dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed
This is a sub-selection from Hmmm


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to screavic4

Re: Hmmm

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
--
JL
Comcast



screavic4
Premium
join:2006-08-11
Paron, AR
kudos:1

Yeah, I've been brainstorming on it and the only thing I can think of is some type of "image verification" that your customers would pick and image and a phrase of their own and show it on all "official" Comcast messages via Web alerts. My bank does it, it can also be spoofed too though if they really wanted to try hard enough.
--
Keyboard not found press F1 to continue.
My software never has bugs, they just develop random "features".



pizz
bye bye twc. hello Comcast.
Premium
join:2000-10-27
Astoria, NY
Reviews:
·Time Warner Cable
reply to jlivingood

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Add a nice pamphlet inside their monthly bills telling them of this new service. So customers know before hand, as alot of people do read their bills and the flyers they stuff inside them.

but good luck on it, not a bad idea at all.
--
The more you talk, the less you listen.


screavic4
Premium
join:2006-08-11
Paron, AR
kudos:1

I too like it, it's one way to save bandwidth too. I also like that Comcast offers antivirus to their customers.
--
Keyboard not found press F1 to continue.
My software never has bugs, they just develop random "features".



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to pizz

said by pizz:

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Add a nice pamphlet inside their monthly bills telling them of this new service. So customers know before hand, as alot of people do read their bills and the flyers they stuff inside them.

but good luck on it, not a bad idea at all.
I don't know if we're planning to do that or not. But we are sending emails to customers in the trial area, for what that's worth.
--
JL
Comcast

dfxmatt

join:2007-08-21
Evanston, IL
reply to pizz

that's a well intended idea, but people aren't necessarily going to *read it*.

Anything other than a bill in an envelope with a bill usually goes -> trash.



cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

1 recommendation

said by dfxmatt:

that's a well intended idea, but people aren't necessarily going to *read it*.

Anything other than a bill in an envelope with a bill usually goes -> trash.
Well, who's fault that then? Send it with their bill and they throw it away. Send it in an email and it gets flagged as spam or just ignored. Post it on a portal website and they never visit it. Doing all three might reach a significantly larger audience, but I wouldn't count on it.

sgdoerfler

join:2002-12-10
Pittsburgh, PA
reply to jlivingood

Generate a unique "authenticity code" for each customer. Print it in every bill. ("Your authenticity code is 987654321. All online messages from Comcast will use your code. Emails and popups that claim to be from Comcast but don't have your unique authenticity code number are forgeries.")

Then the message could say "To confirm this message is really from Comcast, it uses this authenticity code which is printed in your monthly bill: 987654321"

This technique also works to prove that emails or other online communications are really from the company they say they're from, any time there's a known-legit printed bill the customer can refer to.

The unique code could be a random number generated for each customer, or to save space, algorithmically generated. (For instance, combine the customer's account number with some secret key text Comcast makes up, then run a message digest function on the result. As long as Comcast keeps the secret key safe, no hacker can know a customer's unique authenticity code without intercepting a prior communication.)


patcat88

join:2002-04-05
Jamaica, NY
kudos:1
reply to jlivingood

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Have a link you can click that will have an auto dialer call the phone number registered with the account of modem. Message just authenticated itself to the user.

bt

join:2009-02-26
canada
kudos:1
reply to jlivingood

What about making a copyable (non-clickable) link to the AV Center? Assuming it's got a URL that is obviously Comcast (IE: http(s)://www.comcast.com/whatever) it could reduce some well-intended paranoia, as well make it a bit more difficult for Malware to match it exactly in look but have it lead elsewhere.


jjeffeory

join:2002-12-04
USA
reply to cdru

All my bills are electronic. I look at the amount of the bill and charges. I ignore the rest. Call me if you want to give me information like that. A bill is a bill is more like a due bill. We are spammed by too much crap these days, so maybe they should make a commercial or something? LOL



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 recommendation

reply to patcat88

said by patcat88:

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Have a link you can click that will have an auto dialer call the phone number registered with the account of modem. Message just authenticated itself to the user.
Hey - that's actually a pretty good idea...
--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to sgdoerfler

said by sgdoerfler:

Generate a unique "authenticity code" for each customer. Print it in every bill. ("Your authenticity code is 987654321. All online messages from Comcast will use your code. Emails and popups that claim to be from Comcast but don't have your unique authenticity code number are forgeries.")

Then the message could say "To confirm this message is really from Comcast, it uses this authenticity code which is printed in your monthly bill: 987654321"

This technique also works to prove that emails or other online communications are really from the company they say they're from, any time there's a known-legit printed bill the customer can refer to.

The unique code could be a random number generated for each customer, or to save space, algorithmically generated. (For instance, combine the customer's account number with some secret key text Comcast makes up, then run a message digest function on the result. As long as Comcast keeps the secret key safe, no hacker can know a customer's unique authenticity code without intercepting a prior communication.)
Another good idea. A take on this might be to somehow incorporate the billing / acct ID # from your bill.
--
JL
Comcast

jus10

join:2009-08-04
Sterling, VA
reply to jlivingood

I suppose the question on my mind is, "where's the SSL"? I mean, if instead of putting that little banner at the top the page redirected to a » connection saying basically, "Excuse me but you're polluting the net, please fix your machine by XXXX. Here's the link you were going to: »", etc, etc.

That would at least cover the "techies". For everyone else, I like the autodialer suggestion below.

I suppose one other bit of confusion among the average folks is that, it might not be the machine redirected that has the virus. At my parents, my Mom, Dad, Brother, Sister and the guestroom have computers connected. I imagine the little notice isn't going to be able to specify which one it is. If there could be a link which gave a little more info (as to which virus or bot it was so that if its a Mac problem my Dad can check his machine and a Linux problem would be my Mom's netbook, etc,etc).

The redirect to security.comcast.net is a start I guess but that doesn't cover all of the problems above. My Mom, Dad, Brother, and Sister in the above don't know my Dad's Comcast logon to download McAfee. My Dad and Mom can't use it at all since they're on Mac and Linux respectively. And there are folks like me who have absolutely no idea what my Comcast login info is. I don't use anything on comcast.net so I know I had to set up something when I got the modem but I haven't looked at is since. (I also don't have any Windows machines so McAfee would be a moot point but I'm just saying as an example).

I think its a good idea and a good start but could use some refinements. Right now it looks like all those other bad popups people get and it leaves open some questions as to "what should I be looking for where?" questions when trying to go bothunting.



Jafo232
You Can't Spell Democrat Without Rat.
Premium
join:2002-10-17
Boonville, NY
reply to jlivingood

I think it is a step in the right direction. Honestly though, I know myself and I would ignore that popup as an ad. Perhaps being able to call and confirm instead of clicking a link. Show the phone # and confirmation code in that ad.

I like the idea of walling off users if and ONLY if there is a very low chance of false positives and only if a person can get the restriction lifted quickly.

I have been saying for a long time that ISP's could not only save themselves bandwidth by proactively stopping botnets, they could also help the Net in general.
--
Custom PHP/Perl Development. Vbulletin And Wordpress Mods Too!


Methadras

join:2004-05-26
Spring Valley, CA
reply to jlivingood

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
How about you don't do it at all and let people solve their own computing problems. Are you going to actually be client side and reside on the machine itself or are you going to be deep inspecting each packet for malicious code? How are you going to deal with false positives and who's database are you using? This has bad news written all over it. Just be a dumb pipe provider and get out of my way. I already pay you for the bandwidth I want, so stop trying to regulate what happens on my machine please.


38632383

join:2009-09-25
Houston, TX

1 edit
reply to patcat88



mackey
Premium
join:2007-08-20
kudos:10
reply to dfxmatt

How about a "botnet surcharge?" That'll get people to read the bill! Say an extra $15/mo for every month they're infected, with 1 month refunded when they clean the machine. This way it will get people's attention and give them an incentive to clean their machine.

Another way around the walled-garden dilemma is to only wall off port 80 - this allows VoIP, gaming, SSL sites, etc to work correctly but the moment they use the web browser they get stuck. There should be a way to release it though, say by filling out a form. This way it's a bit more substantial that a virus-looking pop-up, but can still be bypassed once the user acknowledges the problem.

/mackey



Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
reply to sgdoerfler

At that rate, why not give out those one-time-pad emulating security dongles that ETRADE, WOW, and now PayPal are giving out (RSA based).

I just have a hard time seeing users responding to anything other than a straight up block+walled garden.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn

I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB.


dfxmatt

join:2007-08-21
Evanston, IL
reply to jlivingood

how about making account numbers something a customer can elect on their own as to what the account identifier is?

I've had comcast at 3 locations I've lived and I don't think even for a second I ever remembered the account # without having to pull it up off an old bill - and I don't like to keep around old bills. No, social security number is not a good alternative.



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
Reviews:
·Verizon FiOS
reply to jlivingood

In browser popups and emails are not trusted anymore.

Either a letter in the mail or cheaper, an automated phone call suggesting they call tech support. If there is still activity for a said amount of time and no response, kill the port at the switch.
--
"If something about the human body disgusts you, complain to the manufacturer" - Lenny Bruce
What this country needs is a good five dollar plasma weapon.

This is a sub-selection from Hmmm