the hackers would have put up sites that looked identical to Comcast's websites. Ouch... if anything, provisions will probably be made now with registrars to make domain changes even more of a pain because of this.

Re: Comcast hacked?

Fri, 30 May 2008 16:18:21 EDT

JCK : Thanks, that seemed to work, hope they fix it soon.

Re: Comcast hacked?

Fri, 30 May 2008 15:46:10 EDT

CUBS_FAN : Turning off the javascript and then enabling them again if you want to create posts.

Re: Comcast hacked?

Fri, 30 May 2008 15:36:35 EDT

JCK :

said by Morac :

said by JCK :

said by Morac :

In any case, it looks like the forum scripts have been fixed which is good.

Forum is still redirecting for me. :(

Try clearing out your browser cache and if that doesn't work also clear out your cookies.

Thanks, tried both no luck. Keeps redirecting to:

»www6.comcast.net/a/?prvtof=8b2Vk···r06ss%3D

Re: Comcast hacked?

Fri, 30 May 2008 15:29:46 EDT

newview :

said by JCK :

said by Morac :

In any case, it looks like the forum scripts have been fixed which is good.

Forum is still redirecting for me. :(

Still redirecting for me also.

said by Morac :

Try clearing out your browser cache and if that doesn't work also clear out your cookies.

Tried that . . . no dice . . . still fubared.

The ONLY thing that allows me into the forums is turning off javascript immediately before clicking the link off the portal page to enter the forums.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Fri, 30 May 2008 15:17:01 EDT

Michael2 :

said by not :

I have a feeling that Comcast didn't know what exactly was going on to begin with...

Re: Comcast hacked?

Fri, 30 May 2008 15:07:19 EDT

Morac :

said by JCK :

said by Morac :

In any case, it looks like the forum scripts have been fixed which is good.

Forum is still redirecting for me. :(

Try clearing out your browser cache and if that doesn't work also clear out your cookies.

Re: Comcast hacked?

Fri, 30 May 2008 14:58:48 EDT

JCK :

said by Morac :

In any case, it looks like the forum scripts have been fixed which is good.

Forum is still redirecting for me. :(

Re: Comcast hacked?

Fri, 30 May 2008 14:45:34 EDT

anon :

said by Morac :

I'm curious as to why anything on the Comcast site was changed in the first place. Since the only thing that was hacked was the DNS registries, simply changing them to point back to Comcast's servers should have fixed all the problems (baring DNS caching). There shouldn't have been any need to modify the Comcast.net server code at all.

In any case, it looks like the forum scripts have been fixed which is good.

I have a feeling that Comcast didn't know what exactly was going on to begin with. I bet they thought that the original site was hacked and they scrambled to get he site back up on another server farm... hence the website being on akamai host now. This wasn't the case before as they were hosting it inside the Comcast network. I'm willing to bet whoever started on the "fix" didn't even bother to ping the server name and notice that the IP had changed and was pointing somewhere else. Later on, once they noticed they probably couldn't get back into management on Netsol or even noticed that their local DNS records had changed for the IPs, they finally put two and two together and found out the real issue, but were too far along in this route fix to get back. Heck, maybe it's as simple as them not being able to remember what IP went to what host they had registered on Netsol. Wouldn't be the first time an admin didn't keep clear records. A request to Netsol for a backup restore of 2 prior days ago would have also solved their issues without having to lift a finger (they'd just have to wait for it to propagate back). Honestly, based on the info the hackers gave in terms of the arrogance the Comcast domain admin gave them on the initial cell phone call they made to him about them changing just the registration info on the record (prior to even touching the IP host listings) should show you just how invincible that guy thought he was. What's funny is these teens called this guy at home on his cell phone and he wrote them off like nothing. That's what triggered them to go the extra mile and teach him a lesson. (This was all in the interview news story linked above in one of these posts.) If I was him I would have checked my records immediatly while keeping them on the phone (stretching the conversation) and if they were telling the truth, then hang up on them. He would have seen the defacement on a simple whois lookup at Netsol's page. The whole thing could have been overted. Sounds like someone needs to get re-evaluated by management. You don't just dismiss a threat like this called in. That's a silly move on the admin's part.

Re: Comcast hacked?

Fri, 30 May 2008 13:30:36 EDT

CCCarole : I also ran full scans on both my desktop and laptop. No problems found.

Re: Comcast hacked?

Fri, 30 May 2008 13:27:55 EDT

CCCarole : Hi Bartleby- I did change my Primary password and my OE password. Flushed dns. I received a PM from someone that it appears the reason I cannot get into the Help Forums yet has something to do with scripting. Getting way over my head. I certainly understand it may take a few days until this is all back to normal.
I do change my passwords often...but probably should change them even more often than I do. Thanks for your reply.

Re: Comcast hacked?

Fri, 30 May 2008 13:10:14 EDT

anon : I also picked up the backdoor virus:
backdoor.subserver.5.m via UA120.exe
I accessed webmail and the next day I had this in my computer feel it may be connected. It may be beneficial to run your virus scan if you accessed web mail during while it was compromised.

Re: Comcast hacked?

Fri, 30 May 2008 12:54:14 EDT

anon : CCCarole,

I don't think it's "panic" change my password time, but caution in a situation like this is ever a virtue. And I normally change mine every so often anyway. I made PW changes via Acct Mgmt, and the only issue I ran into was having to play around to get the mailbox manager to let me get all my accounts available in the Message Center for my primary. (The usual delete and re-add them routine.) Trying to do it in webmail took a bit of persuading.

(All related to various issues with undoing the havoc caused.) It's not as simple as just flipping the "switch" back, since the hack wasn't that simple either.

Re: Comcast hacked?

Fri, 30 May 2008 12:15:46 EDT

rolfp :

said by deblin :

said by rolfp :

idk but, from what I have read, if "social engineering" led to a Comcast netadmin facilitating access, giving up password, or whatever, to the comcast administrator console @ Network Solutions, you couldn't say that was the fault of NS. No ISP would take the blame if a customer gave out their email password to some baddy. Just hypothetical, mind you. ;)

In the one article I read, "Deviant" or whatever stated that the vulnerability or attack vector for the network solutions information is still vulnerable and others could be compromised in a similar manner. That leads me to believe it wasn't social engineering but rather some sort of flaw in Network Solutions' administration page or similar.

Yes, I had seen the following, but did not recall it, atm, which makes that hypothesis more likely, unless the rebuttal by the NS spokeswoman is more accurate.....

said by blog.wired :

The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.

Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."

Re: Comcast hacked?

Fri, 30 May 2008 12:03:08 EDT

deblin :

Re: Comcast hacked?

Fri, 30 May 2008 11:23:03 EDT

kadar : Thats what I was thinking also.
You alter the scripts to do something else, then simply revert them.
--
The Revolutionary War was fought over a 14% tax, what % are you paying now?

Re: Comcast hacked?

Fri, 30 May 2008 11:08:43 EDT

Morac :

said by Michael2 :

We have some temporary solutions in place, however, we expect to see some minor problems (links not working correctly) while we work on a more permanent solution.

I'm curious as to why anything on the Comcast site was changed in the first place. Since the only thing that was hacked was the DNS registries, simply changing them to point back to Comcast's servers should have fixed all the problems (baring DNS caching). There shouldn't have been any need to modify the Comcast.net server code at all.

In any case, it looks like the forum scripts have been fixed which is good.

Re: Comcast hacked?

Fri, 30 May 2008 10:28:31 EDT

anon :

said by Michael916 :

Did anyone see this little nugget of info from the Wired article?

"Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end.""

Somehow that seems like the most ridiculous statement ever. Of course it was on their end - of course they had a breach. Geez.

Why do you say it's Network Solutions' problem? If the hackers did some social engineering on Comcast empoyees to get the domain and password information then used that information to change the records at Network Solutions, how is that Network Solutions' responsibility and not Comcast's?

Re: Comcast hacked?

Fri, 30 May 2008 10:25:40 EDT

rolfp :

said by CUBS_FAN :

We made the paper in Chicago. »redeye.chicagotribune.com/busine···88.story

Cool.

said by that article :

They rerouted the traffic to Internet addresses in Germany and elsewhere, said Karl Bode, editor for Web site BroadbandReports.com.
[..]
"In this case though, keep in mind that [based on the information on hand] it was Network Solutions' security—or lack thereof—that was to blame, not Comcast's."

idk but, from what I have read, if "social engineering" led to a Comcast netadmin facilitating access, giving up password, or whatever, to the comcast administrator console @ Network Solutions, you couldn't say that was the fault of NS. No ISP would take the blame if a customer gave out their email password to some baddy. Just hypothetical, mind you. ;)

Re: Comcast hacked?

Fri, 30 May 2008 10:16:07 EDT

CUBS_FAN : The guys who did it claimed "they wasn't scanning ports". Just to be on the safe side I changed my password.

According to articles they was "not after fortune but fame"

Re: Comcast hacked?

Fri, 30 May 2008 10:15:17 EDT

Neoistheone : HE HE I would have re directed everyone to »comcastmustdie.com/

These guys should have fun with Sudden Link.
--
When you ASSUME, you make an ASS out of U and ME.

Re: Comcast hacked?

Fri, 30 May 2008 10:12:01 EDT

CCCarole : It is May 30th, 9am in the Chicago suburbs. Tried to get into the Help Forums, THF flashed across the screen and then re-directed again. I can read webmail and OE mail. Question for the 'Experts' should I change my User and password or not? Read in a few posts some had trouble after changing so I don't want to make things worse?

Re: Comcast hacked?

Fri, 30 May 2008 10:03:54 EDT

CUBS_FAN : We made the paper in Chicago. »redeye.chicagotribune.com/busine···88.story

Re: Comcast hacked?

Fri, 30 May 2008 10:00:47 EDT

xpkranger :

said by Kett2000 :

I am also getting the hacked message in the Atlanta area.

In my area of Atlanta (30345 / North of Decatur) service just went out 12:03 this morning. I was on a VPN before that so I'm I'm not too worried about it.
--
The early bird may get the worm, but the second rat gets the cheese.

Re: Comcast hacked?

Fri, 30 May 2008 09:56:45 EDT

FicmanS : Heck SANS didn't even mention it until early today...

Re: Comcast hacked?

Fri, 30 May 2008 09:26:36 EDT

Bluegrassman : It didn't even rate a mention on Drudge Report or TechCrunch! Amazing! :hmm:

Re: Comcast hacked?

Fri, 30 May 2008 09:24:32 EDT

anon : You obviously missed the "major" portion of my sentence. Yes, some news outlets have covered the story with a few paragraph's. Two weed smoking high school drop outs take down the number 2 ISP with a script and social engineering? This is the kind of stuff movies are made of and the major media outlets aren't touching it.

Re: Comcast hacked?

Fri, 30 May 2008 09:21:35 EDT

newview :

said by K Patterson :

I hope they take it by being very forthcoming about what happened.

Somehow, looking at past Comcast incidents, I just don't see this happening. It's already shaping up as a finger-pointing "it's your fault" between NetSol & Comcast.

We still haven't heard a definitive word from a Comcast spokesman addressing the possibility of private info being compromised or not. Either they don't know or they are not saying.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Fri, 30 May 2008 09:06:04 EDT

Bluegrassman : Network solutions lacks even the faintest plausible deniability! What an outrageous statement for them to make. does anyone else see the spin machine going into action?

Re: Comcast hacked?

Fri, 30 May 2008 09:02:26 EDT

anon : Did anyone see this little nugget of info from the Wired article?

"Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end.""

Somehow that seems like the most ridiculous statement ever. Of course it was on their end - of course they had a breach. Geez.

Re: Comcast hacked?

Fri, 30 May 2008 08:49:32 EDT

JSRoman :

said by PissedInMN :

This seems like a worthy news item for the major news outlets. Could it be Comcast's advertising dollars keeping this quite? I'm able to get into Comcast.net but it is unstable and slow.

Go to Google News and type in Comcast. Most news outlets have a story on this. So the answer is NO, advertising $$$ are not keeping the story at bay.
--
»www.seabee.navy.mil

Re: Comcast hacked?

Fri, 30 May 2008 08:39:12 EDT

Bluegrassman : I can now log into the help forums, but only see the main help forums page for a brief second before being redirected right back to the main comcast.net page.

turned off javascript as mentioned by EG and am now in the help forums without issue. You can turn javascript back on after successfully entering the forums.

And...I've reset my password and secret question. ;)

Re: Comcast hacked?

Fri, 30 May 2008 08:10:53 EDT

anon : This seems like a worthy news item for the major news outlets. Could it be Comcast's advertising dollars keeping this quite? I'm able to get into Comcast.net but it is unstable and slow.

Re: Comcast hacked?

Fri, 30 May 2008 06:49:56 EDT

anon : 3:50 am Seattle time and I still cannot access comcast.net or email from an external connection.

Re: Comcast hacked?

Fri, 30 May 2008 06:43:29 EDT

K Patterson : It is beginning to appear that, inspite of what many of us have said, that the problem extends beyond the original hijacking of the DNS.

Perhaps Comcast initially misunderstood the problem and took some "corrective" actions that were counter-productive.

We (meaning me) probably shouldn't be guessing until more facts come out. This will be a major opportunity for Comcast to improve their public relations. I hope they take it by being very forthcoming about what happened.

Re: Comcast hacked?

Fri, 30 May 2008 06:42:53 EDT

jl747 : Comcast forum redirect.
Same here as of 5:42 CST.

Edit: I even switched from Open DNS to Comcast and back still no Comcast forum.

Re: Comcast hacked?

Fri, 30 May 2008 04:10:11 EDT

newview :

said by Michael2 :

said by madylarian :

Well, about an hour ago the Help Forums were working and I was even able to make a couple of posts. Now, I'm getting redirected again to the Comcast portal page. The saga continues.

mady

We have some temporary solutions in place, however, we expect to see some minor problems (links not working correctly) while we work on a more permanent solution.

As of 4:00am 5/30/08, I'm also still getting redirected from
the forums to the Comcast.net portal home page.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

I still can't get my email

Fri, 30 May 2008 04:06:21 EDT

anon : And I know without a doubt, for a fact that I have the right username and password.

It seems everyone else can. Am I the only one?

Re: Comcast hacked?

Fri, 30 May 2008 02:29:05 EDT

Epikos : Sorry for the delayed reply; this thread is getting hard to follow.

Unfortunately I never thought to screen capture or anything. I read the beginnings of this thread and thought "oh, huh, I'll portscan" and never thought to save the results.

My apologies.

Re: Comcast hacked?

Fri, 30 May 2008 02:14:12 EDT

anon : Status from Chicago 'burbs: There are still a few anomalies. About an hour ago, I changed my password after logging into "my account" (which required a second authentication); as of this writing, webauth.comcast.net and mail.comcast.net know of the new password, but smtp.comcast.net and login.comcast.net (to which the login links on www.comcast.net are directed) do not. Very odd.

Re: Comcast hacked?

Fri, 30 May 2008 01:59:24 EDT

anon :

said by VanguardLH :

Found the following article. It's frontpage news at CyberInsecure.

»cyberinsecure.com/hacked-comcast···-access/

Sorry if someone already posted this link. 24 pages was just too much to go scanning through.

Also on The Register.

»www.theregister.co.uk/2008/05/29···ijacked/

Re: Comcast hacked?

Fri, 30 May 2008 00:48:12 EDT

rolfp :

[rolf@localhost Pan]$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 68.87.76.178
nameserver 68.87.78.130
search hsd1.ca.comcast.net.
[rolf@localhost Pan]$ ping 68.87.76.178
PING 68.87.76.178 (68.87.76.178) 56(84) bytes of data.
64 bytes from 68.87.76.178: icmp_seq=1 ttl=59 time=10.0 ms
64 bytes from 68.87.76.178: icmp_seq=2 ttl=60 time=9.39 ms
64 bytes from 68.87.76.178: icmp_seq=3 ttl=60 time=12.1 ms
64 bytes from 68.87.76.178: icmp_seq=4 ttl=60 time=9.28 ms
64 bytes from 68.87.76.178: icmp_seq=5 ttl=60 time=7.38 ms
64 bytes from 68.87.76.178: icmp_seq=6 ttl=60 time=8.64 ms

--- 68.87.76.178 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 7.387/9.483/12.115/1.440 ms
[rolf@localhost Pan]$ ping 68.87.76.130
PING 68.87.76.130 (68.87.76.130) 56(84) bytes of data.

--- 68.87.76.130 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 9999ms

[rolf@localhost Pan]$ host www.comcast.net
www.comcast.net is an alias for www.comcast.net.edgesuite.net.
www.comcast.net.edgesuite.net is an alias for a1526.g.akamai.net.
a1526.g.akamai.net has address 208.49.199.25
a1526.g.akamai.net has address 208.49.199.10
[rolf@localhost Pan]$ host www.comcast.net 68.87.76.178
Using domain server:
Name: 68.87.76.178
Address: 68.87.76.178#53
Aliases:

www.comcast.net is an alias for www.comcast.net.edgesuite.net.
www.comcast.net.edgesuite.net is an alias for a1526.g.akamai.net.
a1526.g.akamai.net has address 208.49.199.25
a1526.g.akamai.net has address 208.49.199.10
[rolf@localhost Pan]$ host www.comcast.net 68.87.76.130
;; connection timed out; no servers could be reached

Re: Comcast hacked?

Fri, 30 May 2008 00:46:57 EDT

dunkonu23 : I'm surprised too. Thanks.

However, it still doesn't change the fact that I can't access comcast.net from any domain other than comcast.net. :-) Oh, well. Life goes on.

Scott

Re: Comcast hacked?

Fri, 30 May 2008 00:39:19 EDT

Cabal : The failure you're seeing is from the nameserver for edgesuite.net, Comcast's nameservers are working fine.

quote:
$ host www.comcast.net 68.87.64.204 Using domain server: Name: 68.87.64.204 Address: 68.87.64.204#53 Aliases: www.comcast.net is an alias for www.comcast.net.edgesuite.net. Host www.comcast.net.edgesuite.net not found: 5(REFUSED) Host www.comcast.net.edgesuite.net not found: 5(REFUSED)

quote:
$ host comcast.net 68.87.66.204 Using domain server: Name: 68.87.66.204 Address: 68.87.66.204#53 Aliases: comcast.net has address 204.127.195.15 comcast.net has address 216.148.227.202 comcast.net has address 204.127.228.15 comcast.net has address 63.240.76.72 comcast.net has address 204.127.205.8 comcast.net mail is handled by 5 mx2.comcast.net. comcast.net mail is handled by 5 mx1.comcast.net.

As long as it's been cached upstream with your DNS server, it's really not an issue (for 24 hours or so). I'm surprised the overpriced "tools" at dnsstuff.com don't give you real information.
--
Interested in open source engine management for your Subaru?

(topic move) Comcast hacked?

Fri, 30 May 2008 00:37:19 EDT

sortofageek :
Moderator Action
The post that was here, has been moved to a new topic .. »Comcast hacked?

Re: Comcast hacked?

Fri, 30 May 2008 00:33:48 EDT

dunkonu23 : And now this:

looking up at the 2 www.comcast.net. parent servers:

Server Response Time
dns102.comcast.net [68.87.66.204] [Broken DNS server: Reports that it refuses to respond!] 61ms
dns101.comcast.net [68.87.64.204] [Broken DNS server: Reports that it refuses to respond!] 62ms
dns101.comcast.net [68.87.64.204] [Broken DNS server: Reports that it refuses to respond!] 62ms

I won't post this stuff anymore because it's clear Comcast is still broken--it would just be nice to be able to access my comcast mail from somewhere outside the comcast.net domain.

Scott

Re: Comcast hacked?

Fri, 30 May 2008 00:31:08 EDT

dunkonu23 : Now this:

DoTraversal-www.comcast.net-A-2-1-2
Server Response Time
dns102.comcast.net [0.0.0.0] Timeout

Interesting stuff these last two days.

Scott
--
insert witty comment

Re: Comcast hacked?

Fri, 30 May 2008 00:24:53 EDT

dunkonu23 : No, external. They were returning SERVFAIL a few minutes ago. Now, they're pointing to akamai:

Domain Type Class TTL Answer
a1526.g.akamai.net.26d002cc.1.cn.akamaitech.net. A IN 20 168.215.49.32
a1526.g.akamai.net.26d002cc.1.cn.akamaitech.net. A IN 20 168.215.49.33

Interesting couple of days. Actually, before this I never bothered to see how comcast was set DNS wise, but if they're using akamai to host, it's not a bad thing. It just doesn't work right now.

Scott

Re: Comcast hacked?

Fri, 30 May 2008 00:16:43 EDT

EG :

said by dunkonu23 :

First post... Hi folks.

Comcast's external DNS servers are broken according to a lookup of www.comcast.net on DNSSTUFF.

Do you mean internal ?

Re: Comcast hacked?

Fri, 30 May 2008 00:14:20 EDT

dunkonu23 : First post... Hi folks.

Comcast's external DNS servers are broken according to a lookup of www.comcast.net on DNSSTUFF. External access to E-mail is still an issue as a result.

I'm wondering when this will be fixed. Over 24 hours now.

Scott

Re: Comcast hacked?

Fri, 30 May 2008 00:05:03 EDT

CUBS_FAN : plenty of practice with them bongs :D

Re: Comcast hacked?

Fri, 30 May 2008 00:01:22 EDT

anon : Those poor guys are going to make wonderful boy-toys in prison .

Re: Comcast hacked?

Thu, 29 May 2008 23:44:13 EDT

elbrute : Well, the site seems to be back up for me.
Main page, webmail, account info, forums, ect.
Prety interesting day, altho I bet it wasn't
much fun for the guys at Comcast.

DBH

Re: Comcast hacked?

Thu, 29 May 2008 23:29:44 EDT

madylarian :

said by Michael2 :

We have some temporary solutions in place, however, we expect to see some minor problems (links not working correctly) while we work on a more permanent solution.

Well turn those darn hamsters around! ;)

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 22:49:16 EDT

catseyenu :

said by kryogeniks_auto :

1) I didn't "hack" Comcast
2) Kryogeniks in the name of the GROUP.
3) I used my real name cause I have nothing to hide
cause I didn't do anything.
4) I'm no hacker (:
5) Proggie.org & Kryogeniks.org 3

That's not what you told Kevin Poulsen

Re: Comcast hacked?

Thu, 29 May 2008 22:26:48 EDT

Michael2 :

We have some temporary solutions in place, however, we expect to see some minor problems (links not working correctly) while we work on a more permanent solution.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 22:26:24 EDT

CUBS_FAN : I was able to navigate for about a minute before the page froze..

Re: Comcast hacked?

Thu, 29 May 2008 22:14:54 EDT

madylarian : Well, about an hour ago the Help Forums were working and I was even able to make a couple of posts. Now, I'm getting redirected again to the Comcast portal page. The saga continues.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 21:20:17 EDT

VanguardLH : Found the following article. It's frontpage news at CyberInsecure.

»cyberinsecure.com/hacked-comcast···-access/

Sorry if someone already posted this link. 24 pages was just too much to go scanning through.

Re: Comcast hacked?

Thu, 29 May 2008 21:11:29 EDT

anon : still a mess in and around Seattle. It was transiently better this am--but no longer have web email or outlook email access-unable to log in to anything to change passwords.

Re: Comcast hacked?

Thu, 29 May 2008 21:11:27 EDT

bigchris : Did you miss this at AP? »ap.google.com/article/ALeqM5gwDP···90VI2IG0

There are various news sources including google news that has quotes from our formal representatives, it's not just tech sites.

edit: Think about why it's being reported on tech sites first. We're a tech company so there's much more interest from the tech sites than the formal news channels. If this was a bank break-in I wouldn't expect to see it on wired before I'd see it on CNN.

Re: Comcast hacked?

Thu, 29 May 2008 21:08:54 EDT

dizzychick :

said by pandora :

said by dizzychick :

said by justmy2cents :

Read the interview with the hackers:

»blog.wired.com/27bstroke6/2008/0···cke.html

what a waste of braincells these guys are. The pic of Defiant pretty much sums things up, right?

Comcast, find them, prosecute them. There's alot of things that can be let go. But the fact that these guys said they knew what they were doing was wrong but didn't stop, no ... they did it multiple times. For what? to annoy you? annoy the customers? for some kind of "rep" UGH, if you're smart enough to know how to "hack", do something positive with the knowledge.

I agree with you, Comcast must seek prosecution of these individuals. At the same time, what does it say about our security. A more subtle attack, to data mine, or infect customer systems, could have gone undetected for quite some time.

I think this hack raises significant questions about the security of not only Comcast, but of internet generally.

Pandora, that's the real issue. Bigchris, I just googled Comcast hacked ... there's NOTHING I found on any of the sources such as AP, it's all tech sites reporting this.

Until Comcast comes out and says what happened, what they've done (without divulging secrets of course), what this means for them and for US, then to my mind stuff IS being hidden.

There are over 14 MILLION peole using comcast, ok? Let's think about the possibility that these idiot hackers lied when they said they didn't get into user email/password or other info. That means there's alot of people compromised - including the people who still can't even get into their email to change their password.

We still don't know if this was "just" a DNS redirect - bad enough, if an admin account was hacked/cracked or what ... or what was left behind when they got done having fun.

Re: Comcast hacked?

Thu, 29 May 2008 21:08:36 EDT

anon : Everything in the Denver, CO. area seems to be back up to normal. :)

Re: Comcast hacked?

Thu, 29 May 2008 21:06:36 EDT

anon : thanks for the update. I will stop looking. Probably good for me to get off the computer anyhow!

Re: Comcast hacked?

Thu, 29 May 2008 21:03:29 EDT

pandora :

said by dizzychick :

said by justmy2cents :

Read the interview with the hackers:

»blog.wired.com/27bstroke6/2008/0···cke.html

Re: Comcast hacked?

Thu, 29 May 2008 20:47:56 EDT

CrzyCrakr :

said by dizzychick :

said by justmy2cents :

Read the interview with the hackers:

»blog.wired.com/27bstroke6/2008/0···cke.html

what a waste of braincells these guys are. The pic of Defiant pretty much sums things up, right?

Comcast, find them, prosecute them. There's a lot of things that can be let go. But the fact that these guys said they knew what they were doing was wrong but didn't stop, no ... they did it multiple times. For what? to annoy you? annoy the customers? for some kind of "rep" UGH, if you're smart enough to know how to "hack", do something positive with the knowledge.

This right here tells all you need to know about this "Dynamic Duo"...Both say they've been raided by law enforcement before.

Re: Comcast hacked?

Thu, 29 May 2008 20:42:13 EDT

dizzychick :

said by justmy2cents :

Read the interview with the hackers:

»blog.wired.com/27bstroke6/2008/0···cke.html

Re: Comcast hacked?

Thu, 29 May 2008 20:30:55 EDT

LeftOfSanity :

said by newview :

said by madylarian :

That said, I wonder if Comcast is going to go after NetSol for this.

mady

God I hope so . . . if ever two companies deserve each other, it's Comcast and Network Solutions.

How so?
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 20:28:38 EDT

anon : Read the interview with the hackers:

»blog.wired.com/27bstroke6/2008/0···cke.html

Re: Comcast hacked?

Thu, 29 May 2008 20:18:40 EDT

bigchris : I keep seeing references in various forums to Comcast "hiding" the cause of this and any information about it. I don't quite understand this.

We're less than 24 hours into this and all working hard to resolve the issues and get the systems back into full production. Already we're seeing the benefit of that work.

If you search the major news outlets such as AP and others you'll find quotes from our appointed representatives stating EXACTLY what happened and what we're doing about it.

There's nothing being hidden here, just do some reading in the appropriate news outlets and you'll find everything you need and I'm very sure those appointed representatives will continue to share our findings at an appropriate time.

Re: Comcast hacked?

Thu, 29 May 2008 20:10:53 EDT

jl747 : Thanks for the info.

I logged in and did the same as you.

Reset password and private question.

Now it is working so far.

Re: Comcast hacked?

Thu, 29 May 2008 20:10:00 EDT

anon : FYI, a story on Wired just came out claiming to have spoke with the F-tards that did this. Apparently they said they could have listened in and gathered passwords and such, but did not...though they say they could have. I don't want to post a link because these fools should be in jail, not applauded. I just wanted to share what I read in regards to security.

Re: Comcast hacked?

Thu, 29 May 2008 20:09:37 EDT

EG :

said by CUBS_FAN :

I cant believe the forums are still being redirected. I thought it was a simple error in the code???

whered ja ya get that idea ?

EDIT: I logged in successfully and I choose Help forums for only to redirected still.

What DNS servers are you using ?

Re: Comcast hacked?

Thu, 29 May 2008 20:07:05 EDT

dizzychick :

said by CUBS_FAN :

I cant believe the forums are still being redirected. I thought it was a simple error in the code???

EDIT: I logged in successfully and I choose Help forums for only to redirected still.

Got to be a heck of a lot more than a "simple error in the code" if the forums are still being redirected.

This is sounding like it's a whole lot bigger than comcast wants people to know.

In a way, understandable. The Don't Panic theory - tell people nothing, they panic and assume the worst; on the other hand, tell people This happened, this is what we're doing, please don't do this or that or whatever and most of us would feel at least a little better. But noooooo, can't say anything even though this was nationwide and this is all over the internet now. No hiding Comcast!

Like the game site that got hacked/back-doored, first they denied it, then they got hit again, this time the hackers started putting CGs all over the site and a ton of members got hit hard ... next thing you know the site's gone "down for maintenance" for something like 3 days. They never did admit they'd been hacked OR backdoored - but we all know they did.

I'm kind of expecting the same here. All is well, go about your business. Oh, and when your email/amazon/ebay/paypal, etc. get compromised (or already are), don't blame us.

Re: Comcast hacked?

Thu, 29 May 2008 19:56:59 EDT

CUBS_FAN : I cant believe the forums are still being redirected. I thought it was a simple error in the code???

EDIT: I logged in successfully and I choose Help forums for only to redirected still.

Re: Comcast hacked?

Thu, 29 May 2008 19:56:22 EDT

EG : W.I.W., I'm now able to access the forums without being re-directed.

Re: Comcast hacked?

Thu, 29 May 2008 19:46:38 EDT

anon : Well, I am back home on my Comcast cable modem and everything is back up and working.
I checked my email through Outlook...totally paranoid now. All day I could not access *.comcast.net on my work network.

I'm in SW PA btw.

That code a few posts above for Urchin is just tracking code. I always thought it humorous Google calls their tracking code "Urchin". As in, we are everywhere. Also brings to mind "harvesting". The Goog bought Urchin Analytics. (Does anyone code anything in house anymore??)

Although I was scared to see the following lines in the freewebs code.

What the hell is freewebs doing AJAX enabling some privilege. Anyone know what that UniversalBrowserRead is? Sounds ominous.

Re: Comcast hacked?

Thu, 29 May 2008 19:46:36 EDT

anon : I can get into my account and change the password. I can send and receive but can not send attachments. Gmail account coming soon...

Re: Comcast hacked?

Thu, 29 May 2008 19:44:57 EDT

CUBS_FAN :

said by jl747 :

I am still unable to get any mails through my MS Outlook client.
I did a flush and still nothing.
Rebooted-recycled
Is anyone else having this problem?
Any suggestions.
Any idea when this will be fixed.

When I was at work I logged into my account settings via the comcast.net account. I then proceeded to change my password and private question. I'm at home now and when opening outlook I got the message window from AVG mail scanner showing me connecting to mail.comcast.net but it hung. A window appeared with my username and password already entered. I then proceeded to clear the saved password and type the password created earlier today. I was now able to download the emails that I received on the Webmail page.

Re: Comcast hacked?

Thu, 29 May 2008 19:44:57 EDT

dizzychick : I saw the "under construction" page really late last night (like 2 am est) and wondered what the heck was going on.

Just read about this on [H]ardForum.

My question ... not a keylogger per se, but is there a chance that there's been a "back door" placed somewhere? I've seen it happen on a game-type site I frequent (though their admins swear it didn't happen HAH).

»www.hardforum.com/showthread.php···32551390
this is the forum where I first read about the problem - it's a safe site, promise!

I looked at your list, Vanguard, and it's all greek to me :p

The freewebs page I'm confused about ... that page is closed down tight. Now, was that page a redirect with a CG on it? an annoyance? what? Enquiring/need to know minds want info!

Have not tried getting into my comcast email (not that I really use it tbh), rhapsody or much else. I just want to know IS IT SAFE for us to go about our normal web browsing business? I don't store passwords, but there's bots, programs, brute force, who knows what all. A lot of us do online banking, use ebay, paypal, our own emails ... there's a lot of implications here re: OUR security.

Re: Comcast hacked?

Thu, 29 May 2008 19:36:37 EDT

jl747 : I am still unable to get any mails through my MS Outlook client.
I did a flush and still nothing.
Rebooted-recycled
Is anyone else having this problem?
Any suggestions.
Any idea when this will be fixed.

Re: Comcast hacked?

Thu, 29 May 2008 19:27:53 EDT

VanguardLH : Maybe someone with more HTML and Javascript experience can look at the following code to determine if we became vulnerable to data mining at the hack sites. The following was taken from the hack web page at around 10:15PM last night.

Hack page kryogeniks911.htm:

It calls script code from i.js. The urchinTracker() function is shown below. It looks like an account code was specified for a freewebs.com page.

Javascript i.js (called by kryogeniks911.htm hack page):

I'm not sure what was the point of the freewebs.com site since I never got redirected there and there were no links to click on in the hack page. I'm not sure that they were actually trying to open a freewebs.com page or use the redirected connects to Comcast to generate traffic at freewebs.com to hack open new accounts at freewebs.com.

comcast_net.htm:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /><meta http-equiv="refresh" content="0; URL=/a/" /> <title>Comcast.net Home</title>      <script type="text/javascript" src="/ui/js//lib/browser.js?r=7198-12345"></script><script type="text/javascript">// <![CDATA[var pages = [];pages.push({url: "/a/",threshold: 92});pages.push({url: "/b/",threshold: 96});pages.push({url: "/c/",threshold: 100});pages.push({url: "/d/",threshold: 100}); function getRandomUrl() {var r = parseInt(Math.random() * 99) + 1;for (var i=0; i<pages.length; i++)if (r <= pages[i].threshold) return pages[i].url;      return '/a/';}     var cookie_name = 'evo_redirect';    var cookie_value = readCookie(cookie_name);        var destination;    if (cookie_value != '') {      // Make sure the path in the cookie is still a valid destination      for (var i=0; i<pages.length; i++) {        if (pages[i].url != cookie_value) continue;                destination = cookie_value;        break;      }    }    // Use the value from the cookie (if valid) or a random choice otherwise    var destination = destination || getRandomUrl();    switch(destination) {      case '/a/':      case '/b/':      case '/c/':        var expire_offset = 7; // Expire in a week        break;      default:        var expire_offset = 1; // Expire at midnight        break;    }    var expire = new Date();expire.setHours(0);expire.setMinutes(0);expire.setSeconds(0);expire.setMilliseconds(expire.getMilliseconds() + expire_offset * 86400000);    createCookie(cookie_name, destination, expire);        var parts = (document.location + '').split('?');    parts.shift();    var options = (parts.length == 0) ? '' : ('?' + parts.join('?'));    document.location.replace(destination + options);// ]]></script> </head> <body id="comcastnet"></body></html>

I did not see this web page. Maybe it was to write a cookie file. It does try to run a script under a relative path of /ui/js//lib/browser.js on the hack site but I don't have that script.

Javascript function urchin.js (called by the kryogeniks911.htm hack page):

//-- Google Analytics Urchin Module//-- Copyright 2007 Google, All Rights Reserved. //-- Urchin On Demand Settings ONLYvar _uacct="";// set up the Urchin Accountvar _userv=1;// service mode (0=local,1=remote,2=both) //-- UTM User Settingsvar _ufsc=1;// set client info flag (1=on|0=off)var _udn="auto";// (auto|none|domain) set the domain name for cookiesvar _uhash="on";// (on|off) unique domain hash for cookiesvar _utimeout="1800";   // set the inactive session timeout in secondsvar _ugifpath="/__utm.gif";// set the web path to the __utm.gif filevar _utsp="|";// transaction field separatorvar _uflash=1;// set flash version detect option (1=on|0=off)var _utitle=1;// set the document title detect option (1=on|0=off)var _ulink=0;// enable linker functionality (1=on|0=off)var _uanchor=0;// enable use of anchors for campaign (1=on|0=off)var _utcp="/";// the cookie path for trackingvar _usample=100;// The sampling % of visitors to track (1-100). //-- UTM Campaign Tracking Settingsvar _uctm=1;// set campaign tracking module (1=on|0=off)var _ucto="15768000";// set timeout in seconds (6 month default)var _uccn="utm_campaign";// namevar _ucmd="utm_medium";// medium (cpc|cpm|link|email|organic)var _ucsr="utm_source";// sourcevar _uctr="utm_term";// term/keywordvar _ucct="utm_content";// contentvar _ucid="utm_id";// id numbervar _ucno="utm_nooverride";// don't override //-- Auto/Organic Sources and Keywordsvar _uOsr=new Array();var _uOkw=new Array();_uOsr[0]="google";_uOkw[0]="q";_uOsr[1]="yahoo";_uOkw[1]="p";_uOsr[2]="msn";_uOkw[2]="q";_uOsr[3]="aol";_uOkw[3]="query";_uOsr[4]="aol";_uOkw[4]="encquery";_uOsr[5]="lycos";_uOkw[5]="query";_uOsr[6]="ask";_uOkw[6]="q";_uOsr[7]="altavista";_uOkw[7]="q";_uOsr[8]="netscape";_uOkw[8]="query";_uOsr[9]="cnn";_uOkw[9]="query";_uOsr[10]="looksmart";_uOkw[10]="qt";_uOsr[11]="about";_uOkw[11]="terms";_uOsr[12]="mamma";_uOkw[12]="query";_uOsr[13]="alltheweb";_uOkw[13]="q";_uOsr[14]="gigablast";_uOkw[14]="q";_uOsr[15]="voila";_uOkw[15]="rdata";_uOsr[16]="virgilio";_uOkw[16]="qs";_uOsr[17]="live";_uOkw[17]="q";_uOsr[18]="baidu";_uOkw[18]="wd";_uOsr[19]="alice";_uOkw[19]="qs";_uOsr[20]="yandex";_uOkw[20]="text";_uOsr[21]="najdi";_uOkw[21]="q";_uOsr[22]="aol";_uOkw[22]="q";_uOsr[23]="club-internet"; _uOkw[23]="query";_uOsr[24]="mama";_uOkw[24]="query";_uOsr[25]="seznam";_uOkw[25]="q";_uOsr[26]="search";_uOkw[26]="q";_uOsr[27]="wp";_uOkw[27]="szukaj";_uOsr[28]="onet";_uOkw[28]="qt";_uOsr[29]="netsprint";_uOkw[29]="q";_uOsr[30]="google.interia";_uOkw[30]="q";_uOsr[31]="szukacz";_uOkw[31]="q";_uOsr[32]="yam";_uOkw[32]="k";_uOsr[33]="pchome";_uOkw[33]="q";_uOsr[34]="kvasir";_uOkw[34]="searchExpr";_uOsr[35]="sesam";_uOkw[35]="q";_uOsr[36]="ozu"; _uOkw[36]="q";_uOsr[37]="terra"; _uOkw[37]="query";_uOsr[38]="nostrum"; _uOkw[38]="query";_uOsr[39]="mynet"; _uOkw[39]="q";_uOsr[40]="ekolay"; _uOkw[40]="q"; //-- Auto/Organic Keywords to Ignorevar _uOno=new Array();//_uOno[0]="urchin";//_uOno[1]="urchin.com";//_uOno[2]="www.urchin.com"; //-- Referral domains to Ignorevar _uRno=new Array();//_uRno[0]=".urchin.com"; //-- **** Don't modify below this point ***var _uff,_udh,_udt,_ubl=0,_udo="",_uu,_ufns=0,_uns=0,_ur="-",_ufno=0,_ust=0,_ubd=document,_udl=_ubd.location,_udlh="",_uwv="1.2";var _ugifpath2="http://www.google-analytics.com/__utm.gif";if (_udl.hash) _udlh=_udl.href.substring(_udl.href.indexOf('#'));if (_udl.protocol=="https:") _ugifpath2="https://ssl.google-analytics.com/__utm.gif";if (!_utcp || _utcp=="") _utcp="/";function urchinTracker(page) { if (_udl.protocol=="file:") return; if (_uff && (!page || page=="")) return; var a,b,c,xx,v,z,k,x="",s="",f=0,nv=0; var nx=" expires="+_uNx()+";"; var dc=_ubd.cookie; _udh=_uDomain(); if (!_uVG()) return; _uu=Math.round(Math.random()*2147483647); _udt=new Date(); _ust=Math.round(_udt.getTime()/1000); a=dc.indexOf("__utma="+_udh+"."); b=dc.indexOf("__utmb="+_udh); c=dc.indexOf("__utmc="+_udh); if (_udn && _udn!="") { _udo=" domain="+_udn+";"; } if (_utimeout && _utimeout!="") {  x=new Date(_udt.getTime()+(_utimeout*1000));  x=" expires="+x.toGMTString()+";"; } if (_ulink) {  if (_uanchor && _udlh && _udlh!="") s=_udlh+"&";  s+=_udl.search;  if(s && s!="" && s.indexOf("__utma=")>=0) {   if (!(_uIN(a=_uGC(s,"__utma=","&")))) a="-";   if (!(_uIN(b=_uGC(s,"__utmb=","&")))) b="-";   if (!(_uIN(c=_uGC(s,"__utmc=","&")))) c="-";   v=_uGC(s,"__utmv=","&");   z=_uGC(s,"__utmz=","&");   k=_uGC(s,"__utmk=","&");   xx=_uGC(s,"__utmx=","&");   if ((k*1) != ((_uHash(a+b+c+xx+z+v)*1)+(_udh*1))) {_ubl=1;a="-";b="-";c="-";xx="-";z="-";v="-";}   if (a!="-" && b!="-" && c!="-") f=1;   else if(a!="-") f=2;  } } if(f==1) {  _ubd.cookie="__utma="+a+"; path="+_utcp+";"+nx+_udo;  _ubd.cookie="__utmb="+b+"; path="+_utcp+";"+x+_udo;  _ubd.cookie="__utmc="+c+"; path="+_utcp+";"+_udo; } else if (f==2) {  a=_uFixA(s,"&",_ust);  _ubd.cookie="__utma="+a+"; path="+_utcp+";"+nx+_udo;  _ubd.cookie="__utmb="+_udh+"; path="+_utcp+";"+x+_udo;  _ubd.cookie="__utmc="+_udh+"; path="+_utcp+";"+_udo;  _ufns=1; } else if (a>=0 && b>=0 && c>=0) {   b = _uGC(dc,"__utmb="+_udh,";");   b = ("-" == b) ? _udh : b;    _ubd.cookie="__utmb="+b+"; path="+_utcp+";"+x+_udo; } else {  if (a>=0) a=_uFixA(_ubd.cookie,";",_ust);  else {   a=_udh+"."+_uu+"."+_ust+"."+_ust+"."+_ust+".1";   nv=1;  }  _ubd.cookie="__utma="+a+"; path="+_utcp+";"+nx+_udo;  _ubd.cookie="__utmb="+_udh+"; path="+_utcp+";"+x+_udo;  _ubd.cookie="__utmc="+_udh+"; path="+_utcp+";"+_udo;  _ufns=1; } if (_ulink && xx && xx!="" && xx!="-") {   xx=_uUES(xx);   if (xx.indexOf(";")==-1) _ubd.cookie="__utmx="+xx+"; path="+_utcp+";"+nx+_udo; } if (_ulink && v && v!="" && v!="-") {  v=_uUES(v);  if (v.indexOf(";")==-1) _ubd.cookie="__utmv="+v+"; path="+_utcp+";"+nx+_udo; } var wc=window; var c=_ubd.cookie; if(nv>0 && wc && wc.gaGlobal && !wc.gaGlobal.from_cookie){  var g=wc.gaGlobal;  var ua=c.split("__utma=")[1].split(";")[0].split(".");  if(g.sid)ua[4]=g.sid;  ua[3]=ua[4];  if(g.vid){   var v=g.vid.split(".");   ua[1]=v[0];   ua[2]=v[1];  }  _ubd.cookie="__utma="+ua.join(".")+"; path="+_utcp+";"+nx+_udo; } _uInfo(page); _ufns=0; _ufno=0; if (!page || page=="") _uff=1;}function _uGH() { var hid; var wc=window; if (wc && wc.gaGlobal && wc.gaGlobal.hid) {  hid=wc.gaGlobal.hid; } else {  hid=Math.round(Math.random()*0x7fffffff);  if (!wc.gaGlobal) wc.gaGlobal={};  wc.gaGlobal.hid=hid; } return hid;}function _uInfo(page) { var p,s="",dm="",pg=_udl.pathname+_udl.search; if (page && page!="") pg=_uES(page,1); _ur=_ubd.referrer; if (!_ur || _ur=="") { _ur="-"; } else {  dm=_ubd.domain;  if(_utcp && _utcp!="/") dm+=_utcp;  p=_ur.indexOf(dm);  if ((p>=0) && (p<=8)) { _ur="0"; }  if (_ur.indexOf("[")==0 && _ur.lastIndexOf("]")==(_ur.length-1)) { _ur="-"; } } s+="&utmn="+_uu; if (_ufsc) s+=_uBInfo(); if (_uctm) s+=_uCInfo(); if (_utitle && _ubd.title && _ubd.title!="") s+="&utmdt="+_uES(_ubd.title); if (_udl.hostname && _udl.hostname!="") s+="&utmhn="+_uES(_udl.hostname); if (_usample && _usample != 100) s+="&utmsp="+_uES(_usample); s+="&utmhid="+_uGH(); s+="&utmr="+_ur; s+="&utmp="+pg; if ((_userv==0 || _userv==2) && _uSP()) {  var i=new Image(1,1);  i.src=_ugifpath+"?"+"utmwv="+_uwv+s;  i.onload=function() { _uVoid(); } } if ((_userv==1 || _userv==2) && _uSP()) {  var i2=new Image(1,1);  i2.src=_ugifpath2+"?"+"utmwv="+_uwv+s+"&utmac="+_uacct+"&utmcc="+_uGCS();  i2.onload=function() { _uVoid(); } } return;}function _uVoid() { return; }function _uCInfo() { if (!_ucto || _ucto=="") { _ucto="15768000"; } if (!_uVG()) return; var c="",t="-",t2="-",t3="-",o=0,cs=0,cn=0,i=0,z="-",s=""; if (_uanchor && _udlh && _udlh!="") s=_udlh+"&"; s+=_udl.search; var x=new Date(_udt.getTime()+(_ucto*1000)); var dc=_ubd.cookie; x=" expires="+x.toGMTString()+";"; if (_ulink && !_ubl) {  z=_uUES(_uGC(s,"__utmz=","&"));  if (z!="-" && z.indexOf(";")==-1) { _ubd.cookie="__utmz="+z+"; path="+_utcp+";"+x+_udo; return ""; } } z=dc.indexOf("__utmz="+_udh+"."); if (z>-1) { z=_uGC(dc,"__utmz="+_udh+".",";"); } else { z="-"; } t=_uGC(s,_ucid+"=","&"); t2=_uGC(s,_ucsr+"=","&"); t3=_uGC(s,"gclid=","&"); if ((t!="-" && t!="") || (t2!="-" && t2!="") || (t3!="-" && t3!="")) {  if (t!="-" && t!="") c+="utmcid="+_uEC(t);  if (t2!="-" && t2!="") { if (c != "") c+="|"; c+="utmcsr="+_uEC(t2); }  if (t3!="-" && t3!="") { if (c != "") c+="|"; c+="utmgclid="+_uEC(t3); }  t=_uGC(s,_uccn+"=","&");  if (t!="-" && t!="") c+="|utmccn="+_uEC(t);  else c+="|utmccn=(not+set)";  t=_uGC(s,_ucmd+"=","&");  if (t!="-" && t!="") c+="|utmcmd="+_uEC(t);  else  c+="|utmcmd=(not+set)";  t=_uGC(s,_uctr+"=","&");  if (t!="-" && t!="") c+="|utmctr="+_uEC(t);  else { t=_uOrg(1); if (t!="-" && t!="") c+="|utmctr="+_uEC(t); }  t=_uGC(s,_ucct+"=","&");  if (t!="-" && t!="") c+="|utmcct="+_uEC(t);  t=_uGC(s,_ucno+"=","&");  if (t=="1") o=1;  if (z!="-" && o==1) return ""; } if (c=="-" || c=="") { c=_uOrg(); if (z!="-" && _ufno==1)  return ""; } if (c=="-" || c=="") { if (_ufns==1)  c=_uRef(); if (z!="-" && _ufno==1)  return ""; } if (c=="-" || c=="") {  if (z=="-" && _ufns==1) { c="utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)"; }  if (c=="-" || c=="") return ""; } if (z!="-") {  i=z.indexOf(".");  if (i>-1) i=z.indexOf(".",i+1);  if (i>-1) i=z.indexOf(".",i+1);  if (i>-1) i=z.indexOf(".",i+1);  t=z.substring(i+1,z.length);  if (t.toLowerCase()==c.toLowerCase()) cs=1;  t=z.substring(0,i);  if ((i=t.lastIndexOf(".")) > -1) {   t=t.substring(i+1,t.length);   cn=(t*1);  } } if (cs==0 || _ufns==1) {  t=_uGC(dc,"__utma="+_udh+".",";");  if ((i=t.lastIndexOf(".")) > 9) {   _uns=t.substring(i+1,t.length);   _uns=(_uns*1);  }  cn++;  if (_uns==0) _uns=1;  _ubd.cookie="__utmz="+_udh+"."+_ust+"."+_uns+"."+cn+"."+c+"; path="+_utcp+"; "+x+_udo; } if (cs==0 || _ufns==1) return "&utmcn=1"; else return "&utmcr=1";}function _uRef() { if (_ur=="0" || _ur=="" || _ur=="-") return ""; var i=0,h,k,n; if ((i=_ur.indexOf("://"))<0 || _uGCse()) return ""; h=_ur.substring(i+3,_ur.length); if (h.indexOf("/") > -1) {  k=h.substring(h.indexOf("/"),h.length);  if (k.indexOf("?") > -1) k=k.substring(0,k.indexOf("?"));  h=h.substring(0,h.indexOf("/")); } h=h.toLowerCase(); n=h; if ((i=n.indexOf(":")) > -1) n=n.substring(0,i); for (var ii=0;ii<_uRno.length;ii++) {  if ((i=n.indexOf(_uRno[ii].toLowerCase())) > -1 && n.length==(i+_uRno[ii].length)) { _ufno=1; break; } } if (h.indexOf("www.")==0) h=h.substring(4,h.length); return "utmccn=(referral)|utmcsr="+_uEC(h)+"|"+"utmcct="+_uEC(k)+"|utmcmd=referral";}function _uOrg(t) { if (_ur=="0" || _ur=="" || _ur=="-") return ""; var i=0,h,k; if ((i=_ur.indexOf("://"))<0 || _uGCse()) return ""; h=_ur.substring(i+3,_ur.length); if (h.indexOf("/") > -1) {  h=h.substring(0,h.indexOf("/")); } for (var ii=0;ii<_uOsr.length;ii++) {  if (h.toLowerCase().indexOf(_uOsr[ii].toLowerCase()) > -1) {   if ((i=_ur.indexOf("?"+_uOkw[ii]+"=")) > -1 || (i=_ur.indexOf("&"+_uOkw[ii]+"=")) > -1) {    k=_ur.substring(i+_uOkw[ii].length+2,_ur.length);    if ((i=k.indexOf("&")) > -1) k=k.substring(0,i);    for (var yy=0;yy<_uOno.length;yy++) {     if (_uOno[yy].toLowerCase()==k.toLowerCase()) { _ufno=1; break; }    }    if (t) return _uEC(k);    else return "utmccn=(organic)|utmcsr="+_uEC(_uOsr[ii])+"|"+"utmctr="+_uEC(k)+"|utmcmd=organic";   }  } } return "";}function _uGCse() { var h,p; h=p=_ur.split("://")[1]; if(h.indexOf("/")>-1) {  h=h.split("/")[0];  p=p.substring(p.indexOf("/")+1,p.length); } if(p.indexOf("?")>-1) {  p=p.split("?")[0]; } if(h.toLowerCase().indexOf("google")>-1) {  if(_ur.indexOf("?q=")>-1 || _ur.indexOf("&q=")>-1) {   if (p.toLowerCase().indexOf("cse")>-1) {    return true;   }  } }}function _uBInfo() { var sr="-",sc="-",ul="-",fl="-",cs="-",je=1; var n=navigator; if (self.screen) {  sr=screen.width+"x"+screen.height;  sc=screen.colorDepth+"-bit"; } else if (self.java) {  var j=java.awt.Toolkit.getDefaultToolkit();  var s=j.getScreenSize();  sr=s.width+"x"+s.height; } if (n.language) { ul=n.language.toLowerCase(); } else if (n.browserLanguage) { ul=n.browserLanguage.toLowerCase(); } je=n.javaEnabled()?1:0; if (_uflash) fl=_uFlash(); if (_ubd.characterSet) cs=_uES(_ubd.characterSet); else if (_ubd.charset) cs=_uES(_ubd.charset); return "&utmcs="+cs+"&utmsr="+sr+"&utmsc="+sc+"&utmul="+ul+"&utmje="+je+"&utmfl="+fl;}function __utmSetTrans() { var e; if (_ubd.getElementById) e=_ubd.getElementById("utmtrans"); else if (_ubd.utmform && _ubd.utmform.utmtrans) e=_ubd.utmform.utmtrans; if (!e) return; var l=e.value.split("UTM:"); var i,i2,c; if (_userv==0 || _userv==2) i=new Array(); if (_userv==1 || _userv==2) { i2=new Array(); c=_uGCS(); }  for (var ii=0;ii<l.length;ii++) {  l[ii]=_uTrim(l[ii]);  if (l[ii].charAt(0)!='T' && l[ii].charAt(0)!='I') continue;  var r=Math.round(Math.random()*2147483647);  if (!_utsp || _utsp=="") _utsp="|";  var f=l[ii].split(_utsp),s="";  if (f[0].charAt(0)=='T') {   s="&utmt=tran"+"&utmn="+r;   f[1]=_uTrim(f[1]); if(f[1]&&f[1]!="") s+="&utmtid="+_uES(f[1]);   f[2]=_uTrim(f[2]); if(f[2]&&f[2]!="") s+="&utmtst="+_uES(f[2]);   f[3]=_uTrim(f[3]); if(f[3]&&f[3]!="") s+="&utmtto="+_uES(f[3]);   f[4]=_uTrim(f[4]); if(f[4]&&f[4]!="") s+="&utmttx="+_uES(f[4]);   f[5]=_uTrim(f[5]); if(f[5]&&f[5]!="") s+="&utmtsp="+_uES(f[5]);   f[6]=_uTrim(f[6]); if(f[6]&&f[6]!="") s+="&utmtci="+_uES(f[6]);   f[7]=_uTrim(f[7]); if(f[7]&&f[7]!="") s+="&utmtrg="+_uES(f[7]);   f[8]=_uTrim(f[8]); if(f[8]&&f[8]!="") s+="&utmtco="+_uES(f[8]);  } else {   s="&utmt=item"+"&utmn="+r;   f[1]=_uTrim(f[1]); if(f[1]&&f[1]!="") s+="&utmtid="+_uES(f[1]);   f[2]=_uTrim(f[2]); if(f[2]&&f[2]!="") s+="&utmipc="+_uES(f[2]);   f[3]=_uTrim(f[3]); if(f[3]&&f[3]!="") s+="&utmipn="+_uES(f[3]);   f[4]=_uTrim(f[4]); if(f[4]&&f[4]!="") s+="&utmiva="+_uES(f[4]);   f[5]=_uTrim(f[5]); if(f[5]&&f[5]!="") s+="&utmipr="+_uES(f[5]);   f[6]=_uTrim(f[6]); if(f[6]&&f[6]!="") s+="&utmiqt="+_uES(f[6]);  }  if (_udl.hostname && _udl.hostname!="") s+="&utmhn="+_uES(_udl.hostname);  if (_usample && _usample != 100) s+="&utmsp="+_uES(_usample);   if ((_userv==0 || _userv==2) && _uSP()) {   i[ii]=new Image(1,1);   i[ii].src=_ugifpath+"?"+"utmwv="+_uwv+s;   i[ii].onload=function() { _uVoid(); }  }  if ((_userv==1 || _userv==2) && _uSP()) {   i2[ii]=new Image(1,1);   i2[ii].src=_ugifpath2+"?"+"utmwv="+_uwv+s+"&utmac="+_uacct+"&utmcc="+c;   i2[ii].onload=function() { _uVoid(); }  } } return;}function _uFlash() { var f="-",n=navigator; if (n.plugins && n.plugins.length) {  for (var ii=0;ii<n.plugins.length;ii++) {   if (n.plugins[ii].name.indexOf('Shockwave Flash')!=-1) {    f=n.plugins[ii].description.split('Shockwave Flash ')[1];    break;   }  } } else {  var fl;  try {   fl = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");   f = fl.GetVariable("$version");  } catch(e) {}  if (f == "-") {   try {    fl = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");    f = "WIN 6,0,21,0";    fl.AllowScriptAccess = "always";    f = fl.GetVariable("$version");   } catch(e) {}  }  if (f == "-") {   try {    fl = new ActiveXObject("ShockwaveFlash.ShockwaveFlash");    f = fl.GetVariable("$version");   } catch(e) {}  }  if (f != "-") {   f = f.split(" ")[1].split(",");   f = f[0] + "." + f[1] + " r" + f[2];  } } return f;}function __utmLinkerUrl(l,h) { var p,k,a="-",b="-",c="-",x="-",z="-",v="-"; var dc=_ubd.cookie; var iq = l.indexOf("?"); var ih = l.indexOf("#"); var url=l; if (dc) {  a=_uES(_uGC(dc,"__utma="+_udh+".",";"));  b=_uES(_uGC(dc,"__utmb="+_udh,";"));  c=_uES(_uGC(dc,"__utmc="+_udh,";"));  x=_uES(_uGC(dc,"__utmx="+_udh,";"));  z=_uES(_uGC(dc,"__utmz="+_udh+".",";"));  v=_uES(_uGC(dc,"__utmv="+_udh+".",";"));  k=(_uHash(a+b+c+x+z+v)*1)+(_udh*1);  p="__utma="+a+"&__utmb="+b+"&__utmc="+c+"&__utmx="+x+"&__utmz="+z+"&__utmv="+v+"&__utmk="+k; } if (p) {  if (h && ih>-1) return;  if (h) { url=l+"#"+p; }  else {   if (iq==-1 && ih==-1) url=l+"?"+p;   else if (ih==-1) url=l+"&"+p;   else if (iq==-1) url=l.substring(0,ih-1)+"?"+p+l.substring(ih);   else url=l.substring(0,ih-1)+"&"+p+l.substring(ih);  } } return url;}function __utmLinker(l,h) { if (!_ulink || !l || l=="") return; _udl.href=__utmLinkerUrl(l,h);}function __utmLinkPost(f,h) { if (!_ulink || !f || !f.action) return; f.action=__utmLinkerUrl(f.action, h); return;}function __utmSetVar(v) { if (!v || v=="") return; if (!_udo || _udo == "") {  _udh=_uDomain();  if (_udn && _udn!="") { _udo=" domain="+_udn+";"; } } if (!_uVG()) return; var r=Math.round(Math.random() * 2147483647); _ubd.cookie="__utmv="+_udh+"."+_uES(v)+"; path="+_utcp+"; expires="+_uNx()+";"+_udo; var s="&utmt=var&utmn="+r; if (_usample && _usample != 100) s+="&utmsp="+_uES(_usample); if ((_userv==0 || _userv==2) && _uSP()) {  var i=new Image(1,1);  i.src=_ugifpath+"?"+"utmwv="+_uwv+s;  i.onload=function() { _uVoid(); } } if ((_userv==1 || _userv==2) && _uSP()) {  var i2=new Image(1,1);  i2.src=_ugifpath2+"?"+"utmwv="+_uwv+s+"&utmac="+_uacct+"&utmcc="+_uGCS();  i2.onload=function() { _uVoid(); } }}function _uGCS() { var t,c="",dc=_ubd.cookie; if ((t=_uGC(dc,"__utma="+_udh+".",";"))!="-") c+=_uES("__utma="+t+";+"); if ((t=_uGC(dc,"__utmx="+_udh,";"))!="-") c+=_uES("__utmx="+t+";+"); if ((t=_uGC(dc,"__utmz="+_udh+".",";"))!="-") c+=_uES("__utmz="+t+";+"); if ((t=_uGC(dc,"__utmv="+_udh+".",";"))!="-") c+=_uES("__utmv="+t+";"); if (c.charAt(c.length-1)=="+") c=c.substring(0,c.length-1); return c;}function _uGC(l,n,s) { if (!l || l=="" || !n || n=="" || !s || s=="") return "-"; var i,i2,i3,c="-"; i=l.indexOf(n); i3=n.indexOf("=")+1; if (i > -1) {  i2=l.indexOf(s,i); if (i2 < 0) { i2=l.length; }  c=l.substring((i+i3),i2); } return c;}function _uDomain() { if (!_udn || _udn=="" || _udn=="none") { _udn=""; return 1; } if (_udn=="auto") {  var d=_ubd.domain;  if (d.substring(0,4)=="www.") {   d=d.substring(4,d.length);  }  _udn=d; } _udn = _udn.toLowerCase();  if (_uhash=="off") return 1; return _uHash(_udn);}function _uHash(d) { if (!d || d=="") return 1; var h=0,g=0; for (var i=d.length-1;i>=0;i--) {  var c=parseInt(d.charCodeAt(i));  h=((h << 6) & 0xfffffff) + c + (c << 14);  if ((g=h & 0xfe00000)!=0) h=(h ^ (g >> 21)); } return h;}function _uFixA(c,s,t) { if (!c || c=="" || !s || s=="" || !t || t=="") return "-"; var a=_uGC(c,"__utma="+_udh+".",s); var lt=0,i=0; if ((i=a.lastIndexOf(".")) > 9) {  _uns=a.substring(i+1,a.length);  _uns=(_uns*1)+1;  a=a.substring(0,i);  if ((i=a.lastIndexOf(".")) > 7) {   lt=a.substring(i+1,a.length);   a=a.substring(0,i);  }  if ((i=a.lastIndexOf(".")) > 5) {   a=a.substring(0,i);  }  a+="."+lt+"."+t+"."+_uns; } return a;}function _uTrim(s) {  if (!s || s=="") return "";  while ((s.charAt(0)==' ') || (s.charAt(0)=='\n') || (s.charAt(0,1)=='\r')) s=s.substring(1,s.length);  while ((s.charAt(s.length-1)==' ') || (s.charAt(s.length-1)=='\n') || (s.charAt(s.length-1)=='\r')) s=s.substring(0,s.length-1);  return s;}function _uEC(s) {  var n="";  if (!s || s=="") return "";  for (var i=0;i<s.length;i++) {if (s.charAt(i)==" ") n+="+"; else n+=s.charAt(i);}  return n;}function __utmVisitorCode(f) { var r=0,t=0,i=0,i2=0,m=31; var a=_uGC(_ubd.cookie,"__utma="+_udh+".",";"); if ((i=a.indexOf(".",0))<0) return; if ((i2=a.indexOf(".",i+1))>0) r=a.substring(i+1,i2); else return "";   if ((i=a.indexOf(".",i2+1))>0) t=a.substring(i2+1,i); else return "";   if (f) {  return r; } else {  var c=new Array('A','B','C','D','E','F','G','H','J','K','L','M','N','P','R','S','T','U','V','W','X','Y','Z','1','2','3','4','5','6','7','8','9');  return c[r>>28&m]+c[r>>23&m]+c[r>>18&m]+c[r>>13&m]+"-"+c[r>>8&m]+c[r>>3&m]+c[((r&7)<<2)+(t>>30&3)]+c[t>>25&m]+c[t>>20&m]+"-"+c[t>>15&m]+c[t>>10&m]+c[t>>5&m]+c[t&m]; }}function _uIN(n) { if (!n) return false; for (var i=0;i<n.length;i++) {  var c=n.charAt(i);  if ((c<"0" || c>"9") && (c!=".")) return false; } return true;}function _uES(s,u) { if (typeof(encodeURIComponent) == 'function') {  if (u) return encodeURI(s);  else return encodeURIComponent(s); } else {  return escape(s); }}function _uUES(s) { if (typeof(decodeURIComponent) == 'function') {  return decodeURIComponent(s); } else {  return unescape(s); }}function _uVG() { if((_udn.indexOf("www.google.") == 0 || _udn.indexOf(".google.") == 0 || _udn.indexOf("google.") == 0) && _utcp=='/' && _udn.indexOf("google.org")==-1) {  return false; } return true;}function _uSP() { var s=100; if (_usample) s=_usample; if(s>=100 || s<=0) return true; return ((__utmVisitorCode(1)%10000)<(s*100));}function urchinPathCopy(p){ var d=document,nx,tx,sx,i,c,cs,t,h,o; cs=new Array("a","b","c","v","x","z"); h=_uDomain(); if (_udn && _udn!="") o=" domain="+_udn+";"; nx=_uNx()+";"; tx=new Date(); tx.setTime(tx.getTime()+(_utimeout*1000)); tx=tx.toGMTString()+";"; sx=new Date(); sx.setTime(sx.getTime()+(_ucto*1000)); sx=sx.toGMTString()+";"; for (i=0;i<6;i++){  t=" expires=";  if (i==1) t+=tx; else if (i==2) t=""; else if (i==5) t+=sx; else t+=nx;  c=_uGC(d.cookie,"__utm"+cs[i]+"="+h,";");  if (c!="-") d.cookie="__utm"+cs[i]+"="+c+"; path="+p+";"+t+o; }}function _uCO() { if (!_utk || _utk=="" || _utk.length<10) return; var d='www.google.com'; if (_utk.charAt(0)=='!') d='analytics.corp.google.com'; _ubd.cookie="GASO="+_utk+"; path="+_utcp+";"+_udo; var sc=document.createElement('script'); sc.type='text/javascript'; sc.id="_gasojs"; sc.src='https://'+d+'/analytics/reporting/overlay_js?gaso='+_utk+'&'+Math.random(); document.getElementsByTagName('head')[0].appendChild(sc);  }function _uGT() { var h=location.hash, a; if (h && h!="" && h.indexOf("#gaso=")==0) {  a=_uGC(h,"gaso=","&"); } else {  a=_uGC(_ubd.cookie,"GASO=",";"); } return a;}var _utk=_uGT();if (_utk && _utk!="" && _utk.length>10 && _utk.indexOf("=")==-1) { if (window.addEventListener) {  window.addEventListener('load', _uCO, false);  } else if (window.attachEvent) {   window.attachEvent('onload', _uCO); }} function _uNx() {  return (new Date((new Date()).getTime()+63072000000)).toGMTString();}

So what is an urchin account? Although Google is mentioned, so is the urchin.com domain but its registration shows it belongs to Google. I went to www.urchin.com (which redirects to »www.google.com/urchin/index.html) and it appears to be code to analyze traffic (although the perp probably used the free Google Analytics service). Hopefully the perp just wanted to get some demographic data on who was trying to get to the hacked Comcast domain or to their freewebs site.

Re: Comcast hacked?

Thu, 29 May 2008 19:00:48 EDT

rardin : Michael, I know you've said that you're not a security expert and that there is no proof that usernames/passwords could've been harvested, but do you have a final word on this topic based on discussions with internal security experts at Comcast? Do we need to be concerned that our usernames and passwords might have been snagged if we used webmail, connected to the Support Forums, etc.? And, if so, when will we know that it's safe to change our passwords (that there's no chance that we're being redirected when we change our passwords)?

Re: Comcast hacked?

Thu, 29 May 2008 18:58:41 EDT

EG :

said by JCK :

forums.comcast.net redirects to www6.comcast.net Everyone else still seeing this?

I am...

Re: Comcast hacked?

Thu, 29 May 2008 18:57:24 EDT

JCK : forums.comcast.net redirects to www6.comcast.net Everyone else still seeing this?

Re: Comcast hacked?

Thu, 29 May 2008 18:42:45 EDT

Michael2 :

said by FLPNPISD :

Ok~ I was finally able to change my password and secret question. I then changed it on my outlook account settings. Now I really can't send and receive email HOWEVER once I get the Outlook pop up and put in my old password it works. Or at least I quit getting the pop up asking for password.

What can this be about? I am tired of being on eternal hold and need to get some documents out ASAP.

FLPNPISD,

If you are still able to use your old password (in Outlook), something did not go through. Which password works for accessing Comcast.net (old or new). Also, we are not currently holding calls in any of our call centers. You should be able to get through very quickly if needed.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 18:33:54 EDT

CrzyCrakr : So is this fixed yet?

I already changed my passwords. Anything else I need to do?

I am guessing I should hold off on paying my cable bill with my CC through the site. lol

Re: Comcast hacked?

Thu, 29 May 2008 18:17:59 EDT

anon :

said by gsm8 :

my guess is that you have to wait 24 hours for your new password to take effect.

That is not accurate. I just changed my password and was able to access email using the new password on outlook express right away.

Re: Comcast hacked?

Thu, 29 May 2008 17:56:48 EDT

gsm8 : my guess is that you have to wait 24 hours for your new password to take effect.

Re: Comcast hacked?

Thu, 29 May 2008 17:42:55 EDT

anon : Ok~ I was finally able to change my password and secret question. I then changed it on my outlook account settings. Now I really can't send and receive email HOWEVER once I get the Outlook pop up and put in my old password it works. Or at least I quit getting the pop up asking for password.

What can this be about? I am tired of being on eternal hold and need to get some documents out ASAP.

Re: Comcast hacked?

Thu, 29 May 2008 17:39:27 EDT

anon : Good think it was only hacked by script kiddie and not a criminal organization like OPEC.

NetSol

Thu, 29 May 2008 17:32:12 EDT

michiguide : Has Network Solutions issued any kind of statement on what happened? It appears right now that they were the weakest link in this incident.

Re: Comcast hacked?

Thu, 29 May 2008 17:26:35 EDT

sortofageek : Just curious and playing:

C:\>nslookup www.comcast.com
Server: My DNS Server
Address: Internal IP

Non-authoritative answer:
Name: www.comcast.com
Address: 68.87.60.144

C:\>nslookup www.comcast.net
Server: My DNS Server
Address: Internal IP

Non-authoritative answer:
Name: a1526.g.akamai.net
Addresses: 12.107.112.128, 12.107.112.130
Aliases: www.comcast.net, www.comcast.net.edgesuite.net

C:\>nslookup comcast.net
Server: My DNS Server
Address: Internal IP

Name: comcast.net
Addresses: 204.127.205.8, 204.127.195.15, 216.148.227.202, 204.127.228.15
63.240.76.72
--
Join Team Helix * I am praying for these friends .

Re: Comcast hacked?

Thu, 29 May 2008 17:22:05 EDT

jl747 : Just talked to Comcast tech support. The person I talked to could not tell me initially why I could not get any email via Outlook.
First he said that they could not help me since I was using MS Outlook and not OE.

Good thing I wasn't using Thunderbird.

He had to talk to someone higher up.

Also he finally came back on line and said the whole comcast.net (web and email) is all messed up and has no idea when it will be up and running.

This is just an FYI.

Re: Comcast hacked?

Thu, 29 May 2008 17:16:27 EDT

nhgames1010 : Are people using outlook affected also? Could they have gotten my password when i checked my email last night?

Re: Comcast hacked?

Thu, 29 May 2008 17:11:13 EDT

anon : Comcast.net will be going up and down all day today in all areas because of DNS thats why everyone is getting mixed results.

Re: Comcast hacked?

Thu, 29 May 2008 17:03:12 EDT

gsm8 : on a side note its sorta back up but with no graphics just txt links

Re: Comcast hacked?

Thu, 29 May 2008 17:03:10 EDT

maximus_808 :

said by K Patterson :

Yes, in the nerd world that would be roughly equivalent to having a spy cam in Brittany Spears panty drawer.

It doesn't take much to make us nerds happy, does it??

That may be an empty drawer based on some of the pics i've seen errrr heard about. :)

Re: Comcast hacked?

Thu, 29 May 2008 17:00:40 EDT

K Patterson : Now, that would really be cool...a keystroke logger on the machine that a Comcast Network Administrator uses to update DNS records at NetSol. :D

Yes, in the nerd world that would be roughly equivalent to having a spy cam in Brittany Spears panty drawer.

It doesn't take much to make us nerds happy, does it??

Re: Comcast hacked?

Thu, 29 May 2008 16:57:22 EDT

mac8500 :

said by K Patterson :

One other possibility that hasn't been mentioned - There could be a keystroke logger on a machine at Comcast corp.

Now, that would really be cool...a keystroke logger on the machine that a Comcast Network Administrator uses to update DNS records at NetSol. :D

Re: Comcast hacked?

Thu, 29 May 2008 16:53:55 EDT

anon : BTW, the main Level3 DNS servers 4.2.2.1 and 4.2.2.2 are clean in terms of this. They were back up and propegated this morning. You could always use those if you don't trust Comcast's internal ones.

And to the guy who said he called into the callcenter and the guy said the main .net webserver was crashed could be somewhat true. If you ping www.comcast.net you'll get an akamai network IP, who we all know is a mass provider of web traffic hosting for everyone who uses them. Could be they pointed to that so they don't kill the bandwidth this morning from everyone trying to change passwords or could be that they needed to scramble and put the .net site back up somewhere because the main server got borked. Otherwise, why redirect it to akamai? BTW, if you ping www.comcast.com you'll see it's still a Comcast network address. Why redirect .net and not .com? Doesn't make any sense unless they are two different servers and .net really did get hit as well. The initial "hack redirects" (that's what I'll call them for now) simply rerouted the IP traffic for ALL (*.comcast.net) to a 3rd party. Initially the new mail.comcast.net redirect was listening to ports 25 and 110. What happened behind the scenes to the main .net server or after Comcast found out and had NetSol change the redirects back, is totally up for speculation, but I find it rather strange that the .net page is on a akamai host server at the moment.... as least as much as Level3's DNS point it out to be anyway.

Re: Comcast hacked?

Thu, 29 May 2008 16:47:41 EDT

K Patterson : Oh, right! How stupid of me. I hope Bill Gates will forgive me.

Re: Comcast hacked?

Thu, 29 May 2008 16:46:16 EDT

anon :

said by K Patterson :

One other possibility that hasn't been mentioned - There could be a keystroke logger on a machine at Comcast corp.

Can't be, because the Microsoft Malicious Software Tool would have cleaned that off. :P

Re: Comcast hacked?

Thu, 29 May 2008 16:44:54 EDT

K Patterson : One other possibility that hasn't been mentioned - There could be a keystroke logger on a machine at Comcast corp.

Re: Comcast hacked?

Thu, 29 May 2008 16:40:50 EDT

newview :

said by madylarian :

That said, I wonder if Comcast is going to go after NetSol for this.

mady

God I hope so . . . if ever two companies deserve each other, it's Comcast and Network Solutions.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 16:37:12 EDT

anon : "reply to jlivingood
Have you tried accessing »mailcenter.comcast.net

Working for me.

JL"

Yeah, that was working for me too, earlier. Actually their whole site was working about 2 hours ago... then stopped. Now it loads a text version of the front page, and email remains inaccessible. Guess there's a second wave of hack attacks.

Re: Comcast hacked?

Thu, 29 May 2008 16:35:13 EDT

madylarian :

said by workrb :

Talk about bashing! Shouldn't this headline read Network Solutions was hacked??

Well, at 11:30pm last night when I first noticed the problem, there wasn't much information to go on. That said, I wonder if Comcast is going to go after NetSol for this.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 16:34:17 EDT

LeftOfSanity :

said by vextant :

I live in Western PA and still cannot access comcast.net, email through any client. I even hooked up my broadband phone to my PC to see if that would work. No dice.

So what the hell is going on?? I've tried the IPs I see in this thread and none of them work.

Any updates from anyone in the know?

Wow, it just keeps getting better. What does your broadband phone have to do with the Comcast.net site being down?

Kind of stretching it noe fellas.
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 16:25:56 EDT

LeftOfSanity :

said by ahhh :

For those adamant in saying comcast wasn't hacked I have a phone number to give you. When it is answered please enter all of you banking login information. The phone number will be that of your bank, because I said so.

At what point did the website ask you to enter info??

AFAIK, it was just a shoutout message.
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 16:23:31 EDT

sansri88 : Wait...I've been out all day. Has Comcast.net been hit again by hackers?

Re: Comcast hacked?

Thu, 29 May 2008 16:23:26 EDT

CUBS_FAN : 52 readers ...

Re: Comcast hacked?

Thu, 29 May 2008 16:21:58 EDT

elbrute : Mailcenter is working for me, the rest of the site
is still borked up.
Hopefully they will find a way to let us know when
it's fixed.

DBH

Re: Comcast hacked?

Thu, 29 May 2008 16:13:15 EDT

NormanS :

said by Farmboy :

So I hear "class action"?

Constantly; for every problem, no matter how inconsequential.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: Comcast hacked?

Thu, 29 May 2008 16:08:33 EDT

anon : I have tried every website listed, but still get the error 403. I have tried the cmd ipconfig as well.

Re: Comcast hacked?

Thu, 29 May 2008 16:03:48 EDT

anon : Have you tried accessing »mailcenter.comcast.net

Working for me.

JL

----

ah yes much better! thanks!

Re: Comcast hacked?

Thu, 29 May 2008 16:02:35 EDT

bigchris :

said by bound2bmine :

Try this you get redirected beck to comcast.net
»forums.comcast.net

That's due to the header and footer on the webpage and the problem is known and being worked on.

Re: Comcast hacked?

Thu, 29 May 2008 16:01:09 EDT

anon : Try this you get redirected beck to comcast.net
»forums.comcast.net

Re: Comcast hacked?

Thu, 29 May 2008 15:53:28 EDT

anon : For those adamant in saying comcast wasn't hacked I have a phone number to give you. When it is answered please enter all of you banking login information. The phone number will be that of your bank, because I said so.

Re: Comcast hacked?

Thu, 29 May 2008 15:50:26 EDT

anon : Well, with this current president in office I hope these boys enjoy southeast Cuba. I hear it's windy this time of year.

Re: Comcast hacked?

Thu, 29 May 2008 15:48:41 EDT

jlivingood :

said by nik :

still no e-mail... arghhhhh

i'm waiting for a very important reply :(

Have you tried accessing »mailcenter.comcast.net

Working for me.

JL

Re: Comcast hacked?

Thu, 29 May 2008 15:45:38 EDT

joe40 : it up but i get redirected back to comcast.net

Re: Comcast hacked?

Thu, 29 May 2008 15:44:20 EDT

JSRoman :

said by Farmboy :

I have spoken to Comcast several times today and the latest was the greatest. The tech was whispering, "They're not telling us anything but the main server (for .net) went down last night and they have to rebuild the page from scratch. The whole country is down and they have no idea when they will be able to get it back." SO we're going on at least 13 hours with no end in site. So I hear "class action"?

If you already know what the problem is why do you keep on calling into the Comcast callcenter?
--
»www.seabee.navy.mil

Re: Comcast hacked?

Thu, 29 May 2008 15:41:48 EDT

Pentaxian : ist - completely agree.. I mean to say, if these hacks want to really impress you guys, they should increase your DL speeds and remove your caps!

Screwing with people who are already getting screwed is llama-act.

Re: Comcast hacked?

Thu, 29 May 2008 15:40:40 EDT

anon : still no e-mail... arghhhhh

i'm waiting for a very important reply :(

Re: Comcast hacked?

Thu, 29 May 2008 15:40:21 EDT

K Patterson : I'm most impressed with 34,000 unique hits on this thread.

Re: Comcast hacked?

Thu, 29 May 2008 15:38:28 EDT

anon : While I hate Comcast as well, my choices are limited in my area. At first, I laughed and thought it was funny what had happened. Comcast overcharges people, has horrible customer service and has far too many failures (HS internet and cable).

But after the enjoyment wore off, I realized...this "hackers" are not the Robin Hood some are portraying them as. Why mess with the users? We are already getting hosed by Comcast and due to back door deals with congress, the senate and local government there is nothing we can do. Your supposed to rob from the rich and give to the poor, not beat on the poor further because you think Comcast will care about our complaints. You have done nothing to them and they will simply rebuild (I hope soon). Notice how Comcast.com is still running fine. So more people will sign up and hand over their hard earned cash on a weak and useless provider.

Thanks for nothing.

Re: Comcast hacked?

Thu, 29 May 2008 15:35:41 EDT

kontos :

said by deblin :

I am 99% they were not. Though as I said in my previous post, they could have shut down any smtp/pop/imap daemons they were running on the IP that mail.comcast.net was resolving to.

ore even worse, the bad guys could have done something like present the pop/imap/smtp service to only 1 out of every 100 unique IPs. That way for everybody that did get their info grabbed, there are 99 others that will post to some forum that they didn't see a server accepting the connections.

Re: Comcast hacked?

Thu, 29 May 2008 15:27:58 EDT

anon : Too funny. Just dropped the last month because they truly suck. Been very happy with Verizon DSL and Directv. Sorry for you people though.

Re: Comcast hacked?

Thu, 29 May 2008 15:14:40 EDT

swhitney2003 : But aren't all conversations recorded for training purposes? But I guess the rep wouldn't know, as he/she does not have to hear it every time someone calls.

Re: Comcast hacked?

Thu, 29 May 2008 15:14:12 EDT

Morac : I found the problem with the forums. I'm not sure if it's related to the hack or not, but going to forums.comcast.net redirects to www6.comcast.net if javascript is enabled.

I tracked the problem down to two javascripts that are pulled into the forum page. One is http://www.comcast.net/js/hb_main_new.js and the other is http://www.comcast.net/js/global/header_c_002.js (this one is pulled in from the http://www.comcast.net/header/vendor/standard/forums/help/index.html iframe included in the forums.

The problem is that both scripts include the following line in them:

quote:
top.location="http://www6.comcast.net....

This forces a redirection to www6.comcast.net whenever the scripts are sourced. Since the scripts are sourced by going to http://forums.comcast.net, trying to visit the forums goes to the www6.comcast.net page.

Until Comcast can fix this, a work around if you are using Firefox and the adblock extension is to add the following block rules:
http://www.comcast.net/js/hb_main_new.js
http://www.comcast.net/js/global/header_c_002.js

If you do that, then the forums will work fine.
--

The Comcast Disney Avatar has been retired.

Re: Comcast hacked?

Thu, 29 May 2008 15:12:10 EDT

rolfp :

said by ncherry :

said by udontknowhodou :

Isnt that describing hacking?? As per one person sticking up saying they where not hacked, I dont care what you say, they where hacked!!

Then you don't understand how things work! Comcast was not hacked. If anything Network Solutions 'was hacked' but even that isn't correct. It is my opinion that a bit of social engineering was at work here. I don't work for Comcast and they're not my customer but I am their customer. I work for a competitor but I don't like it when facts get blurred (or in this case smeared). The problem lies with the Network Solutions account, whether is was secure or could be secured or Network Solutions screwed up is the issue.

said by Epikos :

said by deblin :

So they WERE listening at one point? They most certainly are not now, but they may have shut them down once they realized the nameservers were being set back to the proper comcast auth NS's.

Deblin,
Yes, at one point last night around 10pm PST I did a port scan and tcp25 and tcp110 were both open and accepting connections.

I have real concerns that anyone who launched a mail client and connected to mail.comcast.net last night had their username and password captured to a log file on the rogue mail server.

I don't use comcast.net email, but my grandparents do. I'm leaving campus now to drive to their house and change their passwords.

I recommend anyone who uses comcast.net services to do the same.

In real life, condescendingly parsing the semantics of who was "hacked" doesn't hold a whole lot of H₂O. In a seat-of-the-pants contracting sense, Network Solutions is Comcast's agent for providing the service we pay for. If NS gets

said by wikipedia :p :

In computing, hacker has several meanings:[1]

• People engaged in circumvention of computer security. This primarily refers to unauthorized remote computer break-ins via a communication network such as the Internet (black hats), but also includes those who debug or fix security problems (white hats). Its earliest known meaning in the computer context[2] referred to an unauthorized user of the telephone company network (now called a phreaker).
• A community of enthusiast computer programmers and systems designers, originated in the 1960s around the Massachusetts Institute of Technology (MIT)'s Tech Model Railroad Club (TMRC) and MIT Artificial Intelligence Laboratory. This community is notable for launching the free software movement. The World Wide Web and the Internet itself are also hacker artifacts. [1] The Request for Comments (RFC) 1392 [2] amplifies this meaning as a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
• The hobbyist home computing community, focusing on hardware in the late 1970s (e.g. the Homebrew Computer Club[3]) and on software (computer games,[4] software cracking, the demoscene) in the 1980s/1990s.

Today, mainstream usage mostly refers to computer criminals, due to the mass media usage of the word since the 1980s. This includes script kiddies, people breaking into computers using programs written by others, with very little knowledge about the way they work. This usage is so much predominant in the general public that a large segment of it is unaware that different meanings also exist.

and this "circumvention of computer security" takes place in any part or agency with which Comcast delivers product to its clients, especially to the detriment of clients, for all intents and purposes, including semantic, Comcast has been hacked. I think.

Re: Comcast hacked?

Thu, 29 May 2008 15:06:51 EDT

newview : C|Net now has the news:

quote:
Comcast's Web portal has been hacked, leaving some subscribers unable to access their e-mail.

A company spokeswoman confirmed that the Comcast Web page had been hacked late on Wednesday. Subscribers who tried to access the site to check e-mail or access the company's official forums were greeted with this text instead:

[image removed]

The hackers apparently changed Comcast's registrar account at Network Solutions, which altered the DNS servers that were used to direct Comcast.net requests. In other words, the hackers essentially redirected traffic destined for the URL Comcast.net. Instead, the traffic went to IP addresses in Germany and elsewhere, reported the blog Broadband Reports.

»news.cnet.com/8301-10784_3-99547···9_3-0-20
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 15:06:44 EDT

anon : I have spoken to Comcast several times today and the latest was the greatest. The tech was whispering, "They're not telling us anything but the main server (for .net) went down last night and they have to rebuild the page from scratch. The whole country is down and they have no idea when they will be able to get it back." SO we're going on at least 13 hours with no end in site. So I hear "class action"?

Re: Comcast hacked?

Thu, 29 May 2008 14:57:21 EDT

anon : Talk about bashing! Shouldn't this headline read Network Solutions was hacked??

Re: Comcast hacked?

Thu, 29 May 2008 14:52:37 EDT

gdstuart :

said by guest2k8 :

gdstuart

are you at work ?

if so it still may be cached on the proxy and or firewall

are you at work ? yes

if so it still may be cached on the proxy and or firewall

good suggetion, but i'll just try from home. thx

BTW, CUBS_FAN, check your syntax: it's ipconfig /option. See you in the NL playoffs!

GDS (Phillies fan)

Re: Comcast hacked?

Thu, 29 May 2008 14:49:42 EDT

anon : I know kryogeniks yes they hate comcast, comcast had most of the people using comcast see the network solutions page so they didn't think they got hacked. Kryogeniks has owned comcast lots of times, they are a very smart group.

Re: Comcast hacked?

Thu, 29 May 2008 14:47:55 EDT

anon : I can't even get onto the comcast.net website to change my password. what does one do then?

Re: Comcast hacked?

Thu, 29 May 2008 14:27:15 EDT

anon : gdstuart

are you at work ?

if so it still may be cached on the proxy and or firewall

Re: Comcast hacked?

Thu, 29 May 2008 14:23:16 EDT

deblin : ouch, that's bad then. It looked like a practical joke, but if they were purposely collecting email passwords, that's not good at all.

People should change their email passwords immediately, if they were in fact capturing account info.
--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 14:22:56 EDT

anon : It doesn't seem like comcast.net was redirected to anything malicious.

The first IP that comcast.net was redirected to was 205.178.189.131, which is one of NetSol's web forwarding IPs. It seems that the hackers changed comcast.net's DNS records from Comcast's usual nameservers to a web forwarder that pointed to the freewebs page mentioned in the first post in this thread.

The second IP was 209.62.20.186, which is one of NetSol's parking IPs. For some reason, the DNS was changed from a web forwarder to NetSol's generic parking page, which explains why some people were seeing the "under construction" page.

The nameservers that were used, NS21.WORLDNIC.COM and NS22.WORLDNIC.COM, are also owned by Network Solutions.

Re: Comcast hacked?

Thu, 29 May 2008 14:22:53 EDT

MrWhsprs : Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>ipconfig /?

USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]

where
adapter Connection name
(wildcard characters * and ? allowed, see examples)

Options:
[snip]
/flushdns Purges the DNS Resolver cache.
[snip]

Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
--
Mike :-)

Re: Comcast hacked?

Thu, 29 May 2008 14:21:38 EDT

Epikos :

Re: Comcast hacked?

Thu, 29 May 2008 14:20:21 EDT

CUBS_FAN : its ipconfig/*space*dnsflush

Re: Comcast hacked?

Thu, 29 May 2008 14:14:23 EDT

FicmanS : I am finally able to access my email, for now anyways...

Re: Comcast hacked?

Thu, 29 May 2008 14:12:02 EDT

gdstuart : Nah, tried ipconfig /flushdns and still getting HTTP403.

BTW, the space goes before the slash, not after.

GDS

Re: Comcast hacked?

Thu, 29 May 2008 14:11:14 EDT

mac8500 : TorrentFreak has an interesting idea...

Comcast Hacked in BitTorrent Throttling Payback?

»torrentfreak.com/comcast-hacked-···-080529/

Re: Comcast hacked?

Thu, 29 May 2008 14:07:39 EDT

pokesph : ok.. this just a lame attempt by comcast to do a 'rick-roll' on their users.

More then likely its just some kind of dns exploit/injection or, as stated above, someone was able to gain access to the domain's account over at netsol.
Could have been much worse. MUCH.
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com

Re: Comcast hacked?

Thu, 29 May 2008 14:04:28 EDT

CUBS_FAN : have you tried flushing your DNS ? "ipconfig/ flushdns"

Re: Comcast hacked?

Thu, 29 May 2008 14:02:09 EDT

anon : I live in Western PA and still cannot access comcast.net, email through any client. I even hooked up my broadband phone to my PC to see if that would work. No dice.

So what the hell is going on?? I've tried the IPs I see in this thread and none of them work.

Any updates from anyone in the know?

Re: Comcast hacked?

Thu, 29 May 2008 13:58:28 EDT

trent25 : What happened is like someone changing the number that appears next your name in the phone directory. Such a thing happening would be the fault of the phone directory operators, not you.

So in this case I don't really see how Comcast is at fault. Network Solution's records for Comcast were altered some way or another, which resulted in an nslookup pointing to the wrong IP.

The only "hacking" that could have been involved is at Network Solutions. Comcast was not hacked. You just dialed the wrong number / connected to the wrong IP!

Re: Comcast hacked?

Thu, 29 May 2008 13:57:34 EDT

JSRoman : 51 readers - This says it all.
--
»www.seabee.navy.mil

Re: Comcast hacked?

Thu, 29 May 2008 13:53:16 EDT

K Patterson : Well, don't believe everything you read, and don't look for silent black helicopters behind every bush.

Someone, through social engineering, internal leaks, or most likly a brute force password cracker, obtained access to Comcast's account at Network Solutions. They then created a quick web site and DNS servers, then pointed the master DNS servers at the site. I don't want to argue and don't think you should be arguing whether this constitutes hacking. The point that others are making is that nothing was done to or compromised on any Comcast server. Unfortunately, even if Comcast were to correct it quickly, the fake entries have to disapear from all the cached DNS servers that were used to reach Comcast, and that total must be in the thousands. That also explains why some folks did not initially notice a problem - their DNS servers had not updated to the fake site.

Re: Comcast hacked?

Thu, 29 May 2008 13:45:59 EDT

CUBS_FAN : I feel a little better knowing that the password to my Email account is changed. I feel so alienated. :uhh:

Re: Comcast hacked?

Thu, 29 May 2008 13:45:30 EDT

anon : regardless it was still hacked into!! Once they got to the one, they got to the other which is comcast.

Re: Comcast hacked?

Thu, 29 May 2008 13:43:39 EDT

espaeth : Network Solutions was hacked.

Comcast was affected, but Comcast systems were not hacked.

It's not like someone got into Comcast's machines that contain your cable account/billing information. Someone hacked into the provider that inserts the DNS records that tells your computer where comcast.net resides.

Re: Comcast hacked?

Thu, 29 May 2008 13:43:16 EDT

kadar : Correct. However, the next time the necessity of "securing the internet" is brought up, you know as well as I, that the spin will be applied and it will be explained to the Congress Critters that they were indeed hacked.
--
The Revolutionary War was fought over a 14% tax, what % are you paying now?

Re: Comcast hacked?

Thu, 29 May 2008 13:41:11 EDT

Rob :

said by deblin :

said by CUBS_FAN :

said by LeftOfSanity :

Comcast.net servers were never breached.

They wasn't breached but we the consumer was breached by logging into an alternate server address.

No one is arguing that the end user wasn't affected. The fact remains, though, that comcast.net was not hacked. In fact, the registrar wasn't even hacked, the account that manages comcast.net's nameservers was. Probably due to social engineering or perhaps a weak password.

*edit* And I'm using the term "hacked" very loosely, because it wasn't really "hacked" in the sense of the word. A better way to put it was that this particular network solutions account was broken into.

Exactly. I wish everyone would stop giving these "kids" any credit - they did not hack comcast.net at all.

Re: Comcast hacked?

Thu, 29 May 2008 13:36:31 EDT

anon : broken into?? HMMMM hacked??? hmmmmmmmmm

Re: Comcast hacked?

Thu, 29 May 2008 13:35:31 EDT

anon : I just met with my local news for an interview and they are heading to comcast for an interview.

Re: Comcast hacked?

Thu, 29 May 2008 13:34:39 EDT

anon : dang gone right we where breached and you dang gone right its just suger coded, plain and simple it was hacked!! GET IT RIGHT PEOPLEEEEEEEEEEEE Any time the FBI are involved over an issue like this, its called hacking into the system!!

Re: Comcast hacked?

Thu, 29 May 2008 13:33:21 EDT

deblin :

said by CUBS_FAN :

said by LeftOfSanity :

Comcast.net servers were never breached.

They wasn't breached but we the consumer was breached by logging into an alternate server address.

Re: Comcast hacked?

Thu, 29 May 2008 13:29:01 EDT

pokesph :

said by madylarian :

I tried to look up urchinTracker that was referenced on the last hacked page source I saw and most of it was way above my head. What is it and is it something to worry about? I kept a text copy of that page but it doesn't copy well here.

mady

no, Urchin is a stats tracker now owned by Google.. at worst it 'remembers' your IP and pageviews..
nothing to worry about.

Re: Comcast hacked?

Thu, 29 May 2008 13:28:23 EDT

LeftOfSanity :

said by CUBS_FAN :

said by LeftOfSanity :

Comcast.net servers were never breached.

They wasn't breached but we the consumer was breached by logging into an alternate server address.

Nice try tho.
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 13:27:43 EDT

CUBS_FAN :

said by LeftOfSanity :

Comcast.net servers were never breached.

They wasn't breached but we the consumer was breached by logging into an alternate server address.

Re: Comcast hacked?

Thu, 29 May 2008 13:23:39 EDT

LeftOfSanity :

said by CUBS_FAN :

It's just "sugar coated" . It's like saying I scratched your car when in real life I rapped it around a pole.

No. Its not.

Comcast.net servers were never breached.
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 13:18:49 EDT

CUBS_FAN : It's just "sugar coated" . It's like saying I scratched your car when in real life I rapped it around a pole.

Re: Comcast hacked?

Thu, 29 May 2008 13:16:27 EDT

LeftOfSanity :

said by phills_suck :

Here is the news article....
Comcast admits they were hacked.

»news.yahoo.com/s/ap/20080529/ap_···8aqs0NUE

Where does it say that?

Comcast.net was not hacked, the traffic to it was redirected.
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 13:14:06 EDT

LeftOfSanity :

said by theonering :

I am being interviewed by my local news about this TODAY!!! I am so excited and NERVOUS!!! SO hopefully some news peple will start the ball rolling.

Lol, what?

Interviewed for what? And what is it you want this ball rolling towards?
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 13:11:37 EDT

CUBS_FAN : "It appears there was no malicious codes or script being run but a lot of people are saying that ports were being 'listened' to which could have led to the compromising of username/passwords," he added. ®

BAH! They came this close to mentioning BBR. That SS of the hackers message looks like it came straight from Karls article.

Re: Comcast hacked?

Thu, 29 May 2008 13:10:58 EDT

LeftOfSanity :

said by newview :

said by Comcast_Emply :

All sensitive information is safe and secure.

. . . and the check is in the mail.
. . . and I won't **** in your mouth.

Where are Comcast's assurances that sensitive info has not been compromised?

Like what? What would you suggest?
--
Fighting on the Internet is like winning the Special Olympics. Win or lose, your still Retarted!

Re: Comcast hacked?

Thu, 29 May 2008 13:04:41 EDT

mac8500 : News of the Comcast hack has now reached London.

»www.theregister.co.uk/2008/05/29···st_hack/

Re: Comcast hacked?

Thu, 29 May 2008 12:53:43 EDT

fatness :

said by phills_suck :

Here is the news article....
Comcast admits they were hacked.

»news.yahoo.com/s/ap/20080529/ap_···8aqs0NUE

From that article:

quote:
The front page of Comcast.net went down shortly before 11 p.m. EDT Wednesday and was replaced with a note saying the hackers had "RoXed" Comcast, according to postings at BroadbandReports.com.

--
Female monkeys often utter loud, distinctive calls before, during or after sex..

Re: Comcast hacked?

Thu, 29 May 2008 12:52:32 EDT

anon : All people at work trying to access comcast.net may have to have network or security guys flush their cache on the proxy servers/appliances and firewalls as now they have the redirected ip's stored in cache, or wait till they time out.

Re: Comcast hacked?

Thu, 29 May 2008 12:51:33 EDT

anon : I was just able to login to the account management portal and change all my passwords (I have a few slave mail accounts). I've disabled pop/smtp login from Thunderbird, and will probably keep it off for a bit, but it seems like the backend is coming back up, at least for metro Atlanta...

Re: Comcast hacked?

Thu, 29 May 2008 12:46:05 EDT

CUBS_FAN :

said by jcs361 :

My email is now working but I still can't access Comcast's help forums.

me too. same redirects

Re: Comcast hacked?

Thu, 29 May 2008 12:45:09 EDT

jcs361 : My email is now working but I still can't access Comcast's help forums.

Re: Comcast hacked?

Thu, 29 May 2008 12:43:35 EDT

anon : thanks for posting that article as some one thinks I dont understand what is going on here!! Comcast is admitting the fact now as well .

Re: Comcast hacked?

Thu, 29 May 2008 12:42:14 EDT

Jay_S : Things still not totally right here in Connecticut, especially with some of the other links on the Comcast.net site, but looks like it is being worked. I imagine there are lots of hits to comcast.net still going on.

Jay S.

Re: Comcast hacked?

Thu, 29 May 2008 12:36:54 EDT

phills_suck : Here is the news article....
Comcast admits they were hacked.

»news.yahoo.com/s/ap/20080529/ap_···8aqs0NUE

Re: Comcast hacked?

Thu, 29 May 2008 12:36:02 EDT

CUBS_FAN : funny is that the source page that *WAS* Comcast.net is still active.

Re: Comcast hacked?

Thu, 29 May 2008 12:26:13 EDT

anon : well read the report that comcast put out, and my local news is advised of it as well. If the fbi is involved along with others then what do you call it since you know so much ??

Re: Comcast hacked?

Thu, 29 May 2008 12:20:15 EDT

anon : I am being interviewed by my local news about this TODAY!!! I am so excited and NERVOUS!!! SO hopefully some news peple will start the ball rolling.

Re: Comcast hacked?

Thu, 29 May 2008 12:18:34 EDT

madylarian : I tried to look up urchinTracker that was referenced on the last hacked page source I saw and most of it was way above my head. What is it and is it something to worry about? I kept a text copy of that page but it doesn't copy well here.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 12:15:31 EDT

anon : I now see the complete home page as well--last night there was a period of time when I saw the home page, but there was a block in the middle upper-right of it that had the "network-security" "under construction" words in it.

Looks normal now, but I'm hesitant to try to log in to my email until I hear more (then plan to change my password right away). Guess I'll just use my Yahoo email until then... =)

Renton, WA

Re: Comcast hacked?

Thu, 29 May 2008 12:11:04 EDT

ncherry :

said by udontknowhodou :

Isnt that describing hacking?? As per one person sticking up saying they where not hacked, I dont care what you say, they where hacked!!

Re: Comcast hacked?

Thu, 29 May 2008 12:07:55 EDT

madylarian :

said by bigchris :

Well "you" didn't start it, but thank you for being the one to report it :-)

LOL! FWIW, newsgroups now work, at least!

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 12:07:00 EDT

newview :

said by madylarian :

Newview, I am able to log on to the home page but still getting redirected, as you were. And I even flushed and filled last night!

mady

Yep, still happening here.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 12:06:50 EDT

Michael2 :

said by madylarian :

Morning Michael, Chris. Quite a can of worms I started!

Newview, I am able to log on to the home page but still getting redirected, as you were. And I even flushed and filled last night!

mady

Gee, thanx Mady. I needed the lack of sleep! ;)
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 12:06:50 EDT

anon : I can finally get to the email logon page here in Seattle... but don't know if it is safe to actually do so? Haven't heard anything on the news or cnn about this.

Re: Comcast hacked?

Thu, 29 May 2008 12:06:30 EDT

bigchris : Well "you" didn't start it, but thank you for being the one to report it :-)

Re: Comcast hacked?

Thu, 29 May 2008 12:05:52 EDT

madylarian : Morning Michael, Chris. Quite a can of worms I started!

Newview, I am able to log on to the home page but still getting redirected, as you were. And I even flushed and filled last night!

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 12:04:59 EDT

newview :

said by Comcast_Emply :

All sensitive information is safe and secure.

. . . and the check is in the mail.
. . . and I won't **** in your mouth.

Where are Comcast's assurances that sensitive info has not been compromised?
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 12:01:58 EDT

anon : Isnt that describing hacking?? As per one person sticking up saying they where not hacked, I dont care what you say, they where hacked!!

Re: Comcast hacked?

Thu, 29 May 2008 12:01:14 EDT

anon : it is just DNS . All sensitive information is safe and secure.

Re: Comcast hacked?

Thu, 29 May 2008 11:59:01 EDT

Karl Bode : For what it's worth, I've updated the front page story to include commentary from Comcast spokesman Charlie Douglas. This is Comcast's official statement on the matter:

Last night users attempting to access Comcast.net were temporarily
redirected to another site by an unauthorized person. While that issue
has been resolved and customers have continued to have access to the
Internet and email through services like Outlook, some customers are
currently not able to access Comcast.net or Webmail. We apologize for
the inconvenience to our customers, and network engineers are working to
resolve the issue.

We believe that our registration information at the vendor that
registers the Comcast.net domain address was altered, which redirected
the site, and is the root cause of today's continued issues as well. We
have alerted law enforcement authorities and are working in conjunction
with them.

Re: Comcast hacked?

Thu, 29 May 2008 11:48:10 EDT

CUBS_FAN : I checked out the WHOis on the IP address that Comcast.net was being rerouted to (205.178.189.131)and found this to be interesting. The page was updated around 6pm yesterday. DNS resolves it to wf.networksolutions.com [205.178.189.131]

InQuent Technologies Inc. INQUENT-2 (NET-205-178-128-0-1)
205.178.128.0 - 205.178.191.255
Network Solutions, LLC NTSL-02 (NET-205-178-184-0-1)
205.178.184.0 - 205.178.191.255

# ARIN WHOIS database, last updated 2008-05-28 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database

Re: Comcast hacked?

Thu, 29 May 2008 11:41:44 EDT

newview : Edit: Meant to provide link -
»www.opendns.com/support/cache/?d···cast.net

Re: Comcast hacked?

Thu, 29 May 2008 11:41:43 EDT

deblin :

said by ajax25 :

I'm still getting 209.62.20.186 when I look up
www.comcast.net here at work.

209.62.20.186 looks up as ev1s-209-62-20-186.ev1servers.net

www6.comcast.net also gives 209.62.20.186

Open a command prompt (start -> run -> cmd, hit enter) and type:

ipconfig /flushdns
ipconfig /registerdns

Then try looking it up again.
--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 11:41:43 EDT

anon : So it wasn't a hack. It was a terrorist attack!!! Run!!!! AHHHHH! :P

Re: Comcast hacked?

Thu, 29 May 2008 11:39:16 EDT

anon : Whois Info

[Querying whois.arin.net]
[Redirected to rwhois.theplanet.com:4321]
[Querying rwhois.theplanet.com]
[rwhois.theplanet.com]
%rwhois V-1.5:003eff:00 whois.theplanet.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:EVRY-BLK-16
network:Auth-Area:209.62.0.0/17
network:Network-Name:TPIS-BLK-209-62-20-0
network:IP-Network:209.62.20.0/24
network:IP-Network-Block:209.62.20.0 - 209.62.20.255
network:Organization-Name:forums.directi.com
network:Organization-City:RAK
network:Organization-State:Ras Al Khaimah
network:Organization-Zip:400053
network:Organization-Country:United Arab Emirates
network:Description-Usage:customer
network:Server-Pri:ns1.ev1servers.net
network:Server-Sec:ns2.ev1servers.net
network:Tech-Contact;I:abuse@ev1servers.net
network:Admin-Contact;I:abuse@ev1servers.net
network:Created:20070608
network:Updated:20070608

Re: Comcast hacked?

Thu, 29 May 2008 11:35:16 EDT

K Patterson : It will be a while until all the cached dns servers catch up. Hours, some could take days if the expiration time is set to a (too) high value.

It would be best to use the IP's listed a few messages back rather than the URL's.

Actually, as I think about it, don't you have to be on a Comcast IP to access most of their servers? hopefully they hav flushed their own DNS servers.

Re: Comcast hacked?

Thu, 29 May 2008 11:33:49 EDT

CUBS_FAN :

said by ajax25 :

I'm still getting 209.62.20.186 when I look up
www.comcast.net here at work.

209.62.20.186 looks up as ev1s-209-62-20-186.ev1servers.net

When I did a nslookup I got this:

Non-authoritative answer:
Name: a1526.g.akamai.net
Addresses: 204.2.228.97, 204.2.228.80
Aliases: www.comcast.net, www.comcast.net.edgesuite.net

Looks about right for me

Re: Comcast hacked?

Thu, 29 May 2008 11:32:12 EDT

CUBS_FAN :

said by ajax25 :

I'm still getting 209.62.20.186 when I look up
www.comcast.net here at work.

209.62.20.186 looks up as ev1s-209-62-20-186.ev1servers.net

Interesting because that what Outlook was trying to go to when I was logging in.

Re: Comcast hacked?

Thu, 29 May 2008 11:29:56 EDT

ajax25 : I'm still getting 209.62.20.186 when I look up
www.comcast.net here at work.

209.62.20.186 looks up as ev1s-209-62-20-186.ev1servers.net

www6.comcast.net also gives 209.62.20.186

Re: Comcast hacked?

Thu, 29 May 2008 11:26:12 EDT

deblin :

said by theonering :

said by deblin :

said by mwoods94 :

m.comcast.net still works just fine.

mail.comcast.net, comcast.net and www.comcast.net appear to be resolving via the proper auth nameservers now:

So does that mean it is safe to enter passwords now?

You should check that it is resolving properly on YOUR end first. Otherwise, the records may be cached and you may be sending the info to the hijacked IP instead of the proper one(s).
--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 11:18:26 EDT

lauriej : i am also getting the redirect on the forums it goes back to main page. however comcast.net takes me to search page.

this is with ie7 and netscape

Re: Comcast hacked?

Thu, 29 May 2008 11:18:24 EDT

anon :

said by deblin :

said by mwoods94 :

m.comcast.net still works just fine.

mail.comcast.net, comcast.net and www.comcast.net appear to be resolving via the proper auth nameservers now:

So does that mean it is safe to enter passwords now?

Re: Comcast hacked?

Thu, 29 May 2008 11:16:04 EDT

anon : I'm not having luck with m.comcast.net anymore. It says I do not have access and the page is forbidden...

Re: Comcast hacked?

Thu, 29 May 2008 11:15:33 EDT

deblin : So they WERE listening at one point? They most certainly are not now, but they may have shut them down once they realized the nameservers were being set back to the proper comcast auth NS's.
--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 11:14:40 EDT

deblin :

said by mwoods94 :

m.comcast.net still works just fine.

mail.comcast.net, comcast.net and www.comcast.net appear to be resolving via the proper auth nameservers now:

quote:
floyd@pflog:~% host comcast.net
comcast.net has address 63.240.76.72
comcast.net has address 204.127.205.8
comcast.net has address 204.127.195.15
comcast.net has address 216.148.227.202
comcast.net has address 204.127.228.15
comcast.net mail is handled by 5 mx2.comcast.net.
comcast.net mail is handled by 5 mx1.comcast.net.
floyd@pflog:~% host mail.comcast.net
mail.comcast.net is an alias for mail.g.comcast.net.
mail.g.comcast.net has address 216.148.227.80
floyd@pflog:~% host www.comcast.net
www.comcast.net is an alias for www.comcast.net.edgesuite.net.
www.comcast.net.edgesuite.net is an alias for a1526.g.akamai.net.
a1526.g.akamai.net has address 216.207.68.40
a1526.g.akamai.net has address 216.207.68.26

--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 11:14:37 EDT

anon :

said by bigchris :

said by not :

I didn't post the info, but one of the first things I tried last night was to telnet to ports 25 and 110 to each respective dns name for mail.comcast.net and smtp.comcast.net. They both responded by listening, but without headers. Who really knows what was happening on the server end being hit, but one thing is sure... the ports were open on the redirected servers.

If you captured that in any way, can you send it to me via a private message please.

Unfortunatly I didn't. Sorry. I was testing various things while changing DNS servers to various ones to see how far it spread. Then I got to posting the dug up info on here. If you work for Comcast, I would definatly warn the higher-ups. I wish I had more info to give you... sorry. However, screen captures probably wouldn't have done you any good anyway because like I said, there were no headers on the answering ports. The connection would just establish. I can't tell you what the server was setup to do, just that a connection to 25 and 110 were most definatly being established and held live for long times (would not time out) until I disconnected.

Re: Comcast hacked?

Thu, 29 May 2008 11:13:24 EDT

anon : m.comcast.net still works just fine.

Re: Comcast hacked?

Thu, 29 May 2008 11:12:45 EDT

deblin :

said by pokesph :

I can't believe I slept through the whole thing. :(

So, bottom line, are our email login's compromised or not?

I am 99% they were not. Though as I said in my previous post, they could have shut down any smtp/pop/imap daemons they were running on the IP that mail.comcast.net was resolving to.
--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 11:11:51 EDT

deblin :

said by Michael2 :

said by Bluegrassman :

Michael, could you please clarify something? I have not tried logging into any comcast.net pages. However I have been using Windows Mail and Outlook since last night with no issues. Is it really possible that our login info may have been "grabbed" by doing so??

BGM, I am not a security expert and I would rather not speculate on whether this was possible or not. I can tell you that there is no evidence that this has happened.

Unless they have changed something on that IP that mail.comcast.net was resolving to, it appears as though they were not running any mail daemons (pop, smtp, imap, etc) to mine user passwords/etc. All the common mail ports are filtered:

quote:
PORT STATE SERVICE
25/tcp filtered smtp
106/tcp filtered pop3pw
109/tcp filtered pop2
110/tcp filtered pop3
143/tcp filtered imap
220/tcp filtered imap3
465/tcp filtered smtps
473/tcp filtered hybrid-pop
993/tcp filtered imaps
995/tcp filtered pop3s
1109/tcp filtered kpop

--
»hillaryis404.org/

Re: Comcast hacked?

Thu, 29 May 2008 11:11:45 EDT

pokesph : I can't believe I slept through the whole thing. :(

So, bottom line, are our email login's compromised or not?

was using SSL on 995 (pop) and 465 (smtp)

also of note: I did LOL IRL at the front page news story. Its definitely Comcastic!
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com

Re: Comcast hacked?

Thu, 29 May 2008 11:09:12 EDT

CUBS_FAN : Remember all the chaos that happened when Comcast.net had remodeled their homepage? That simple remodeling project went on for weeks. This is a whole lot more damaging. This could go on for months..

Re: Comcast hacked?

Thu, 29 May 2008 11:08:50 EDT

dadkins : Must be a regional issue then. :(

Re: Comcast hacked?

Thu, 29 May 2008 11:07:31 EDT

anon :

said by CUBS_FAN :

I do remember this, after seeing that I was going to a EV1server.net from AVG I did get an error message roughly about "smtp popserver.comcast" error in connecting.

Maybe we was rerouted but nobody was home to accept our login info. I feel a little better knowing there was an error and I didn't indeed login successful to who knows what.

Just because you got an error in Outlook doesn't mean something didn't capture your login info. It just means that Outlook couldn't establish a valid pop3 or smtp conduit to the requested server. No one said they had a running mail server up, but if they had one listening to the mail ports they could have picked off the usernames and passwords and nothing more.

Re: Comcast hacked?

Thu, 29 May 2008 11:07:07 EDT

CUBS_FAN : I hit back and then I see the forums for about 5 seconds. I tried to click on one of the threads for only to be redirected back to »www6.comcast.net/a/?prvtof=8b2Vk···TPAunYp3

Re: Comcast hacked?

Thu, 29 May 2008 11:06:18 EDT

Bluegrassman : Thanks Michael. For now I will plan on changing my password as soon as we get the "all clear" from you or one of the other Mods at Comcast.

BGM

Re: Comcast hacked?

Thu, 29 May 2008 11:04:55 EDT

dadkins : Still open to the forums here - in Opera.

Re: Comcast hacked?

Thu, 29 May 2008 11:03:51 EDT

Michael2 :

BGM, I am not a security expert and I would rather not speculate on whether this was possible or not. I can tell you that there is no evidence that this has happened.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 11:03:31 EDT

bigchris :

If you captured that in any way, can you send it to me via a private message please.

Re: Comcast hacked?

Thu, 29 May 2008 11:02:50 EDT

dadkins : Hey BGM! :)
Good to see you as well my Friend!

Last night comcast.net was nothing but a test pattern(maintenance) page.
Today, everything so far lights right up - for me at least.

David
--
Think outside the Fox... Opera

Re: Comcast hacked?

Thu, 29 May 2008 11:02:26 EDT

CUBS_FAN :

Re: Comcast hacked?

Thu, 29 May 2008 11:01:42 EDT

newview :

said by dadkins :

if you are already logged in, try this link:

»forums.comcast.net/comcastsupport/

No redirect for 3 minutes and counting.

I got the redirect immediately.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 11:01:36 EDT

anon : In alabama, the comcast.net portal page is now loading. One hour ago it wasnt. How long before we should even try to change passwords?

Also, if I tried to check mail last night through Outlook Express, and I never got connected (it said the server coudlnt connect or something), does that mean my info could have been accessed? Or just if I actually got through to check my mail? I was using ports 25 and 110

Re: Comcast hacked?

Thu, 29 May 2008 11:00:35 EDT

dadkins : if you are already logged in, try this link:

»forums.comcast.net/comcastsupport/

No redirect for 3 minutes and counting.
--
Think outside the Fox... Opera

Re: Comcast hacked?

Thu, 29 May 2008 11:00:17 EDT

anon :

said by bigchris :

said by Epikos :

Comcast's DNS gets hacked and redirects users to the hackers server. This server was listening on tcp25 and tcp110.
Customers unknowingly launch outlook express and send their username and password to the hackers server.

I asked this earlier in the thread but it got quickly swamped. Do you have any evidence you can provide that shows the systems were even responding on those ports? So far i've seen a lot of conjecture that it happened but no proof. I was testing this all night and none of the systems would even respond on those ports so I don't believe the intention of this havoc was to grab user id's and passwords. BUT, if you have something showing a system other than the correct one responded, then please let me have it asap.

I didn't post the info, but one of the first things I tried last night was to telnet to ports 25 and 110 to each respective dns name for mail.comcast.net and smtp.comcast.net. They both responded by listening, but without headers. Who really knows what was happening on the server end being hit, but one thing is sure... the ports were open on the redirected servers.

Re: Comcast hacked?

Thu, 29 May 2008 11:00:17 EDT

anon : Good thing Comcast has 200 new employees starting a "aggressive customer retention program" Sunday! They sure are going to have their work cut out for them with this recent black eye.

-----------------
»Comcast Ramping Up Customer Retention Offers

Comcast Ramping Up Customer Retention Offers
200 new employees aimed at keeping you with Comcast

Despite the fact that Comcast has hired some 15,000 new support workers in the last 18 months, Comcast customer satisfaction is at an all time low. The cable giant has been building a new, 700 employee call center in Newark, Delaware, where 200 new agents will be devoted specifically to retaining customers "no matter what it takes." The new retention push begins June 1 according to CED Magazine, offering little detail but calling it the "single-most aggressive customer retention program in the industry."

Re: Comcast hacked?

Thu, 29 May 2008 10:59:52 EDT

Bluegrassman : Hey Dadkins! Good to see ya. Those links work for me now too, but I'm not ready to trust them for logging in....just yet... ;)

Re: Comcast hacked?

Thu, 29 May 2008 10:58:26 EDT

dadkins : »www.comcast.net/a/

and

»www6.comcast.net/a/

... both work fine for me.

Account?

»https://acctmgt.comcast.net/Comcast/Acct···tmgt.cmd

see pic

Works here, must be a region by region thing... :(
--
Think outside the Fox... Opera

Re: Comcast hacked?

Thu, 29 May 2008 10:57:44 EDT

newview :

said by CUBS_FAN :

I do this too for it to only redirect me again after about 5 seconds

Hmmm . . . I'm not seeing that behavior. Once I'm in, I'm in . . . even navigating to different forums causes no redirection.

Edit: Oops . . . spoke too soon. I'm now seeing redirection on forum changes. This wasn't happening earlier.

--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 10:56:35 EDT

Bluegrassman : Michael, could you please clarify something? I have not tried logging into any comcast.net pages. However I have been using Windows Mail and Outlook since last night with no issues. Is it really possible that our login info may have been "grabbed" by doing so??

Re: Comcast hacked?

Thu, 29 May 2008 10:55:41 EDT

bigchris :

Re: Comcast hacked?

Thu, 29 May 2008 10:55:07 EDT

CUBS_FAN :

said by newview :

said by CUBS_FAN :

Good morning Michael2 I'm able to login and see the Comcast help forums for a split second. Then I get redirected and nothing loads.

I'm seeing the same thing . . . (redirected back to the Comcast portal), but can hit the "Stop" button to prevent the redirect and then enter the forums normally.

I do this too for it to only redirect me again after about 5 seconds

Re: Comcast hacked?

Thu, 29 May 2008 10:52:51 EDT

newview :

said by CUBS_FAN :

Good morning Michael2 I'm able to login and see the Comcast help forums for a split second. Then I get redirected and nothing loads.

I'm seeing the same thing . . . (redirected back to the Comcast portal), but can hit the "Stop" button to prevent the redirect and then enter the forums normally.
--

Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?

Re: Comcast hacked?

Thu, 29 May 2008 10:52:46 EDT

jlivingood : Very interesting info.

Thanks
JL

Re: Comcast hacked?

Thu, 29 May 2008 10:51:53 EDT

anon : Michael2, I think it's important that you post what IP should go to what on Comcast's network. Right now, things are resolving all over the place and people don't know what IP to trust. WTF is going on over there guys? I also can't believe Comcast would forget to lock their registrar records... come on! Also Michael2, why doesn't the Acccount Management site come up? acctmgt.comcast.net pings, but doesn't respond. WTF is up with that?

Re: Comcast hacked?

Thu, 29 May 2008 10:51:03 EDT

dadkins : RARELY go to comcast.net, I got the "Maintenance" page last night... hacked? ok...
today it seems(so far) to work fine, for me at least.
--
Think outside the Fox... Opera

Working now

Re: Comcast hacked?

Thu, 29 May 2008 10:50:55 EDT

Epikos : If the account management website is slow or inaccessible, I wonder if theres an influx of users changing their passwords?

Or even worse(or better, depending if you like seeing comcast suffer), consider this:

Comcast's DNS gets hacked and redirects users to the hackers server. This server was listening on tcp25 and tcp110.
Customers unknowingly launch outlook express and send their username and password to the hackers server.

Now the hackers have a big fat text file containing everyones username and password.

If I were the hackers, I would script a way to login to the Comcast account management website and change all the passwords to something I could control. This would lockout customers from their accounts, at least for a while.

Now the hackers have a huge number of email addresses and passwords that can each be used to blast spam to the internet until things get blocked, at which point all the customers have been blacklisted. Even if they get their accounts back, good luck emailing anyone.

If the account management site is inaccessible or slow to load, maybe customers aren't changing passwords, maybe your passwords are being changed for you...
--
I refuse to have a battle of wits with an unarmed person!

Re: Comcast hacked?

Thu, 29 May 2008 10:49:37 EDT

CUBS_FAN : Good morning Michael2 I'm able to login and see the Comcast help forums for a split second. Then I get redirected and nothing loads.

Re: Comcast hacked?

Thu, 29 May 2008 10:47:14 EDT

Michael2 :

said by Answers :

2. The reps you speak with on the phone are only told enough information to satisfy basic customer inquiries. Yes, they were told to tell users there is maintenance going on, not that the site was hacked as it, in fact, was not.

This is categorically false. At no point were our phone representatives told to tell customers that the problems were due to maintenance. The official talking points, sent out to all of our support centers, simply stated that we are aware of the problem and working to resolve it as quickly as possible.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 10:46:43 EDT

anon : I've read through this entire thread, and people doubting that comcast was hacked can give it up. The group that did it temporarily owned the entire tld comcast.net. That means mail.comcast.net, mobile.comcast.net, EVERYTHING.comcast.net. So every time you tried to log in to anything at comcast.net your login credentials (in the case of email) were sent by your mail reader to someone elses server, where it could be grabbed.

Not saying it WAS grabbed, but could.

Re: Comcast hacked?

Thu, 29 May 2008 10:46:34 EDT

CUBS_FAN : Is it even safe to attempt to change my PWD? Has anyone succeeded in changing their password?

Re: Comcast hacked?

Thu, 29 May 2008 10:42:43 EDT

anon : The account management site cannot be reached on Comcast's site. It's either getting hammered or things are not looking good for the big C. However, it seems even Level3 DNSs now have the same entries that Comcast DNS servers had last night. They pushed the prop quickly, but still. Some of the servers that are responding to pings in the comcast.net domain are also listed as all over the place too. I wonder if Comcast redirected all their stuff to backup locations? I really hope this hits CNN, they are trying to cover it up big time. It's not that Comcast's network got hacked, but that after the DNS redirects happened people's info was being intercepted when they tried to use various Comcast services, email being the most prevalent. Imagine if the hackers would have had the brains to setup exact page layouts of Comcast. No one would have been the wiser for a while and imagine how many people would have been phished. This is lame and truly needs CNN coverage to bring out the truth.

Re: Comcast hacked?

Thu, 29 May 2008 10:41:27 EDT

JSRoman : According to past threads on BBR, no one uses the Comcast portal.
--
»www.seabee.navy.mil

Re: Comcast hacked?

Thu, 29 May 2008 10:40:12 EDT

espaeth :

said by CUBS_FAN :

IS theplanet affiliated with Comcast? This still means that I was trying to log my UN+PW into a 3rd party server run by who knows.

ThePlanet is just a utility provider of server and hosting resources, they have tens of thousands of customers.

There would be no reason for Comcast to have a server there though -- they have their own hosting facilities in multiple states. It was also the compromised DNS resolvers that were pointing A records in to ThePlanet address space, so Comcast wasn't in control when traffic was being directed there.

Re: Comcast hacked?

Thu, 29 May 2008 10:36:12 EDT

anon : use m.comcast.net (for mobile) as it's not been affected.

Re: Comcast hacked?

Thu, 29 May 2008 10:35:27 EDT

espaeth :

said by CUBS_FAN :

What gets me is that it has been over 10 hours and Comcast is still in chaos in recovering from a breach of DNS routing..

I suspect Comcast's site is now undergoing the "Digg effect". News like this is bound to cause people to hit the Comcast portal that would never go there under normal circumstances.

Re: Comcast hacked?

Thu, 29 May 2008 10:33:36 EDT

CUBS_FAN :

said by espaeth :

EV1Servers merged with ThePlanet a few months ago. It's a company that owns multiple data centers and leases servers.

IS theplanet affiliated with Comcast? This still means that I was trying to log my UN+PW into a 3rd party server run by who knows.

Re: Comcast hacked?

Thu, 29 May 2008 10:28:09 EDT

ncherry : Wow, lots of screaming and yelling and only bits of information.

I'm not sure who to blame with this one. I wonder if Comcast could have 'locked' the account or did the vandal bypass that security. If it could have been locked as was not then the blame lies with Comcast (lack of due diligence). If it was locked then Network Solutions was to blame.

Either way this leads to the following: comcast.net wasn't going to Comcast. This means that if I ftp'd files to upload.comcast.net I may have given my password to the alternate site. If I sent mail then the alternate site could have gotten my password and id from that site. I don't use port 25 or 110 which someone said the alternate site was monitoring. If I logged in on the main web site they could have gotten my id/password. This is disturbing and now I'll have to change all my passwords as I can't trust that they're now safe. What really bothers me at this point is that I see no notification from Comcast that this happened and that my account may not longer be safe. I seem to be able to get to valid *.comcast.net sites (I've checked) but I have no idea if there could have been a problem over night and I might not have noticed it.
--
Neil Cherry
Linux Home Automation
Linux HA Blog
Author: Linux Smart Homes For Dummies

Re: Comcast hacked?

Thu, 29 May 2008 10:27:28 EDT

espaeth :

said by CUBS_FAN :

What scares the heck out of me is that this is the WHOis on ev1servers.net and nowhere in there do I see anything resembling Comcast's name.

EV1Servers merged with ThePlanet a few months ago. It's a company that owns multiple data centers and leases servers.

Re: Comcast hacked?

Thu, 29 May 2008 10:12:04 EDT

anon :

said by udontknowhodou :

and you think thats not hacked???????? Well the first page it started giving us all last nght proved it, see the first few forms here on page one and 2 and so on, I think it was and if it wasnt then who at comcast screwed with them!!!!!!!!!!!!!!!!! The only way this could have happened was a hack or an employee screwing around!!!! Lets all think about this and stop bsing the world here, some of us are not as stupid as you think we are!!!!!!!!!!

...and some of you are. All that's needed to "hack" a site as you put it, is to contact the company hosting the DNS forwarding and change the IP address that a website is sent to. So what you're saying is that Comcast was hacked by someone at a third party incorrectly changing information on their server??? You've obviously thought your comments through.

Re: Comcast hacked?

Thu, 29 May 2008 10:11:48 EDT

CUBS_FAN : What gets me is that it has been over 10 hours and Comcast is still in chaos in recovering from a breach of DNS routing.. I always knew something was wrong with Comcasts DNS' when it went down all the time in the past.

Re: Comcast hacked?

Thu, 29 May 2008 10:08:48 EDT

CUBS_FAN :

said by mike12806 :

The comcast.net site just wigs out and reloads constantly for me!

I get that too on the AT&T DSL connection at work

Re: Comcast hacked?

Thu, 29 May 2008 10:08:18 EDT

CUBS_FAN : Its equivalent to someone literally relocating your home to alternative address when you arrive home from work, and your original home is being ransacked.

Re: Comcast hacked?

Thu, 29 May 2008 10:08:13 EDT

mike12806 : COMCAST.NET.GRASSLANDTHEBAND.COM
COMCAST.NET

That's what i get for a WHOIS lookup on my mack network utility!

Re: Comcast hacked?

Thu, 29 May 2008 10:07:22 EDT

mike12806 : The comcast.net site just wigs out and reloads constantly for me!

Re: Comcast hacked?

Thu, 29 May 2008 10:05:54 EDT

anon : What scares the heck out of me is that this is the WHOis on ev1servers.net and nowhere in there do I see anything resembling Comcast's name.

MY POINT AND THEY WANT TO SAY ITS NOT HACKED, what foolssssssssssssssssssss

Re: Comcast hacked?

Thu, 29 May 2008 10:04:12 EDT

anon : and you think thats not hacked???????? Well the first page it started giving us all last nght proved it, see the first few forms here on page one and 2 and so on, I think it was and if it wasnt then who at comcast screwed with them!!!!!!!!!!!!!!!!! The only way this could have happened was a hack or an employee screwing around!!!! Lets all think about this and stop bsing the world here, some of us are not as stupid as you think we are!!!!!!!!!!

Re: Comcast hacked?

Thu, 29 May 2008 10:00:28 EDT

CUBS_FAN :

said by CUBS_FAN :

Omg becareful trying to access your email accounts.

What scares the heck out of me is that this is the WHOis on ev1servers.net and nowhere in there do I see anything resembling Comcast's name. :mad: :mad:

Registrar: TUCOWS INC.
Status: clientTransferProhibited
Dates: Created 31-jul-2003 Updated 30-nov-2006 Expires 31-jul-2015
DNS Servers: NS2.EV1SERVERS.NET NS1.EV1SERVERS.NET

Registrant:
EV1Servers.net
390 Benmar Drive
Suite 200
Houston, TX 77060
US

Domain name: EV1SERVERS.NET

Administrative Contact:
Manager, Domain *************@ev1servers.net
390 Benmar Drive
Suite 200
Houston, TX 77060
US
+1.7133337873 Fax: +1.7139429332

Technical Contact:
Manager, Domain *************@ev1servers.net
390 Benmar Drive
Suite 200
Houston, TX 77060
US
+1.7133337873 Fax: +1.7139429332

Re: Comcast hacked?

Thu, 29 May 2008 10:00:14 EDT

anon : The m.comcast.net site is something that is generally used for mobile devices. That site (while basic) is secure and working as of 8am est. I'm not going to go into a whole lot of detail about where I got this information, but you can take it as fact...

1. The Comcast site was not hacked, the DNS servers were redirected to a non-Comcast IP address.

2. The reps you speak with on the phone are only told enough information to satisfy basic customer inquiries. Yes, they were told to tell users there is maintenance going on, not that the site was hacked as it, in fact, was not.

3. When calling support, expect a long wait time as there's many people ahead of you in the queue. Thinking that by selecting a different option just to get a tech on the line quicker will result in you getting information like "The internet's down".

4. Screaming and yelling at the people on the phone is not going to get your issue resolved any quicker. They will not be able to give you any real useful information other than "We're aware of the issue and are working on it.". Pressing for more information will be futile as reps are not updated with anything more than a listing of current outages. None of these outages have ETA's on resolution.

I hope the little bit of information I've provided is of some use, or at the very least let's you know what to expect.

Cheers :)

Re: Comcast hacked?

Thu, 29 May 2008 09:59:47 EDT

anon : still getting chrome pa crap in savannah ga here, this sucks _ss so bad.

OH WELLLL , we all need to complain for credit dang it!!

Re: Comcast hacked?

Thu, 29 May 2008 09:59:18 EDT

bigchris :

said by Windy :

mail still not working Portland Oregon area this a.m.

Thursday morning.

What shows is basic Comcast search page.

Windy

There is a lot of work going on to resolve this so you may see sporadic success and failure until we have it resolved. Please bear with us.

Re: Comcast hacked?

Thu, 29 May 2008 09:57:36 EDT

anon : mail still not working Portland Oregon area this a.m.

Thursday morning.

What shows is basic Comcast search page.

Windy

Re: Comcast hacked?

Thu, 29 May 2008 09:53:42 EDT

CUBS_FAN :

said by B_T :

It appears safe, I have tried it at can access my email without any errors. It is a very limited interface since it is designed for mobile phones, that must be why no https secure interface.

Thanks! It worked. I see what you mean about generic form. Definitely meant for cell phones.

Re: Comcast hacked?

Thu, 29 May 2008 09:52:08 EDT

lauriej : cubs fan that is the same thing i get when trying to access the forums.

Re: Comcast hacked?

Thu, 29 May 2008 09:50:16 EDT

CUBS_FAN : I found the typical sign in page to acces members only content on the forums. Once inserting my account information I see the forum for a split second then a redirect to »www.comcast.net/a/?prvtof=adflnj···nafjknsa etc etc.. then this box is display.

Too paranoid

Re: Comcast hacked?

Thu, 29 May 2008 09:49:00 EDT

anon : It appears safe, I have tried it at can access my email without any errors. It is a very limited interface since it is designed for mobile phones, that must be why no https secure interface.

Re: Comcast hacked?

Thu, 29 May 2008 09:46:05 EDT

anon : my local news has it here, you all need to call your local news as well. I am finding my freinds dont even know yet till i called them. I would not try to access my email, since it is redirecting you to another page. HECK NOOOOOO

Re: Comcast hacked?

Thu, 29 May 2008 09:45:17 EDT

anon : »https://login.comcast.net/login?s=portal···t.net/a/

This is the URL which has allowed me to successfully gain access to my alias accounts.

There are others that appear to still have problems i.e. incorrect account names and frozen browsers accessing comcast.net (home).

blk

be good good people!

Re: Comcast hacked?

Thu, 29 May 2008 09:42:40 EDT

CUBS_FAN :

said by B_T :

You can check you mail through the mobile web interface here according to comcast help analysist....
»m.comcast.net/

It seems to work, just primitive.

IS »m.comcast.net/signIn.jsp?redirec···List.jsp safe to login to? you would think it would be a secure HTTPS page. I'm too paranoid to try loggin into my email Account... WTF COMCAST!!!! :mad: :mad:

Re: Comcast hacked?

Thu, 29 May 2008 09:41:01 EDT

lauriej : anyone know how to get to the forums? i keep getting redirected i live in sw florida.

Re: Comcast hacked?

Thu, 29 May 2008 09:40:26 EDT

CUBS_FAN : Outlook has worked since last night. A simple flush of the DNS was the trick for me. My email account didnt show any evidence of usage done by someone else but then again all they need is to view what I had already look at.

Re: Comcast hacked?

Thu, 29 May 2008 09:37:53 EDT

anon : You can check you mail through the mobile web interface here according to comcast help analysist....
»m.comcast.net/

It seems to work, just primitive.

Re: Comcast hacked?

Thu, 29 May 2008 09:34:59 EDT

Bluegrassman : FWIW, I've had Outlook open all morning with no issues. My mail is coming in normal.

Re: Comcast hacked?

Thu, 29 May 2008 09:34:47 EDT

anon : As I muddled about the site trying to get my email today, there was a blank page with some links on the side. Among these was place for a screen name/address which was NOT mine to "LOG OUT"

Re: Comcast hacked?

Thu, 29 May 2008 09:34:29 EDT

XtremepH : I am as well but it is also displaying other usernames that don't belong to me.

Re: Comcast hacked?

Thu, 29 May 2008 09:33:13 EDT

anon : I am getting the same small page with login options. I do not trust it yet either. And as much as I want to check my mail through Outlook, I dont think I'm ready for that yet. Just in case.

Re: Comcast hacked?

Thu, 29 May 2008 09:28:32 EDT

CUBS_FAN : On the AT&T DSL line at work I get "HTTP 403 Forbidden". When trying to check the source of the page I get "access is denied".

Re: Comcast hacked?

Thu, 29 May 2008 09:26:28 EDT

Bluegrassman :

said by blkirish :

They're back up .. at least propagating properly on the East Coast.

Only 9.5 hrs down.

be good good people!

I'm getting a very basic Comcast search page with the option to sign in at the top...I don't trust it just yet ;)

Re: Comcast hacked?

Thu, 29 May 2008 09:25:55 EDT

anon : At 11:50 pm ET I called the Comcast Call Center and they did very clearly responded to my inquiry that I was getting the message. They advise me that their site had been hacked. I asked if they had an estimated time for resolution and they said "probably in the morning". I am still not able to log in here in Eastern Ohio. What a mess. I can't believe it hasn't hit national news since Comcast is pretty widely used.

Re: Comcast hacked?

Thu, 29 May 2008 09:22:22 EDT

lauriej : live in sw florida. when i connect to comcast.net i get just top of page. i flushed dns and emptied everything else. cant connect to forums keep getting rerouted to »www.comcast.net/?prvtof=8b2VkUqf···BqpmE%3D. am able to access email through outlook

Re: Comcast hacked?

Thu, 29 May 2008 09:18:54 EDT

anon : They're back up .. at least propagating properly on the East Coast.

Only 9.5 hrs down.

be good good people!

Re: Comcast hacked?

Thu, 29 May 2008 09:07:46 EDT

ztmike : Honestly, I don't even use Comcast.net its a POS

I get my email from GMail, 6 1/2 gigs of free space.
--
www.youtube.com/watch?v=mdYueIC1pjM

Re: Comcast hacked?

Thu, 29 May 2008 09:02:48 EDT

swhitney2003 :

said by FicmanS :

The Internet is down, THAT's funny right there...

Quick, someone go unplug, wait a second, then plug in the massive Linksys router!

Re: Comcast hacked?

Thu, 29 May 2008 08:52:57 EDT

anon : if you use email I think you might need to rethink it ! I wont even try to log into comcast, and hope everyone thinks of resetting pass words once it is fixxed.

Re: Comcast hacked?

Thu, 29 May 2008 08:50:18 EDT

anon : Yeah, their chat operators I'm sure will be the last to know. All sub-level 1 ops.

Re: Comcast hacked?

Thu, 29 May 2008 08:49:10 EDT

anon : It looks like the comcast.net webpage have a redirect hack in it.. I've changed my dns servers, and noticed when I got to comcast.net now, it looks like the content is about to load, then bam -- to the network solutions error page. But a quick ping with the new dns settings shows it not goign to the 204... ip anymore, but to a 63. So my guess is their .net page has a javascript/iframe style coding too.

Re: Comcast hacked?

Thu, 29 May 2008 08:44:02 EDT

anon : well i would hope every one would change pass words. Exspec if you tried logging in you email. I think this is just crazy and it only proves how fast the world can get infected with crap like this as it appears all of the USA has this going on. It is very sad people have nothing better to do and I hope they catch the person that is responsable for it. COMCAST YOU CAN DENY THIS ISSUE BUT WE ALL KNOW ITS TRUE THAT YOU WHERE HACKED.

Re: Comcast hacked?

Thu, 29 May 2008 08:42:04 EDT

Lanhawk : It amazes me that a hacker can spend all this time plotting this yet when the big day arrives it always some bull__t message in poorly worded english. How about something worthwile like, "comcast is against the war" or "comcast is a ripoff" instead of some stupid shout out. Its your five minutes, you should use it wisely.

Re: Comcast hacked?

Thu, 29 May 2008 08:39:27 EDT

anon : I just finished a "chat" session with a comcast rep. Vanessa. I was 209 in their queue when I sent my question. I asked if the site was hacked and if email and sensitive information is in danger. The response was "no". They better hope they are right. I did like that the rep wrote back "only con=mcast.net" was effected. Yeah, they're screwed. There were 700 in the queue when I finished.

Re: Comcast hacked?

Thu, 29 May 2008 08:38:30 EDT

anon : now this form is taking forever to post my comments.

Re: Comcast hacked?

Thu, 29 May 2008 08:33:36 EDT

fishmaster : I Know it can be a pain in the butt, However for those worried about passwords and stuff being compromised. It doesn't hurt to change your passwords periodically. Take this opportunity to do so. Better Safe than sorry. ;)
--
Browse A lot - Sign In Little - Post Even Less

Re: Comcast hacked?

Thu, 29 May 2008 08:33:22 EDT

anon : you are crazy to use ur email right now.

Re: Comcast hacked?

Thu, 29 May 2008 08:30:45 EDT

anon : when going to comcast.net i get this dns returned »chrome-p-a.comcast.net/?prvtof=8···Qicdk%3D

and of course this is on the page "Error. Page cannot be displayed. Please contact service provider for more details."

Re: Comcast hacked?

Thu, 29 May 2008 08:29:20 EDT

joepwpb : FWIW...

I am able to send and receive email using Outlook Express.

Joe P

Re: Comcast hacked?

Thu, 29 May 2008 08:28:53 EDT

FicmanS : The Internet is down, THAT's funny right there...

Re: Comcast hacked?

Thu, 29 May 2008 08:28:39 EDT

anon : they are going to tell you any thing to shut you up

Re: Comcast hacked?

Thu, 29 May 2008 08:27:13 EDT

anon : Just called Comcast and my phone number didn't register..had account for 7 years with same number and the CSR insisted that I wasn't a customer. After putting me on hold for 10 minutes she said that the "internet just went down" and that until it comes back up I cannot access email. I told her that the internet was fine, just the comcast.net site. She insisted that the problem just happened and they are working on it.

Good grief.

Re: Comcast hacked?

Thu, 29 May 2008 08:23:22 EDT

JSRoman :

said by Rick :

said by ztmike :

Karl must be taking a snooze..

This should be good for at least 5 BBR headlines today and 5000 comcast hating posts covering everything from sandvine to why AT&T Vrads are a good thing. Prepare yourselves! :p

LOL

Re: Comcast hacked?

Thu, 29 May 2008 08:21:06 EDT

anon : I am dumb because I don't know every group in the world or on the web???

Re: Comcast hacked?

Thu, 29 May 2008 08:17:09 EDT

Rick :

said by ztmike :

Karl must be taking a snooze..

A snooze? He must have od'd on a bottle of Sominex to be missing out on this one.

This should be good for at least 5 BBR headlines today and 5000 comcast hating posts covering everything from sandvine to why AT&T Vrads are a good thing. Prepare yourselves! :p

In any event..everyone yell at once...!!!!KARL..WAKE UP! Comcast.net got hacked!!! Let's hope he heard that. ;)

In any event..down here too obviously. I must admit..I slept through it all myself until now. With this being a high profile hack I'd suspect that comcast would throw some serious resources at not only getting this resolved..but finding out who did it.

Not sure I'd be resting too comfortably if I were them.

Anyways..hopefully it's back up soon.

~Rick
--
The Coyote captured the RR! Roadrunner Rick is now Comcastic!

Re: Comcast hacked?

Thu, 29 May 2008 08:15:11 EDT

FicmanS : Sure looks like the got owned...

Re: Comcast hacked?

Thu, 29 May 2008 08:13:09 EDT

anon : my local news said comcast denied the hack, butthe news sid they knew it was hacked after seeing what people posted on this very site of the first page we all received.

Re: Comcast hacked?

Thu, 29 May 2008 08:11:58 EDT

bigchris :

said by seph29 :

Yes, except that mail.comcast.net was redirecting to a server that was listening on port 25 and could have easily recorded user names and passwords sent to it while the redirect was occurring. Not to mention that any mail servers with the fake addresses cached will be sending potentially sensitive emails to a hostile server.

Overall, I'd say Comcast got off easy on this one. What if they had created a phishing site instead of blasting their name everywhere?

Do you have any log scrapes of that? If so please post.

I was testing throughout the ordeal last night and mail.comcast.net wasn't responding on 110 at all, and smtp.comcast.net wasn't responding on 25 or 587 so I don't believe the redirect went to a sniffing server.

Again however, if you have some evidence then please post so we can follow up.

Re: Comcast hacked?

Thu, 29 May 2008 08:02:29 EDT

TJ_in_IL : Even the personal web pages at //home.comcast.net are down. Get the page not available message.

TJ

Re: Comcast hacked?

Thu, 29 May 2008 07:59:41 EDT

swhitney2003 : Here at work (non-comcast) about 10mins ago I got the same thing. Now I am getting a text only version of their site.

Re: Comcast hacked?

Thu, 29 May 2008 07:58:58 EDT

anon : yep thats what I get, I just called the news and they had not received any info on it, so call your local news since we cant email cnn, get the word out !!

Re: Comcast hacked?

Thu, 29 May 2008 07:58:31 EDT

FicmanS : Error. Page cannot be displayed. Please contact service provider for more details.

Same here this morning...

Re: Comcast hacked?

Thu, 29 May 2008 07:56:19 EDT

anon : I get »chrome-p-a.comcast.net when trying to access www.comcast.net here in Minneapolis, MN.

Re: Comcast hacked?

Thu, 29 May 2008 07:51:41 EDT

joepwpb : This is the message I am getting at comcast.net:

Error. Page cannot be displayed. Please contact service provider for more details.

Joe P

West Palm Beach

Re: Comcast hacked?

Thu, 29 May 2008 07:50:47 EDT

ztmike : Karl must be taking a snooze..

Re: Comcast hacked?

Thu, 29 May 2008 07:48:57 EDT

fphamm : Same here is Sammamish, Washington...works, then doesnt work.

Re: Comcast hacked?

Thu, 29 May 2008 07:48:26 EDT

anon : down on my end here 2 at savannah ga directs you to a chrome pa crap. This is sad and the news will get a big play time with this one.

Re: Comcast hacked?

Thu, 29 May 2008 07:48:22 EDT

pianotech :

said by L33t3r th4n j00 :

yeah dude your not thinking.
A) comcast does what most companies do they outsource their fucking work. even if it is to canada its still not american.

Last I checked, Canada is part of North America.

Re: Comcast hacked?

Thu, 29 May 2008 07:47:25 EDT

ztmike : Works here..

Re: Comcast hacked?

Thu, 29 May 2008 07:42:37 EDT

GuruGuy : Was up a few minutes ago but down again....741am Atlanta.
--
GuruGuy

Re: Comcast hacked?

Thu, 29 May 2008 06:38:35 EDT

ztmike : Damn. This page got alot of results in the time frame, probably the most I've ever seen here.

I was in bed..in my jeans/socks/t-shirt..i was a tired SOB. Went to bed at like 6pm and didn't get up till now at 5:15am. :o

This thread made me LOL'd though

You would THINK the biggest ISP in America would be up on security like a mofo, and yet they were probably hacked by some lil teeny popper in his moms basement somewhere overseas.

They'll never find the hacker..they never do...but then Comcast has the $$ to find out.
--
www.youtube.com/watch?v=mdYueIC1pjM

Re: Comcast hacked?

Thu, 29 May 2008 06:35:30 EDT

anon : yeah dude your not thinking.
A) comcast does what most companies do they outsource their fucking work. even if it is to canada its still not american.

B) you were prob told that when everyone there was in a state panic and had no clue what was going on.

C)sounds like you got bigger issues if your own bank is asking you to reset your password. May as well do whats best and blame comcast.

Re: Comcast hacked?

Thu, 29 May 2008 06:31:20 EDT

e36guy :

said by CMCSTSUX :

...So is it possible that email accounts were compromised? I would prefer an answer from someone that doesn't work for them. Sorry but don't trust Comcast and will be cancelling as soon as I can get another in place.

So wait, you want to know if your account has been hijacked, but you don't want someone who works for comcast to tell you the answer. Logically the only people who would know if your account was hijacked are comcast and the people who possibly hijacked it. So, to extend that logic, you are therefore asking the people who did or did not hijack your account if they did or did not hijack it?

On a more useful line of logic, change your p/w and secret question and you will be fine(assuming the worst case). The worst that would have happened is that your customers(and your bank) got a bounceback message stating that the mail was non-deliverable.

The only way that they could have gotten access to your email would be if you attempted to log in to your email during the time that the redirect was up, AND you use an email client(such as Outlook express or Outlook) AND they actually were listening to port 25 AND you are set up to use port 25, AND they picked your login info out of the multitudes of login info that they got(assuming they were actually listening to the ports and got login info) AND that you haven't already gone in and changed your p/w(if you only changed your password, reset your secret question too, and if they have it, don't use one that is a sports team, they are too easy to guess based on your locale).

If they were smart(and assuming that the guy who posted here and on digg wasn't the one who did this hack they seem to be), they would not remove emails with important info from your account, they would simply start monitoring the account for more info in the hopes that you didn't change any login info and they could get more info out of you.

Re: Comcast hacked?

Thu, 29 May 2008 05:52:34 EDT

anon : LMAO!! Comcast 'customer service' just assured me that they were not hacked and not to worry. I have been up all night worrying. Two customers were going to be emailing me their loan packages with all of their personal information including social security numbers and I did not receive them last night.

When I logged on to my bank account last night it asked to do a password reset and emailed a temporary password. I have not received it and have tried 4 more times and still nothing.

I have been getting other mail and able to send email yet the most important sensitive emails have not been received.

When Comcast flat out lies about the issues it's hard what to believe.

So is it possible that email accounts were compromised? I would prefer an answer from someone that doesn't work for them. Sorry but don't trust Comcast and will be cancelling as soon as I can get another in place.

Re: Comcast hacked?

Thu, 29 May 2008 05:34:44 EDT

anon : All of the different versions of the site overnight, the hacked one, the blank one, etc... now just leads to a plain-white background with the text:

Error. Page cannot be displayed. Please contact service provider for more details.

at the top... on all comcast.net domains.

Re: Comcast hacked?

Thu, 29 May 2008 05:26:11 EDT

irdepesca572 : My connection was slow during this and I had no idea what was going on and decided to reset router and modem. (I only just learned about this)

Re: Comcast hacked?

Thu, 29 May 2008 05:20:41 EDT

seph29 : Yes, except that mail.comcast.net was redirecting to a server that was listening on port 25 and could have easily recorded user names and passwords sent to it while the redirect was occurring. Not to mention that any mail servers with the fake addresses cached will be sending potentially sensitive emails to a hostile server.

Overall, I'd say Comcast got off easy on this one. What if they had created a phishing site instead of blasting their name everywhere?

Re: Comcast hacked?

Thu, 29 May 2008 03:54:00 EDT

anon : No one has taken your user id or password!!!! The DNS servers were redirected to another ip/server. Don't think you personal info is on a Server out of the comcast network. someone hacked into a public dns/web servers database and made a DNS redirect change. i am sure the dns update will complete by the morning.

Re: Comcast hacked?

Thu, 29 May 2008 03:42:37 EDT

anon : I'm getting the same Network Solutions thing here in TN.

I haven't gotten a hacked message but it says:

Network Solutions.

This site is currently under construction.

It has a little dude with a shovel.

And all the languages in a box.

Re: Comcast hacked?

Thu, 29 May 2008 03:27:59 EDT

anon : It wasn't just a random question out of the blue when I asked them if they have been hacked. You must work for Comcast or have never had to deal with their 'customer service'.

Re: Comcast hacked?

Thu, 29 May 2008 03:26:32 EDT

mac8500 : How many appointments did Comcast CSRs make tonight to "roll a truck" tomorrow because customers reported that their email wasn't working? :D

Re: Comcast hacked?

Thu, 29 May 2008 03:21:18 EDT

anon : ....comcast.com...is up and running...not sure if its bogus or not...havent run any checks on it...

Re: Comcast hacked?

Thu, 29 May 2008 03:17:39 EDT

anon : kryogeniks is a team. their website is kryogeniks.org ebk and defiant are members of kryogeniks. i know them.

Re: Comcast hacked?

Thu, 29 May 2008 03:11:03 EDT

anon : Well lola you did not say that you said that. That is kind of odd that an agent (for what ever company you call) does not take your information and escalate immediately, or at least check for themselves. :D

Re: Comcast hacked?

Thu, 29 May 2008 03:08:13 EDT

anon : Well it says something if you tell a CSR that you have 'Kryogeniks Defiant and EBK Roxed Comcast SHOUTZ to virus warlock....' on the Comcast home page and are told it's just routine maintenance.

GIVE ME A BREAK!

Re: Comcast hacked?

Thu, 29 May 2008 02:58:32 EDT

anon :

said by LolaCocaCola :

I called customer service two hours ago about the issue and my exact question is 'HAS COMCAST BEEN HACKED?'

CSR told me oh no it is just routine maintenance.

Every other day it is some issue with them that they lie or blame on something or someone else.

Thank you hacker for exposing the loser Comcast even more. Everyone should revolt and cancel. Well, at least those who have constant issues with speed, email, and customer service reps that can't even spell Comcast.

Please note that there was routine maintenance going on at the same time as this DNS redirect (I know because my city was affected by it prior to the DNS issue). Plus, many agents are not allowed to disclose exactly what is going on, for that they may not know the whole story and give out incorrect information.

Granted Comcast acted quickly in getting this issue corrected, but one would have to ask - how was it that easy to contact Network Solutions and say "Hey I work for Comcast and I want to change my DNS entries and IP addresses for www.comcast.net and mail.comcast.net". I would imagine that someone at Network Solutions will not have a job tomorrow because of this.

They (Comcast & Law Enforcement) will find who did this and I am sure they will pay dearly.

Re: Comcast hacked?

Thu, 29 May 2008 02:55:29 EDT

stewie316 : Comcast.net is now routing to comcast.com for me now.

Re: Comcast hacked?

Thu, 29 May 2008 02:52:48 EDT

anon : Could this be the answer?

»tombrennan.org/index.php/2008/04···domains/

Re: Comcast hacked?

Thu, 29 May 2008 02:47:38 EDT

anon : After my call to customer service and I was told it was routine maintenance I logged into my checking account and then got a password reset message. The new temp password was emailed to me automatically and I did not receive the email yet I am getting other emails on occassion. Should I be concerned?

Re: Comcast hacked?

Thu, 29 May 2008 02:45:21 EDT

Cjaiceman : Yea, my connection never had any issue, just www.comcast.net, but my businessclass.comcast.net was never affected. I also don't use ISP e-mail. I use third party e-mail (ex: hotmail, yahoo, gmail). If I didn't read this on here I wouldn't have even known it had happened. I go to comcast.net maybe twice a month. To me, Comcast is nothing more than a "dumb pipe" provider. Other people may enjoy the portal/e-mail, but I just want the connection. Also, I am still getting the Under Construction website, but I am also using OpenDNS and not the Comcast DNS servers.
--
Duct tape is like The Force – it has a light side and a dark side, and it binds the Universe together

Re: Comcast hacked?

Thu, 29 May 2008 02:45:12 EDT

anon : just got off chat and comcast said no hack happened...they say it was 'routine maintenance' and did not know when it would be done.

i now can access email thru outlook if that helps anyone.

Email

Thu, 29 May 2008 02:42:16 EDT

anon : Could this affect not being able to check mail on my sprint phone (sprint network, which times out) versus via local on the actual comcast network at home which checks fine?

Re: Comcast hacked?

Thu, 29 May 2008 02:41:30 EDT

sansri88 : I never saw a drop in connection speed. Just the issue with Comcast.net

Re: Comcast hacked?

Thu, 29 May 2008 02:40:25 EDT

PunkGod : My connection was really slow during all this but its now back to normal.

Re: Comcast hacked?

Thu, 29 May 2008 02:38:38 EDT

anon : I called customer service two hours ago about the issue and my exact question is 'HAS COMCAST BEEN HACKED?'

CSR told me oh no it is just routine maintenance.

Every other day it is some issue with them that they lie or blame on something or someone else.

Thank you hacker for exposing the loser Comcast even more. Everyone should revolt and cancel. Well, at least those who have constant issues with speed, email, and customer service reps that can't even spell Comcast.

Re: Comcast hacked?

Thu, 29 May 2008 02:38:10 EDT

anon : Just cause I host Proggie.org means I'm a hacker?
You need to google the definition of a hacker my friend.

Re: Comcast hacked?

Thu, 29 May 2008 02:37:40 EDT

anon : Ooops link got malformed :huh:

NEW LINK

Sorry

Re: Comcast hacked?

Thu, 29 May 2008 02:34:57 EDT

anon : Here is a program that I whipped together to flush your dns, and change it to Comcast's resolvers in one fell swoop. I am not an experienced programmer, so this may be buggy (YMMV). This was scripted for Windows NT based systems only.

Comcast DNS Changer v1 - Download via Speedyshare

This is a nice solution you can send to your less tech inclined friends/family/associates.

The DNS entires I used are for the Chicago market, so they may not work for all regions Comcast serves.

For some reason when I attempted to upload to Mediafire it flagged it for a virus (probably cause it technically hijacks your dns, that is the intent though) I did scan it with ESET NOD32, and Kasperspy online, and those seemed to work ok. I made this from scratch so it is safe.)

Re: Comcast hacked?

Thu, 29 May 2008 02:33:19 EDT

sansri88 : Guys continue the hard word investigating. I must bow out for the night and catch some ZZZZ's..

Props to Michael and the other Comcast people that posted in this thread. Thanks for keeping the community informed during this situation. Hopefully Comcast sees the importance of this tech forum and makes a more permanent stance here like other providers have.

Re: Comcast hacked?

Thu, 29 May 2008 02:31:13 EDT

ghatchew :

Why does proggie.org that contains the screenshots of the hacking tools have a "Hosting Provided by Luis Alicea" banner at the bottom of the page?

Re: Comcast hacked?

Thu, 29 May 2008 02:30:12 EDT

anon : Darn he's on to me...well I have to say though the evidence everybody is pouring into the forum is piling up at an alarming rate. If this guy isn't the hacker, he sure is in for a lot of trouble. This attack would have to be something very deliberately planned by somebody who really knows what they're doing...I still pose the question, how can somebody like that be so silly and completely opposite of the operation they just pulled off? Not seemingly possible.

Re: Comcast hacked?

Thu, 29 May 2008 02:28:36 EDT

anon :

1) I didn't "hack" Comcast
2) Kryogeniks in the name of the GROUP.
3) I used my real name cause I have nothing to hide
cause I didn't do anything.
4) I'm no hacker (:
5) Proggie.org & Kryogeniks.org 3

Re: Comcast hacked?

Thu, 29 May 2008 02:26:06 EDT

anon :

said by ASDFs :

Haha the people that found him for you... this is just a poor schmuck that commented on digg, he obviously has nothing to do with the hack, and never claims to be a hacker.. he even has webhosting services that he offers, if this guys even a real hacker, than i am mickey mouse

Well, then I guess this dude's going to get an early morning knock on his door just to check anyway. We all know the real haxor is ASDFs. :P

Re: Comcast hacked?

Thu, 29 May 2008 02:25:46 EDT

anon : »proggie.org/screenshots.php

hmmm, sure it wasn't that easy?

Re: Comcast hacked?

Thu, 29 May 2008 02:25:43 EDT

anon : Not kidding you, a few minutes ago his website said "and I'm a hacker!"

Re: Comcast hacked?

Thu, 29 May 2008 02:24:52 EDT

anon : I'm not so sure that everything is okay. True enough, I now can get to Comcast.net, but there is a section of the page that I cannot see, and it says "Under construction"...

Renton, WA

Re: Comcast hacked?

Thu, 29 May 2008 02:23:08 EDT

anon :

said by comcasticccccc :

Don't worry about your email, only the DNS entry was redirected and the servers were not hacked.

Oh really, is that why the new IPs that mail.comcast.net was redirected to are listening to ports 25 and 110? Come on, think about it. If they really wanted to, they'd pull the userids and passwords form everyone trying to connect. This is going to be a major PR pain for Comcast.

Re: Comcast hacked?

Thu, 29 May 2008 02:22:17 EDT

ss911der : Exactly. There's no way it would be that easy to find them, get real.

Re: Comcast hacked?

Thu, 29 May 2008 02:21:03 EDT

anon : Haha the people that found him for you... this is just a poor schmuck that commented on digg, he obviously has nothing to do with the hack, and never claims to be a hacker.. he even has webhosting services that he offers, if this guys even a real hacker, than i am mickey mouse

Re: Comcast hacked?

Thu, 29 May 2008 02:20:26 EDT

sansri88 : Everything is now A-OK on my end. Comcast.net works fine.

Re: Comcast hacked?

Thu, 29 May 2008 02:19:51 EDT

anon : Don't worry about your email, only the DNS entry was redirected and the servers were not hacked.

Re: Comcast hacked?

Thu, 29 May 2008 02:19:42 EDT

anon : My husband in Seattle can access comcast but I get the Virus Warlock redirect from Whidbey. Cust svc chat indicates Comcast is doing maintenance on the site and should have a fix within 24 hrs. No $ credit for downtime since email is a free svc....I don't think so! I could use a free browser for Internet but am shut out of my email acct for 3+ hours and gaining. what's with that? They could at least be honest and admit to being hacked.

Re: Comcast hacked?

Thu, 29 May 2008 02:18:30 EDT

anon : Yeah checked it out, he's even got a myspace...Honestly though, you're really going to hack into Comcast and then provide your name bragging about it in a digg comment and have a myspace conveniently wrapping yourself into a nicely bowed present for the authorities........... im not too sure on that one

Re: Comcast hacked?

Thu, 29 May 2008 02:16:40 EDT

anon : Here's the looser's info gathered from the Digg webpage lookups for his poster name.

Luis Alicea (Kryogeniks) Digg account info
»luisalicea.net/ His webpage
»myspace.com/auto His MySpace page

And last but not least, his Registration info from Netsol for his webpage.

Registrant:
Luis Alicea
Somewhere
Mount Vernon, New York 10552
United States

Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: LUISALICEA.NET
Created on: 05-Jan-08
Expires on: 06-Jan-09
Last Updated on: 06-Jan-08

Administrative Contact:
Alicea, Luis luis@luisalicea.com
Somewhere
Mount Vernon, New York 10552
United States
9145303031 Fax --

Technical Contact:
Alicea, Luis luis@luisalicea.com
Somewhere
Mount Vernon, New York 10552
United States
9145303031 Fax --

Domain servers in listed order:
NS1.HOSTINSANITY.COM
NS2.HOSTINSANITY.COM

Happy Hunting Comcast!!! Make sure you give proper props to the people that found him for you.

Re: Comcast hacked?

Thu, 29 May 2008 02:16:33 EDT

anon : What sansri88 said - Look at the 4th link down. ;)

Re: Comcast hacked?

Thu, 29 May 2008 02:16:17 EDT

xxy : I am going to format,,just to be safe

Re: Comcast hacked?

Thu, 29 May 2008 02:12:33 EDT

sansri88 : You sure about that?

4th link on a google search of the name...check it out.

Re: Comcast hacked?

Thu, 29 May 2008 02:09:36 EDT

anon : Haha the name listed there was the name of a former MLB baseball player... also chances are if that's really the Kryogeniks that had anything to do with hacking into a major website like comcast, I doubt he'd be dumb enough to put his own name on a digg profile. cmon now

Re: Comcast hacked?

Thu, 29 May 2008 02:08:48 EDT

anon : Comcast is royally getting it.... Check these pings out... done a few seconds apart. And this is with DNS servers set to Comcast's.

Ping www.comcast.net

Pinging a1526.g.akamai.net [81.52.202.110] with 32 bytes of data:
Reply from 81.52.202.110: bytes=32 time=19ms TTL=54
Reply from 81.52.202.110: bytes=32 time=19ms TTL=54
Reply from 81.52.202.110: bytes=32 time=20ms TTL=54
Reply from 81.52.202.110: bytes=32 time=21ms TTL=54

Pinging a1526.g.akamai.net [8.17.64.8] with 32 bytes of data:
Reply from 8.17.64.8: bytes=32 time=30ms TTL=55
Reply from 8.17.64.8: bytes=32 time=17ms TTL=55
Reply from 8.17.64.8: bytes=32 time=18ms TTL=55
Reply from 8.17.64.8: bytes=32 time=18ms TTL=55

Re: Comcast hacked?

Thu, 29 May 2008 02:05:54 EDT

ghatchew : It looks to me like the culprit somehow hacked Comcast's Network Solutions account, changed the authoritative name servers for the comcast.net domain, and then changed the IP addresses for comcast.net and at least two subdomains:

mail.comcast.net
www.comcast.net

This was a DNS hijack done through the comcast.net registrar (Network Solutions)

msg deleted

Thu, 29 May 2008 02:04:26 EDT

anon : deleted by a moderator

Re: Comcast hacked?

Thu, 29 May 2008 02:03:23 EDT

ss911der : Same here, after refresh still get network solutions page.

Re: Comcast hacked?

Thu, 29 May 2008 02:02:35 EDT

alezandros : i feel the same. i look forward to my quiet late nights but this kinda screwed it up.

Re: Comcast hacked?

Thu, 29 May 2008 02:02:04 EDT

CUBS_FAN : I try to log into the help forums and instead I get redirected back to this : »www6.comcast.net/a/?prvtof=

after the = I get a boatload of letters and numbers jumbled together.

Re: Comcast hacked?

Thu, 29 May 2008 02:01:17 EDT

espaeth : I kinda wonder why Comcast isn't using one of the high profile registrars like Mark Monitor. They don't have control panels accessible to end users so this kind of hack would be nearly impossible to pull off.

Re: Comcast hacked?

Thu, 29 May 2008 01:59:48 EDT

madylarian :

said by Michael2 :

Also, can you clear your cache, flush DNS. You should not be getting the Network Solutions page if you are using the Comcast DNS servers.

I did all that and it made no difference.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 01:57:26 EDT

anon : It wouldn't be the first time--I'm sure you've heard of the Darwin awards...!

Still get the "under construction" message. Definitely I'm going to change my password when this is all over--glad I always use cryptic message hints to myself rather then putting actual personal info in my emails...

Renton, WA

Re: Comcast hacked?

Thu, 29 May 2008 01:56:28 EDT

anon : I'm an HSI call center agent for Comcast.

Yes it was hacked.

I personally want to kick the *explitive deleted* out of the people that did it, becuase it turned my quiet day into a very busy one.

Re: Comcast hacked?

Thu, 29 May 2008 01:56:26 EDT

CUBS_FAN :

said by not :

Michael2, be sure you notify your superiours that the offending/redirected servers are listeing to post 25 and 110. If they are picking off the usernames and passwords as people try to log into email from email clients, they will have compromised your customer's private data. Nice move Comcast!!!

That's just great!! Just about 30 into the discovery of this breach (according to when this thread was created by Mady)did I try to access my email account. At that time Comcast was probably scrambling around trying to recover...

Re: Comcast hacked?

Thu, 29 May 2008 01:55:55 EDT

Sterling : while your waiting you can get your email at mailcenter.comcast.net

Re: Comcast hacked?

Thu, 29 May 2008 01:54:57 EDT

anon : Yeah Michael2, your DNS guys missed one of the entries. See below. Still fubared.

Pinging comcast.net [204.127.195.15] with 32 bytes of data:
Reply from 204.127.195.15: bytes=32 time=82ms TTL=46
Reply from 204.127.195.15: bytes=32 time=89ms TTL=46
Reply from 204.127.195.15: bytes=32 time=81ms TTL=46
Reply from 204.127.195.15: bytes=32 time=83ms TTL=46

Re: Comcast hacked?

Thu, 29 May 2008 01:54:28 EDT

anon : Interesting.

I was on digg.com and their is a dugg story about this (»digg.com/security/Comcast_Hacked_2) Someone posted a comment with the name of Kryogeniks - the same guy who is mentioned on the hacked page. If you look at his digg profile, the dumbass posted his real name. If you do a google search, his name comes up along with his website and a picture of himeself.

Is this kid really that stupid? :o

Re: Comcast hacked?

Thu, 29 May 2008 01:53:35 EDT

sansri88 : Still not working for me.

Re: Comcast hacked?

Thu, 29 May 2008 01:53:05 EDT

ghatchew :

said by sansri88 :

I use Comcast's DNS servers, flushed DNS, deleted history, cookies, etc, and still redirecting to the Network Solutions page going to comcast.net

mailcenter works though, so does the beta page.

make sure you are going to www.comcast.net (and that it doesn't say www.comcast.net/a

Re: Comcast hacked?

Thu, 29 May 2008 01:52:41 EDT

anon : Michael2, be sure you notify your superiours that the offending/redirected servers are listeing to post 25 and 110. If they are picking off the usernames and passwords as people try to log into email from email clients, they will have compromised your customer's private data. Nice move Comcast!!!

Re: Comcast hacked?

Thu, 29 May 2008 01:51:27 EDT

sansri88 : I use Comcast's DNS servers, flushed DNS, deleted history, cookies, etc, and still redirecting to the Network Solutions page going to comcast.net

mailcenter works though, so does the beta page.

Re: Comcast hacked?

Thu, 29 May 2008 01:51:12 EDT

CUBS_FAN :

said by not :

Here's the scary part. The bogus mail.comcast.net IP is listening to port 25 and 110. The haxors are picking off your usernames and passwords.

Is this guy for real?? Am I the only one worried here? I've got real sensitive information in my inbox that they can use to really screw me up.

Re: Comcast hacked?

Thu, 29 May 2008 01:50:16 EDT

Joel : Yeah Mady, now I'm getting bounced out.

Re: Comcast hacked?

Thu, 29 May 2008 01:48:41 EDT

Michael2 :

said by madylarian :

said by Michael2 :

As far as we can tell, the hack was a one shot deal, not an ongoing event.

Then why did the source of the hacked portal page page keep changing?

mady

Most likely, there were several variations of the DNS entries that were pushed out. AFAIK, we have not seen any additional attempts at redirecting.

Also, can you clear your cache, flush DNS. You should not be getting the Network Solutions page if you are using the Comcast DNS servers.

Re: Comcast hacked?

Thu, 29 May 2008 01:47:40 EDT

Kearnstd : wow glad im off work before this shit hit the fan.

Re: Comcast hacked?

Thu, 29 May 2008 01:47:36 EDT

madylarian : I just tried again and it still redirects to that other page. I can even see it listed in history. I just can't seem to stay there.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 01:46:58 EDT

anon : you can still retrieve email by going to the mobile site...
»mobile.comcast.net

Re: Comcast hacked?

Thu, 29 May 2008 01:45:31 EDT

Joel : I just got into the forums successfully.

Re: Comcast hacked?

Thu, 29 May 2008 01:45:16 EDT

madylarian :

said by Michael2 :

As far as we can tell, the hack was a one shot deal, not an ongoing event.

Then why did the source of the hacked portal page page keep changing?

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 01:43:17 EDT

madylarian : I just changed to the Comcast DNS servers and now get the "Under Construction" page from NetSol. However, when trying to get to the Help Forums, I get the usual sign in page, then I see the forums flash by as the page goes to the previously mentioned NetSol page. Port 465 does work now, though.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 01:41:04 EDT

anon : Here's the scary part. The bogus mail.comcast.net IP is listening to port 25 and 110. The haxors are picking off your usernames and passwords.

Re: Comcast hacked?

Thu, 29 May 2008 01:40:35 EDT

CUBS_FAN : The CSR told me that the previous mentioned address in which Outook was trying to access was indeed a "backup" address. I'm not sure who to believe. What bothers me is that I have my email setup to login automatically and I might have sent my email PIN to an unknown party.

msg deleted

Thu, 29 May 2008 01:38:13 EDT

anon : deleted by a moderator

msg deleted

Thu, 29 May 2008 01:37:16 EDT

anon : deleted by a moderator

Re: Comcast hacked?

Thu, 29 May 2008 01:36:00 EDT

anon :
I'm sorry...I meant that

Comcast is my default for firefox

so, I am just again getting the " network solutions "

page repeating like it was at first.

In other words...Comcast is not working...again.

I was able to pull up comcast five minutes ago and did access my mail, ..but it is down again now.

Windy

Re: Comcast hacked?

Thu, 29 May 2008 01:35:20 EDT

alezandros : ... sometimes this job irritates me...

i dont recognize that server addy it doesnt even remotely look close to anything i've seen before ever, course i havent seen much. NOC would prob know but of course i cant get in touch with them. i can assure you though that all your critical info stored within comcast is safe. that i know for a fact. my 2 years in comcast has taught me that much.

as for what the rep told you. ignore it. malicious script can be taken care of by running a scan on your computer of a few types. if you need some reccomendations of programs (non mcafee) then i can give you a few good ones.

Re: Comcast hacked?

Thu, 29 May 2008 01:34:56 EDT

anon : Michael,
The problem is that the rest of the world (outside of the comcast network) almost certainly isn't using comcast's dns servers. So, as long as the poisoned records are out there (with up to 48 hours cache time) a lot of incoming mail is going to get bounced.

msg deleted

Thu, 29 May 2008 01:33:39 EDT

anon : deleted by a moderator

Re: Comcast hacked?

Thu, 29 May 2008 01:33:37 EDT

Sterling : While you wait you can get your email at »mailcenter.comcast.net/

Re: Comcast hacked?

Thu, 29 May 2008 01:30:28 EDT

quatrix :

said by BunnyFoo :

»www.seantorbett.com/2008/05/28/c···-script/

Looks like someone caught a script that tried to run.

People should really learn how scripts, cookies, etc. work before they spread their paranoia.

Re: Comcast hacked?

Thu, 29 May 2008 01:30:18 EDT

scooby : ev1s-209-62-20-186.ev1servers.net is probably a machine the hackers are using to collect emails, logins, and passwords. I'm sure it is just some machine they hacked and not really theirs.

Re: Comcast hacked?

Thu, 29 May 2008 01:30:04 EDT

anon : I used pg2 and
DNS 4.2.2.1 resolves comcast.net to 205.178.189.131

Re: Comcast hacked?

Thu, 29 May 2008 01:25:59 EDT

CUBS_FAN :

said by alezandros :

so far as i've been told the e-mail servers are just down, they're being routed to other IPs to ensure them staying down through the hacker's handywork of course.

If this is true is the address ev1s-209-62-20-186.ev1servers.net a backup email server? That's what the CSR told me. He even told me to unplug my ethernet cable from my computer to avoid any malicious codes that may have been embedded in the replaced page from Freewebs.com.

Re: Comcast hacked?

Thu, 29 May 2008 01:23:17 EDT

anon :
Now...when I click on Firefox..." Network Solutions "

shows up on screen. Cant even put comcast.net in

address line.

Windy

Re: Comcast hacked?

Thu, 29 May 2008 01:21:31 EDT

anon : I just tried your link (»www6.comcast.net/a/), but alas, still got the "under construction" message.

Renton, WA

Re: Comcast hacked?

Thu, 29 May 2008 01:20:01 EDT

CUBS_FAN : I too am able to finally get conneted to my email server.. No emails where sent to me probably because in the past hour they where getting sent returned to sender..

Re: Comcast hacked?

Thu, 29 May 2008 01:19:27 EDT

alezandros : actually i got my info from the board because our NSD isnt supplying us with any info to give customers other than it's down. sorry for the misconceptions reguardless.

Re: Comcast hacked?

Thu, 29 May 2008 01:18:12 EDT

anon : Still nothing here in Seattle proper

Re: Comcast hacked?

Thu, 29 May 2008 01:18:10 EDT

CUBS_FAN : OK, I was using Sprints 4.2.2.1 and 4.2.2.2. I reset to Comcast's DNS and used the »www6.comcast.net/a/ and finally got a homepage. The ads server is still out though

Re: Comcast hacked?

Thu, 29 May 2008 01:18:04 EDT

Michael2 :

said by alezandros :

so far as i've been told the e-mail servers are just down, they're being routed to other IPs to ensure them staying down through the hacker's handywork of course.

allthough from what i've read on this forum it appears that the hackers are keeping it pretty well locked. no one can get into your e-mail acct without your username and password. so having the e-mail servers is pointless without that kind of information.

Unfortunately, you are receiving bad information. The servers are fine and are reachable if the DNS server you are using is pointing to the correct place. As far as we can tell, the hack was a one shot deal, not an ongoing event. You may want to have your Call Center Management reach out to the NSD for updated information.

Re: Comcast hacked?

Thu, 29 May 2008 01:16:19 EDT

anon : Still getting "Under construction" here in Renton, WA (near Seattle, for those out of staters...).

Re: Comcast hacked?

Thu, 29 May 2008 01:15:37 EDT

anon : not working here, Vancouver, WA (next door to Porland, OR)

Re: Comcast hacked?

Thu, 29 May 2008 01:15:23 EDT

alezandros : so far as i've been told the e-mail servers are just down, they're being routed to other IPs to ensure them staying down through the hacker's handywork of course.

allthough from what i've read on this forum it appears that the hackers are keeping it pretty well locked. no one can get into your e-mail acct without your username and password. so having the e-mail servers is pointless without that kind of information.

Re: Comcast hacked?

Thu, 29 May 2008 01:14:39 EDT

anon : Lucky you still not working in Denver Colorado yet.

Re: Comcast hacked?

Thu, 29 May 2008 01:14:17 EDT

Michael2 :

said by espaeth :

said by CUBS_FAN :

1 hour later and after flushing the DNS I'm still going the same route

If you're not using Comcast DNS servers this could take a while to resolve...

This is correct. The entries on the Comcast DNS servers have been corrected, however, it will take some time for this to propagate out to other servers. Depending on the TTL for those servers, this could take several hours and in rare cases, longer.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 01:14:10 EDT

anon : Outage here at 11:30 PM central time. I was able to get on though by using

»www6.comcast.net/a/

Hope this helps!

Re: Comcast hacked?

Thu, 29 May 2008 01:13:23 EDT

espaeth : Actually, it looks like the bad NS resolution will age out of the Level(3) servers in the next hour or so:

Re: Comcast hacked?

Thu, 29 May 2008 01:11:55 EDT

espaeth :

said by CUBS_FAN :

1 hour later and after flushing the DNS I'm still going the same route

If you're not using Comcast DNS servers this could take a while to resolve...

The authoritative servers can be cached up to 172,800 seconds (48 hours).

Level(3)'s servers:

Comcast's DNS resolvers:

Re: Comcast hacked?

Thu, 29 May 2008 01:11:49 EDT

anon :
Comcast working now..Portland Oregon.

Windy ( that was quick !!!! thanks ! )

Re: Comcast hacked?

Thu, 29 May 2008 01:10:29 EDT

Michael2 :

said by alezandros :

just some FYI from my end.

i personally work as a CSR for comcast HSI service. and at this time it looks like all e-mail servers and comcast.net servers are down atm. we're getting quite a lot of call volume as a result even for how late at night it is.

but yeah, comcast is working on it, allthough my outage board system atm is down lol!

exscuse me while i go laugh my head off. :D

This is not accurate information. All of the mail servers are up and running. Some customers may not be able to reach the servers due to the DNS redirects. Many customers are able to reach and use the mail servers at this time.

Re: Comcast hacked?

Thu, 29 May 2008 01:10:07 EDT

sansri88 : Edit

Ahh I don't know what's happening! I'll post the tracert to the beta site shortly.

Re: Comcast hacked?

Thu, 29 May 2008 01:08:40 EDT

CUBS_FAN :

said by alezandros :

just some FYI from my end.

and at this time it looks like all e-mail servers and comcast.net servers are down atm.
exscuse me while i go laugh my head off. :D

Are the email servers down or being routed to a group of people with malicious intentions???

That beer commercial about "dude nation" needs to add another chapter to it.. All I can say is DUDE WTF!!!

Re: Comcast hacked?

Thu, 29 May 2008 01:07:22 EDT

CUBS_FAN : 1 hour later and after flushing the DNS I'm still going the same route:

Tracing route to www.comcast.net [205.178.189.131]
over a maximum of 30 hops:

1 2 ms 1 ms 1 ms 192.168.15.1
2 * * * Request timed out.
3 7 ms 9 ms 7 ms ge-1-37-ur01.chicago201.il.chicago.comcast.net [68.86.115.21]
4 7 ms 6 ms 7 ms te-8-3-ur02.chicago201.il.chicago.comcast.net [68.87.230.186]
5 8 ms 10 ms 8 ms te-3-1-ur01.chicago302.il.chicago.comcast.net [68.87.230.181]
6 10 ms 10 ms 8 ms te-8-3-ur02.chicago302.il.chicago.comcast.net [68.87.230.178]
7 * 10 ms 10 ms te-3-1-ar01.chartford.ct.hartford.comcast.net [68.86.90.58]
8 27 ms 21 ms 10 ms pos-0-3-0-0-cr01.chicago.il.ibone.comcast.net [68.86.90.57]
9 45 ms 45 ms 45 ms pos-0-14-0-0-cr01.newyork.ny.ibone.comcast.net [68.86.85.105]
10 46 ms 46 ms 44 ms 204.70.144.1
11 45 ms 45 ms 46 ms cr2-pos-0-7-3-1.newyork.savvis.net [204.70.195.97]
12 48 ms 48 ms 50 ms cr1-pos-0-0-0-0.Washington.savvis.net [204.70.192.1]
13 48 ms 48 ms 48 ms hr1-tengig9-1.sterling2dc2.savvis.net [204.70.197.74]
14 47 ms 48 ms 48 ms bhr1-gigabitethernet14-1.sterlingdc2.savvis.net [204.70.199.9]
15 48 ms 49 ms 48 ms csr21-ve242.Sterlingdc2.savvis.net [216.33.98.11]
16 50 ms 50 ms 51 ms csr22-ve241.Sterlingdc2.savvis.net [216.33.98.19]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * *

Re: Comcast hacked?

Thu, 29 May 2008 01:06:04 EDT

alezandros : just some FYI from my end.

i personally work as a CSR for comcast HSI service. and at this time it looks like all e-mail servers and comcast.net servers are down atm. we're getting quite a lot of call volume as a result even for how late at night it is.

but yeah, comcast is working on it, allthough my outage board system atm is down lol!

exscuse me while i go laugh my head off. :D

Re: Comcast hacked?

Thu, 29 May 2008 01:02:44 EDT

espaeth :

said by cota143 :

We both tried with in minutes of each other.

This just got fixed in the last few minutes here. Timing is everything.

Re: Comcast hacked?

Thu, 29 May 2008 01:01:48 EDT

cota143 : We both tried with in minutes of each other. Thought his computer had a virus and wanted to ck mine and it was fine.

Re: Comcast hacked?

Thu, 29 May 2008 01:00:54 EDT

Michael2 :

said by madylarian :

All I can think of, Michael, is that it may have something to do with me not using Comcast's DNS servers.

mady

Anything is possible.

Re: Comcast hacked?

Thu, 29 May 2008 00:59:47 EDT

espaeth : DNS is cached (your computer only asks for it once every few minutes/hours) -- it's all going to depend on when you and your hubby fetched the record.

Re: Comcast hacked?

Thu, 29 May 2008 00:59:20 EDT

anon : can anyone get a refresh arrow??

Re: Comcast hacked?

Thu, 29 May 2008 00:57:32 EDT

cota143 : Down in NJ also....well sort of.

we are running through a router attached to the modem. Hubby's computer gets the hacked msg... www6.comcast.net/a/ is fine on mine. Plus I also called CS and was told they are indeed working on it but thier explanation of why hubby is getting hack msg and I'm not....."Congratulations, whatever our team is doing to fix it must be working"....lol

Re: Comcast hacked?

Thu, 29 May 2008 00:57:16 EDT

Joel : 465 not working here either Mady (also using OpenDNS)

EDIT: make that 995 not working.

Re: Comcast hacked?

Thu, 29 May 2008 00:55:51 EDT

ylla : Yup...same thing here; Fall River, MA

Mail fails when trying to connect and 2 different screens at times on the home page (one being the add one mentioned and sometimes a "Comcast Hacked by" message....)

Re: Comcast hacked?

Thu, 29 May 2008 00:55:00 EDT

anon : called comcast said they are updating or whatever but funny thing my mcafee kept wanting me to enable it???don't know if someone is trying to hack into my computer too.

Re: Comcast hacked?

Thu, 29 May 2008 00:54:20 EDT

madylarian : All I can think of, Michael, is that it may have something to do with me not using Comcast's DNS servers.

mady
--
Honi soit qui mal y pense

msg deleted

Thu, 29 May 2008 00:54:04 EDT

anon : deleted by a moderator

Re: Comcast hacked?

Thu, 29 May 2008 00:53:20 EDT

anon :
same thing Portland Oregon area...May 29 2008
checked 9:40 pm...and getting screen that says:

Network Solutions.....and showing foreign language in box.

Can not access email on internet explorer or Firefox.

Windy

Re: Comcast hacked?

Thu, 29 May 2008 00:52:46 EDT

Michael2 :

said by madylarian :

Port 465 is not working for me.

mady

465 is still working fine here.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 00:52:09 EDT

anon : :p Sheww!! I am so glad its not my computer! I don't know what time it started, I was just trying to check my email. You guys think its hacked then? I tried to live chat with Comcast and couldn't get past their 5,000 questions to get to a representative. Frustrating! good to know I'm not alone!

Re: Comcast hacked?

Thu, 29 May 2008 00:51:22 EDT

Joel :

said by Dolph :

When logging into Comcast.net by clicking "my account" from the www6.comcast.net page, I noticed the script being blocked from firefox noscript linking to www.247realmedia.com

Does anyone know if this is normal or part of the "attack"?

This is normal, 247realmedia.com is one of Comcast's ad servers. A real pest too.
--
There is no dark side of the moon really, matter of fact it's all dark

Re: Comcast hacked?

Thu, 29 May 2008 00:50:47 EDT

anon : here in savanna ga as well and my refresh button is gone! :(

Re: Comcast hacked?

Thu, 29 May 2008 00:50:27 EDT

anon : From inside Comcast's network the portal is back up, though some things are still hunky, but at least we can get our email. From outside their network the redirect is a killer, and, if I remember my dns propagation rules, may take a minimum of 48 hours to get sorted out. Makes me wonder when the hack actually happened...

Re: Comcast hacked?

Thu, 29 May 2008 00:50:13 EDT

madylarian : Port 465 is not working for me.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:48:39 EDT

Chiyo : nothing here is working none of the links provided or anything!
--
My Blog:
»abanzai.animeblogger.net/

Re: Comcast hacked?

Thu, 29 May 2008 00:48:36 EDT

Michael2 :

said by george3k :

Telnet on 995 goes through on mail.comcast.net. Telnet on 587 on mail.comcast.net fails.

Is this a typo? You should be telnetting to smtp.comcast.net 587. This is working fine for me.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 00:48:16 EDT

anon : When logging into Comcast.net by clicking "my account" from the www6.comcast.net page, I noticed the script being blocked from firefox noscript linking to www.247realmedia.com

Does anyone know if this is normal or part of the "attack"?

Re: Comcast hacked?

Thu, 29 May 2008 00:47:59 EDT

Cjaiceman : »https://businessclass.comcast.net is also up and working fine.

msg deleted

Thu, 29 May 2008 00:45:13 EDT

anon : deleted by a moderator

Re: Comcast hacked?

Thu, 29 May 2008 00:44:52 EDT

sansri88 : Email is up on the beta Comcast.net website.

Re: Comcast hacked?

Thu, 29 May 2008 00:44:34 EDT

goofy01 : Pinging mail.comcast.net [205.178.189.131] with 32 bytes of data:
Can't connect using OE
The connection to the server has failed. Account: 'mail.comcast.net', Server: 'mail.comcast.net', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10060, Error Number: 0x800CCC0E

Re: Comcast hacked?

Thu, 29 May 2008 00:43:41 EDT

anon : Telnet on 995 goes through on mail.comcast.net. Telnet on 587 on mail.comcast.net fails.

Re: Comcast hacked?

Thu, 29 May 2008 00:41:12 EDT

Michael2 :

said by Bigzizzzle :

Email is down on port 995 and smtp port 587... This has got to be the most righteous destruction ever...

Is anyone else seeing this? I am able to send and receive mail on these ports without any problem. I check ports 110 and 25, 465 also without problem.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 00:41:05 EDT

madylarian : It looks like the portal has changed again to something about urchinTracker. Please tell me that's not some nasty javascript trojan.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:40:46 EDT

anon : Looks like things are getting better. Name servers are now updated and IP's on the DNS are clearing up:

Registrant:
Comcast Corporation
1500 Market Street
Philadelphia, PA 19102
US

Domain Name: COMCAST.NET

------------------------------------------------------------------------
Promote your business to millions of viewers for only $1 a month
Learn how you can get an Enhanced Business Listing here for your domain name.
Learn more at »www.NetworkSolutions.com/
------------------------------------------------------------------------

Administrative Contact:
Domain Registrations, Comcast kryogenicsdefiant@gmail.com
Defiant still raping 2k8 ebk
69 dick tard lane
dildo room
PHILADELPHIA, PA 19103
US
4206661870 fax: 6664200187

Technical Contact:
Comcast Corporation kryogenicsdefiant@gmail.com
1500 Market Street
Philadelphia, PA 19102
US
215-320-8774 fax: 215-564-0132

Record expires on 24-Sep-2008.
Record created on 25-Sep-1997.
Database last updated on 29-May-2008 00:35:38 EDT.

Domain servers in listed order:

DNS101.COMCAST.NET 68.87.64.204
DNS102.COMCAST.NET 68.87.66.204

From OpenDNS.org:

Refreshed results for comcast.net
United States
New York, New York, USA Palo Alto, California, USA

* 205.178.189.131

* 204.127.195.15
* 204.127.205.8
* 204.127.228.15
* 216.148.227.202
* 63.240.76.72

Seattle, Washington, USA Washington, DC, USA

* 204.127.195.15
* 204.127.205.8
* 204.127.228.15
* 216.148.227.202
* 63.240.76.72

* 205.178.189.131

Europe
London, England, UK

* 204.127.195.15
* 204.127.205.8
* 204.127.228.15
* 216.148.227.202
* 63.240.76.72

Re: Comcast hacked?

Thu, 29 May 2008 00:37:25 EDT

Bigzizzzle : Email is down on port 995 and smtp port 587... This has got to be the most righteous destruction ever...

Re: Comcast hacked?

Thu, 29 May 2008 00:36:33 EDT

anon : Same problem in the city, but had my sister check my email for me in Chicago suburb and she was able to access the site and log into my email for me.

I wouldnt be logging in to anything on comcast at the moment!

Re: Comcast hacked?

Thu, 29 May 2008 00:36:26 EDT

Kett2000 : I am getting the Network Solutions page now. At least the hacked page is gone now.

Re: Comcast hacked?

Thu, 29 May 2008 00:35:17 EDT

anon : Same problem in the city, but had my sister check my email for me in Chicago suburb and she was able to access the site and log into my email for me.

Re: Comcast hacked?

Thu, 29 May 2008 00:34:02 EDT

anon : I suggest clearing your cache frequently to retry

1) Goto start button
2) in the run box, type cmd
3) type ipconfig /flushdns
4) Press enter

Keep trying until things are resolved correctly

:D

Re: Comcast hacked?

Thu, 29 May 2008 00:33:42 EDT

anon : Hopefully just how a bunch of youngsters put a msg up on a big site and not how tons of private data was stolen and compromised

msg deleted

Thu, 29 May 2008 00:33:16 EDT

anon : deleted by a moderator

Re: Comcast hacked?

Thu, 29 May 2008 00:32:30 EDT

sonofjay : Wow... that's a big prize for a hacker. I'm sure we'll hear all about how the FBI is now involved and investigating. Wow.

Anyone want to guess what's on the news tomorrow?
--
Mission Accomplished

Re: Comcast hacked?

Thu, 29 May 2008 00:30:43 EDT

Michael2 :

said by madylarian :

Awww, sorry they woke you, Michael.

mady

I hadn't gotten as far as the bed.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 00:30:36 EDT

anon : Checked OpenDNS cache and it's still reporting bogus IP's

CacheCheck

OpenDNS has huge caches, which is one reason OpenDNS makes your Internet experience faster. With CacheCheck, you can check what OpenDNS customers see when they request a domain. If there's something amiss, you may refresh OpenDNS's cache for that domain.
Refreshed results for forums.comcast.net

Note: We also refreshed our records for this domain's zone: comcast.net.
United States
New York, New York, USA Palo Alto, California, USA

* 205.178.189.131

* 205.178.189.131

Seattle, Washington, USA Washington, DC, USA

* 205.178.189.131

* 209.62.20.186

Europe
London, England, UK

* 205.178.189.131

Until those die, I won't be able to see anything.

Re: Comcast hacked?

Thu, 29 May 2008 00:30:22 EDT

anon : I'm in Boston..everything is down and off-line..."under construction..."

hss

Re: Comcast hacked?

Thu, 29 May 2008 00:29:59 EDT

stewie316 : They just changed the portal page to the hacked message....

Re: Comcast hacked?

Thu, 29 May 2008 00:29:13 EDT

Kett2000 : The forums are not accessible here either.

Re: Comcast hacked?

Thu, 29 May 2008 00:28:42 EDT

Michael2 : It looks like the forums are now redirecting to »www6.comcast.net/a/, which is loading fine.

I had been on the forums until 4 minutes ago.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 00:28:18 EDT

EG :

said by Michael2 :

All,

The Comcast.net Help Forums are currently unaffected and can be reached by going to »forums.comcast.net/.

Hi Michael. The Forums are not accessible here.

Re: Comcast hacked?

Thu, 29 May 2008 00:27:05 EDT

madylarian :

said by Michael2 :

All,

We are aware of the problem and working to get this resolved as quickly as possible. This will also affect the Comcast.net Webmail. The Comcast.net Help Forums are currently unaffected and can be reached by going to »forums.comcast.net/. Our sincere apologies for any inconvenience this may be causing.

Awww, sorry they woke you, Michael.
Edit: Forums still down here.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:27:04 EDT

KYL : This is going to make for some interesting trouble calls tomorrow...

Re: Comcast hacked?

Thu, 29 May 2008 00:27:02 EDT

sansri88 : It's affected too, at least on my end. The page loads, then redirects to the Network Solutions page.

Re: Comcast hacked?

Thu, 29 May 2008 00:26:28 EDT

anon : »www.seantorbett.com/2008/05/28/c···-script/

Looks like someone caught a script that tried to run.

Re: Comcast hacked?

Thu, 29 May 2008 00:26:21 EDT

anon : Actually your forums are down too :(

Re: Comcast hacked?

Thu, 29 May 2008 00:25:42 EDT

anon : The WHOIS also just updated:

Registrant:
Comcast Corporation
1500 Market Street
Philadelphia, PA 19102
US

Domain Name: COMCAST.NET

------------------------------------------------------------------------
Promote your business to millions of viewers for only $1 a month
Learn how you can get an Enhanced Business Listing here for your domain name.
Learn more at »www.NetworkSolutions.com/
------------------------------------------------------------------------

Administrative Contact:
Domain Registrations, Comcast kryogenicsdefiant@gmail.com
Defiant still raping 2k8 ebk
69 dick tard lane
dildo room
PHILADELPHIA, PA 19103
US
4206661870 fax: 6664200187

Technical Contact:
Comcast Corporation kryogenicsdefiant@gmail.com
1500 Market Street
Philadelphia, PA 19102
US
215-320-8774 fax: 215-564-0132

Record expires on 24-Sep-2008.
Record created on 25-Sep-1997.
Database last updated on 29-May-2008 00:17:01 EDT.

Domain servers in listed order:

NS21.WORLDNIC.COM 205.178.190.11
NS22.WORLDNIC.COM 205.178.144.11

The network solutions account has definitely been compromised.

Re: Comcast hacked?

Thu, 29 May 2008 00:25:38 EDT

Michael2 : All,

We are aware of the problem and working to get this resolved as quickly as possible. This will also affect the Comcast.net Webmail. The Comcast.net Help Forums are currently unaffected and can be reached by going to »forums.comcast.net/. Our sincere apologies for any inconvenience this may be causing.
--
Comcast.net Help Forum Administrator.

Re: Comcast hacked?

Thu, 29 May 2008 00:24:43 EDT

madylarian :

said by sansri88 :

I've called in to the call center as well. Was told to use this site right now: »beta.comcast.net/a/

Not all links are working at the moment.

Now that you mention it, the CSR did ask me if there was a /a in the url I saw in my browser.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:24:23 EDT

EG :

said by sansri88 :

I've called in to the call center as well. Was told to use this site right now: »beta.comcast.net/a/

Not all links are working at the moment.

That URL is a joke here at the moment !!

Re: Comcast hacked?

Thu, 29 May 2008 00:23:58 EDT

anon : I got the same message here in VA....

Re: Comcast hacked?

Thu, 29 May 2008 00:22:39 EDT

Cabal :

said by CUBS_FAN :

WTF!!!! I have automatic UN+PW for my email account setup on Outlook. Who knows if they got my account info and is using it...

Be careful, mail.comcast.net has indeed been changed (though probably not to a malicious site, yet).

$ host mail.comcast.net
mail.comcast.net has address 205.178.189.131
$ host 205.178.189.131
131.189.178.205.in-addr.arpa domain name pointer wf.networksolutions.com.
--
Interested in open source engine management for your Subaru?

Re: Comcast hacked?

Thu, 29 May 2008 00:22:34 EDT

sansri88 : I've called in to the call center as well. Was told to use this site right now: »beta.comcast.net/a/

Not all links are working at the moment.

Edit: Most links don't work.

Re: Comcast hacked?

Thu, 29 May 2008 00:22:32 EDT

EG :

said by espaeth :

Someone hacked Comcast's registrar account at Network Solutions and changed the authoritative DNS servers for comcast.net.

A scary vulnerability..

Re: Comcast hacked?

Thu, 29 May 2008 00:21:38 EDT

anon : Here is the source code I just checked:

The freewebs address has changed from about 30 minutes ago too. Someone is actively changing the page as we speak

Re: Comcast hacked?

Thu, 29 May 2008 00:20:21 EDT

Kett2000 : I am also getting the hacked message in the Atlanta area.

Re: Comcast hacked?

Thu, 29 May 2008 00:20:00 EDT

madylarian :

said by mr Tee :

what did they say?

There was not a lot he could say. There wasn't anything on his board about it but he went to the site and saw the hacker's message. I just told him he'd better notify their security section or whatever they call it.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:19:00 EDT

anon : what are the chances of any malicious scripts being run on the hacked site? Anyone checked this out?

Re: Comcast hacked?

Thu, 29 May 2008 00:16:55 EDT

anon : what did they say?

Re: Comcast hacked?

Thu, 29 May 2008 00:16:33 EDT

madylarian :

said by CUBS_FAN :

WTF!!!! I have automatic UN+PW for my email account setup on Outlook. Who knows if they got my account info and is using it...

That was my concern as well and I mentioned it to CSR.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:16:11 EDT

espaeth : Someone hacked Comcast's registrar account at Network Solutions and changed the authoritative DNS servers for comcast.net.

Re: Comcast hacked?

Thu, 29 May 2008 00:15:13 EDT

anon : Having the same issue here in the Chicagoland Area.

The DNS seems to be pointing to a non comcast address. Looks like someone poisoned a nameserver on the comcast network somehow. Notice the trace results below.

Re: Comcast hacked?

Thu, 29 May 2008 00:15:07 EDT

anon : same thing in chicago... Gmail backup FTW!

Re: Comcast hacked?

Thu, 29 May 2008 00:13:48 EDT

madylarian :

said by pat0227 :

Same thing happening here in the middle of nowhere in the US. I heard if you call they just hang up!

They didn't hang up on me. In fact, I had a very nice conversation with someone in the Canadian call center.

mady

Re: Comcast hacked?

Thu, 29 May 2008 00:12:57 EDT

CUBS_FAN : WTF!!!! I have automatic UN+PW for my email account setup on Outlook. Who knows if they got my account info and is using it...

Re: Comcast hacked?

Thu, 29 May 2008 00:11:58 EDT

Chiyo : Best topic EVA... DIGG OMGZ111!

I guess the BMW hit a pole!

Re: Comcast hacked?

Thu, 29 May 2008 00:11:30 EDT

anon : Same thing happening here in the middle of nowhere in the US. I heard if you call they just hang up!

Re: Comcast hacked?

Thu, 29 May 2008 00:09:49 EDT

actor90 : I'm getting the hacked message as well.

Comcast.net Hacked

Re: Comcast hacked?

Thu, 29 May 2008 00:09:25 EDT

sansri88 : hax0rzd!

Getting the Network Solutions page...

Re: Comcast hacked?

Thu, 29 May 2008 00:09:02 EDT

EG :

said by madylarian :

Gee guys, you make me feel invisible. :(

mady

You could never be invisible mady !! ;) :)

Re: Comcast hacked?

Thu, 29 May 2008 00:07:24 EDT

madylarian : Gee guys, you make me feel invisible. :(

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Thu, 29 May 2008 00:06:56 EDT

Chiyo : Damn what did Comcast ever do to Germany? maybe it has something to do with BT :P anyways i'm LOL'ing wonder how quicky it will be fixed
--
My Blog:
»abanzai.animeblogger.net/

Re: Comcast hacked?

Thu, 29 May 2008 00:06:50 EDT

CUBS_FAN :
Omg becareful trying to access your email accounts.

Is this the normal server for Comcast accounts?

Re: Comcast hacked?

Thu, 29 May 2008 00:06:00 EDT

BlueJay : Back at ya, EG.. :) And here I was all set to blame you and trying to get that link that you posted to work.. :p :D

ciao, bj

Re: Comcast hacked?

Thu, 29 May 2008 00:05:14 EDT

anon : Same thing here in Portland, Oregon. Notice the problem arount 8:00PM

Re: Comcast hacked?

Thu, 29 May 2008 00:03:33 EDT

espaeth :

said by Cabal :

I see the real site at comcast.net, but a NetSol template page at www.comcast.net. A whois yields:

Good find! It looks like Comcast's Network Solutions account actually got hacked.

Re: Comcast hacked?

Thu, 29 May 2008 00:02:34 EDT

anon : yea, on my notebook, i get under construction, but on my deskto i get the hacked message. This isn't good.

Re: Comcast hacked?

Wed, 28 May 2008 23:57:58 EDT

anon : Same here. Hacked at 2355hrs. :mad:

Re: Comcast hacked?

Wed, 28 May 2008 23:56:48 EDT

anon : KRYOGENIKS Defiant and EBK RoXed COMCAST
sHouTz To VIRUS Warlock elul21 coll1er seven

Here too, Eastern Washington reporting in.

Re: Comcast hacked?

Wed, 28 May 2008 23:56:38 EDT

EG :

said by BlueJay :

and I'm getting a notice from Network Solutions-site under construction-- with foreign languages in a box.. Can't get into the Help or community forums... Webmail was accessed..

ciao, bj

Hey BJ, nice ta see ya here ! ;)

Yep. My direct link to the Help Forums is kaput now as well...

I'm goin' ta bed !

Re: Comcast hacked?

Wed, 28 May 2008 23:56:06 EDT

CUBS_FAN : oh yeah... What a big mess this is . They even rerouted thier IP address:

C:\Documents and Settings>tracert www.comcast.net

Tracing route to www.comcast.net [205.178.189.131]
over a maximum of 30 hops:

1 2 ms 1 ms 1 ms 192.168.15.1
2 * * * Request timed out.
3 8 ms 12 ms 9 ms ge-1-37-ur01.chicago201.il.chicago.comcast.net [68.86.115.21]
4 9 ms 10 ms 9 ms te-8-3-ur02.chicago201.il.chicago.comcast.net [68.87.230.186]
5 7 ms 11 ms 9 ms te-3-1-ur01.chicago302.il.chicago.comcast.net [68.87.230.181]
6 8 ms 11 ms 8 ms te-8-3-ur02.chicago302.il.chicago.comcast.net [68.87.230.178]
7 8 ms * 24 ms te-3-1-ar01.chartford.ct.hartford.comcast.net [68.86.90.58]
8 13 ms 8 ms 9 ms pos-0-3-0-0-cr01.chicago.il.ibone.comcast.net [68.86.90.57]
9 45 ms 48 ms 55 ms pos-0-14-0-0-cr01.newyork.ny.ibone.comcast.net [68.86.85.105]
10 53 ms 46 ms 46 ms 204.70.144.1
11 55 ms 43 ms 45 ms cr1-pos-0-7-3-1.newyork.savvis.net [204.70.195.93]
12 50 ms 50 ms 50 ms cr1-tengig-0-15-0-0.Washington.savvis.net [204.70.196.101]
13 47 ms 50 ms 51 ms hr1-tengig9-1.sterling2dc2.savvis.net [204.70.197.74]
14 48 ms 47 ms 48 ms bhr1-gigabitethernet14-1.sterlingdc2.savvis.net [204.70.199.9
15 49 ms 51 ms 48 ms csr21-ve242.Sterlingdc2.savvis.net [216.33.98.11]
16 50 ms 49 ms 50 ms csr22-ve241.Sterlingdc2.savvis.net [216.33.98.19]
17 * *

Looks German to me. At first I thought my computer was hijaacked :o

Re: Comcast hacked?

Wed, 28 May 2008 23:55:47 EDT

madylarian : I just got off the phone with Comcast to let them know. We'll see what happens.

mady
--
Honi soit qui mal y pense

Re: Comcast hacked?

Wed, 28 May 2008 23:54:23 EDT

anon : I'm also seeing the Kryogeniks message...sure looks like they've been hacked....

Re: Comcast hacked?

Wed, 28 May 2008 23:54:05 EDT

Cabal : Seems more like a breach of Network Solutions (or Comcast's NetSol credentials) than Comcast itself and redirecting the domain.
--
Interested in open source engine management for your Subaru?

Re: Comcast hacked?

Wed, 28 May 2008 23:52:50 EDT

stewie316 : Comcast.net is down 0o -_-"

Re: Comcast hacked?

Wed, 28 May 2008 23:52:43 EDT

CUBS_FAN : OH yeah.. Someone definitely breached Comcast.net. This is what I see

Re: Comcast hacked?

Wed, 28 May 2008 23:52:10 EDT

BlueJay : and I'm getting a notice from Network Solutions-site under construction-- with foreign languages in a box.. Can't get into the Help or community forums... Webmail was accessed..

ciao, bj

Re: Comcast hacked?

Wed, 28 May 2008 23:50:27 EDT

Cabal : I see the real site at comcast.net, but a NetSol template page at www.comcast.net. A whois yields:

quote:
Registrant:
Comcast Corporation
1500 Market Street
Philadelphia, PA 19102
US

Domain Name: COMCAST.NET

------------------------------------------------------------------------
Promote your business to millions of viewers for only $1 a month
Learn how you can get an Enhanced Business Listing here for your domain name.
Learn more at »www.NetworkSolutions.com/
------------------------------------------------------------------------

Administrative Contact:
Domain Registrations, Comcast kryogenicsdefiant@gmail.com
Defiant still raping 2k8 ebk
69 dick tard lane
dildo room
PHILADELPHIA, PA 19103
US
4206661870 fax: 6664200187

Technical Contact:
Comcast Corporation kryogenicsdefiant@gmail.com
1500 Market Street
Philadelphia, PA 19102
US
215-320-8774 fax: 215-564-0132

Record expires on 24-Sep-2008.
Record created on 25-Sep-1997.
Database last updated on 28-May-2008 23:48:08 EDT.

Domain servers in listed order:

NS21.WORLDNIC.COM 205.178.190.11
NS22.WORLDNIC.COM 205.178.144.11

--
Interested in open source engine management for your Subaru?

Re: Comcast hacked?

Wed, 28 May 2008 23:47:21 EDT

EG : I'm getting a "Page Under Construction" message at the Portal site mady.

Re: Comcast hacked?

Wed, 28 May 2008 23:43:54 EDT

fphamm : Same here on the west coast, started around 8:00pm pt here

Comcast hacked?

Wed, 28 May 2008 23:27:02 EDT

madylarian : I'm getting a funny message on comcast.net:

KRYOGENIKS EBK and DEFIANT RoXed COMCAST
sHouTz To VIRUS Warlock elul21 coll1er seven and Slacker

Page source says it comes from:
"http://www.freewebs.com/kryogeniks911/"

mady