On Thu, Apr 25, 2019, 3:06 AM William Herrin wrote:
> Risk is threat times vulnerability times impact. No impact, no risk. For
> example, if the credentials for my grocery store loyalty card are
> compromised, I do not actually care. It has no impact.
>
A fun fact: my employer has a product
> On Apr 25, 2019, at 8:26 AM, K. Scott Helms wrote:
>
> People are missing the point here. This is _not_ a Comcast "issue" this same
> data is available to every single cable operator in the US who deploys
> bundled modem/router/APs that follow the CableLabs standard. They may or may
> not
People are missing the point here. This is _not_ a Comcast "issue" this
same data is available to every single cable operator in the US who deploys
bundled modem/router/APs that follow the CableLabs standard. They may or
may not expose the data to their end customers, but it's stored in their
Obviously violates every standard “don’t resell the service” clause. ( But
these are also the same TOSes that tell me I can’t VPN into the office , so
they can pound sand. :p )
Doing this makes about as much sense as running a TOR exit node to me. Too
much exposure to someone doing something dumb
James,
By the DOCSIS standard and every North American MSO's ToS I've seen (I've
worked with or for about 200 different cable operators over the last 20
years) your cable modem is always managed and the cable operator _always_
has access to its configuration and settings via SNMP. The
On 4/24/ 2019 10:34 AM, Seth Mattinen wrote:
> That's looking at it from a technical perspective when it isn't a technical
> problem. People that buy "includes wifi" from their ISP often need extreme
> amounts of help with it, and thus the wifi credentials are stored and
> transmitted in plain
On 4/24/19 9:32 PM, Mike Bolitho wrote:
>>
>> "than the relatively low risk of a database compromise leading to a
>> miscreant getting ahold of their wireless password and using their access
>> point as free wifi."
>>
>
> And this is the thing, not only does someone have to 'hack' the database,
>
Just so you know, if you have an embedded router from a service provider
all of that data is _already_ being transmitted and has been for a long
long time. If it's being collected via SNMPv2c it is being transmitted in
the clear (though hopefully encrypted via BPI+ between the modem and the
> On Apr 25, 2019, at 1:41 PM, Tom Beecher wrote:
>
> It seems like just another example of liability shifting/shielding. I'll
> defer to Actual Lawyers obviously, but the way I see it, Packetstream doesn't
> have any contractual or business relationship with my ISP. I do. If I sell
>
That is not related to the Gateway at all, nor done on the local network
are missing with the local network as I was describing. That is further
Upstream.
Brandon Jackson
On Thu, Apr 25, 2019, 14:50 Mel Pilgrim wrote:
> On 2019-04-23 18:32, Brandon Jackson via NANOG wrote:
> > I'm not saying
particularly "interesting" when someone downloads CP (or, as it now seems to be
called, CSAM) using their ipaddr and causes them to become a Person of Interest.
On Apr 25, 2019, 12:43 PM -0700, Tom Beecher , wrote:
> It seems like just another example of liability shifting/shielding. I'll
>
On 4/25/19 8:04 AM, K. Scott Helms wrote:
Just so you know, if you have an embedded router from a service provider
all of that data is _already_ being transmitted and has been for a long
long time.
Responding to a pseudo-random message ...
If you are an average consumer and purchase a
feeling cranky, are we, job? (accusing an antispam expert of spamming on a
mailing list by having too long a .sig?)
but it’s true! anne runs the internet, and the rest of us (except for ICANN
GAC representatives) all accept that.
to actually try to make a more substantial point, i am quite
On Thu, 25 Apr 2019 21:42:25 +0300, T�ma Gavrichenkov said:
> Isn't it just better to have it always displayed, in a 40pt sized font, on
> some LAN-accessible Web page, reachable without authentication by default,
This assumes that the customer has a spare CAT-5 cable and knows how to use it.
After all, it worked for Napster
Scott Helms
On Thu, Apr 25, 2019 at 3:23 PM John Levine wrote:
> In article you write:
> >-=-=-=-=-=-
> >
> >feeling cranky, are we, job? (accusing an antispam expert of spamming
> on a mailing list by having too long a .sig?)
> >but it’s true! anne
As much as it pains me to Devil's Advocate for Comcast... Has anyone proven
that they are storing this PSK in cleartext? From the original
StackExchange post :
" When I went to the account web page, it showed me my password. I changed
the password and it instantly showed the new password on the
On Thu, Apr 25, 2019, 3:57 PM Mike Bolitho wrote:
> Grandma Smith calls in because she changed her WPA2 password two years
> ago. Her grandson just bought her a new iPad and she can't connect. Tier I
> support says "I have your 'WiFi password' right here. It's hunter22." The
> call take 45
In article you write:
>-=-=-=-=-=-
>
>feeling cranky, are we, job? (accusing an antispam expert of spamming on a
>mailing list by having too long a .sig?)
>but it’s true! anne runs the internet, and the rest of us (except for ICANN
>GAC representatives) all accept that.
>
>to actually try to
Doug,
I don't disagree, but things are pretty complicated, much more so than they
might seem from the outside. First, if the configuration isn't stored
there's literally no way to have a backup for most of the CPE vendors so
there's definitely reason to have it duplicated in the service
Tom,
No, and I would hope that they were storing it in an encrypted format and
then decrypting it on the fly for display in the customer portal.
Scott Helms
On Thu, Apr 25, 2019 at 1:55 PM Tom Beecher wrote:
> As much as it pains me to Devil's Advocate for Comcast... Has anyone
> proven
On Wed, 24 Apr 2019, Anne P. Mitchell, Esq. wrote:
Just ran into packetstream.io:
How can this not be a violation of the ToS of just about every major provider?
Sounds like a "paid" TOR. Is TOR a ToS violation too -- the EFF would
probably like to hear of it if so. Or just the aspect of
It seems like just another example of liability shifting/shielding. I'll
defer to Actual Lawyers obviously, but the way I see it, Packetstream
doesn't have any contractual or business relationship with my ISP. I do.
If I sell them my bandwidth, and my ISP decides to take action, they come
after
22 matches
Mail list logo