
Comcast is leaking the names and passwords of customers’ wireless routers - smaili
https://techcrunch.com/2018/05/21/comcast-is-leaking-the-names-and-passwords-of-customers-wireless-routers/
======
sykh
I have Comcast and my own modem/router. It’s a good idea to have your
modem/router as the article suggests but you’ll have to be tech savvy enough
to counteract Comcasts’ tech support people. Every time there is an issue with
the internet connection their tech support always say it’s my modem/router
that is the problem and that I need to use a Comcast supplied modem/router.
It’s annoying and those who are not savvy enough will capitulate and get
Comcasts’ equipment.

I hate Comcast and would gladly pay another company double what I pay for
internet service with similar speeds. Alas, no such competition exists is my
area. I hope Comcast goes bankrupt some day.

~~~
ocdtrekkie
An argument can be made the rental is worth it for the ability to tell them
"if I can't get x speed off this Ethernet port, it's your fault, hands down,
so fix it". Whether or not it's worth $10-15 a month depends on how much you
loathe arguing with Comcast on the phone.

In my case, I was on my own modem on Comcast, my new service on my new ISP is
using DOCSIS 3.1, and what they support at what speeds seems to be changing
frequently, so a rental is the safest bet right now. (And 3.1 modems are
expensive as heck.) I tried buying one, it was too new for my ISP to work
with, and all the other ones both cost more and were lower end hardware. I'll
probably switch back to my own modem once 3.1 stabilizes a bit.

~~~
AdmiralAsshat
> An argument can be made the rental is worth it for the ability to tell them
> "if I can't get x speed off this Ethernet port, it's your fault, hands down,
> so fix it". Whether or not it's worth $10-15 a month depends on how much you
> loathe arguing with Comcast on the phone.

Have you actually done this? Because I have, and even after telling them, "I'm
paying for 25 down and using _your_ modem I'm barely pulling down 7." Their
suggestion was that I should upgrade to 50 down.

I told them to go to Hell and switched to Fios.

~~~
Bartweiss
Yep, after trying this a few times I never got anything better than "might be
temporary issues with traffic in your area" or "we have this more expensive
package..." Which doesn't actually surprise me, since I doubt tech support can
fix a problem that's essentially "we blatantly lied to you when we sold you
this service".

------
chatmasta
PSA: Any problems you have with Comcast, you can solve with a sternly worded
email to their “executive support” secret email:

Comcast_CustomerSupport@cable.comcast.com

Comcast_ESC@cable.comcast.com

~~~
SpaceManiac
Thanks for the tip. Maybe if I complain with just the right tone I can get
them to stop injecting "you have used 75% of your monthly bandwidth" popups
into my HTTP responses >:(

~~~
tbyehl
They're very proud of this incarnation of their notification injection system.
There have been presentations and an RFC.

[https://tools.ietf.org/html/rfc6108](https://tools.ietf.org/html/rfc6108)

------
strictnein
To take advantage of this, you need the target's account number. Not
impossible to get, but it's also not something you can readily get your hands
on.

~~~
DmenshunlAnlsis
You could probably find it in most peoples’ trash, reliably, intact, on a
regular schedule.

~~~
Clubber
Ya, but that's pretty out there. The big problem with vulnerabilities is
millions of hackers from all over the world can actively exploit them at the
same time. If you limit it to someone digging in your trash, you would have to
be a pretty high value target for someone to go through that.

I wouldn't expect anyone in my neighborhood to go through that for free
internet.

~~~
Retric
It's common for apartments to have trash can in their mail room that's just
got mail in it. So, it's not going to be unclean and being able to leech
internet is likely worth it for many people.

------
retSava
Well, why not see it as a feature? Plausible deniability for anything that
happens on your wifi, also plausible that it is out of your control.

------
ocdtrekkie
You should most likely be shutting off the Wi-Fi on a Comcast-owned gateway
anyways: The wireless they provide is trash to begin with, and you have less
options and ability to ensure it's running modern firmware.

~~~
stephengillie
Also it allows any Comcast customer to leech off your bandwidth. That's what
those Xfinity wifi hotspots are, you sign in with your Xfinity user/pass.

~~~
gergles
There's a separate DOCSIS QoS stream allocated for it, it isn't using "your"
bandwidth. (Of course, there's only so much uplink at the CMTS, but...)

~~~
jerf
As someone who occasionally uses the xfinity login while out and about, you
can tell it is absolutely on a separate stream because it definitely gets
reduced service. I haven't run a speed test on it formally, but it definitely
gets less bandwidth than the customer wifi signal, and I'd swear it has some
latency added to it just to ensure that it's a nicer alternative to cell
signals but not something you want to use full time.

------
hedora
Responsible disclosure?

~~~
lawnchair_larry
It’s “responsible” to let the public know that they are exposed to this.

------
em3rgent0rdr
earlier post:
[https://news.ycombinator.com/item?id=17122312](https://news.ycombinator.com/item?id=17122312)

