<div dir="ltr"><div>I knew there was a mitm vulnerability with comcast's mimo wifi! To be fair, it's really a PEBKAC issue.<br><br><a href="https://blog.logrhythm.com/security/xfinity-pineapple/" target="_blank">https://blog.logrhythm.com/security/xfinity-pineapple/</a><br><br><br>Here's how to turn this feature off (I had to click it a few times in the comcast customer portal):<br><br><a href="http://www.twincities.com/ci_25037995/worried-you-can-always-turn-off-public-wi" target="_blank">http://www.twincities.com/ci_25037995/worried-you-can-always-turn-off-public-wi</a><br><br></div><div></div><div><br></div>Comcastic!<div class="gmail_extra"><br clear="all"><br><div class="gmail_quote">On Sat, May 24, 2014 at 7:50 PM, Justin Goldberg <span dir="ltr"><<a href="mailto:justgold79@gmail.com" target="_blank">justgold79@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I pay for the lowest tier speed, 3mb down, and I pay for no premium service, tv or phone, and I'm able to sign on to the xfinitywifi ssid captive portal using the comcast billing login username (without the @<a href="http://comcast.net" target="_blank">comcast.net</a>). The speed is faster through the neighbors than my own, though, to be fair, I could very well be signed on to my own technicolor tc35xx modem that I am renting from them.</div>
<div><br></div><div>I originally signed on at a cafe that had the ssid and then it worked at home without signin in, in a different browser, so it appears that they are remembering your login based on the wifi adapters mac address. Since it's an open ap, in theory it wouldn't be too hard for a non comcast user to sign on, just run a packet capture and then change your mac address to someone elses.</div>
<div><br></div><div>Since the whole neighborhood shares the same headend bandwidth, I don't dislike this idea, especially in the age of wifi 802.11n MIMO. That's how they are able to market themselves as the "fastest wifi around".</div><span><font color="#888888">
<div><br></div><div>Justin<br></div></font></span><div><div><div class="gmail_extra"><div><div dir="ltr"><div><br></div></div></div>
<br><br><div class="gmail_quote">On Mon, Apr 28, 2014 at 8:12 AM, JD <span dir="ltr"><<a href="mailto:jdp@algoloma.com" target="_blank">jdp@algoloma.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Comcast announced this wifi network about a year ago. Their intent is to allow<br>
any comcast customer to have access to hot-spots, tracked by their normal login.<br>
Sorta like how many OTA networks now require a paid TV subscription to access<br>
their internet shows. It is an added service for all their paying customers and<br>
can be convenient. AT&T has had something like this for about a decade, they<br>
just did it at B&N stores, Starbucks, McDs, ...<br>
<br>
I haven't had residential Comcast service for years, but they were good about<br>
putting those things into their "Terms of Service" agreements. You've already<br>
agreed to it by continuing to use the service, I'm certain. I would be surprised<br>
if a call into the help desk couldn't get your device removed from this plan. A<br>
few years ago, comcast started intercepting DNS queries. 1 call fixed that for<br>
me ... er ... after breaking things for a few days forced me to call in.<br>
<br>
Pretty much any cable modem you place on their network will be controlled by<br>
them. If you don't like that, get over it. The same applies to DSL too. The<br>
best we can do it treat their equipment like someone elses' equipment and put a<br>
strong pfSense router just inside it. Don't trust any commercial routers and<br>
definitely DO NOT TRUST the firmware shipped with any router, doesn't matter who<br>
made it. The most trusted vendors seem to be just as likely to have back doors.<br>
<div><br>
On 04/28/2014 12:21 AM, Steve Nicholas wrote:<br>
> I have Comcast and have a wireless network. My same status has not changed.<br>
> Will let you know if things change. Have you pinged Comcast about it? I would,<br>
> just to make sure THEY did it not not someone else. If they did, please post<br>
> their response.. If not, you may have some security issues. If the latter is<br>
> true, don't panic initially. Let the list do some forensics to see what might<br>
> be going on. Have dealt with hackers, and if this is the case, patience is a<br>
> virtue. Let us know. But don't do info sensitive transactions on said box.<br>
><br>
><br>
><br>
> On Thu, Apr 24, 2014 at 2:40 PM, Boris Borisov <<a href="mailto:bugyatl@gmail.com" target="_blank">bugyatl@gmail.com</a><br>
</div><div><div>> <mailto:<a href="mailto:bugyatl@gmail.com" target="_blank">bugyatl@gmail.com</a>>> wrote:<br>
><br>
> Yesterday I've noticed Comcast silently enabled additional wireless network<br>
> on my cable router named "xfinitywifi". I didn't get the reason behind the<br>
> idea but is open with web based login. Someone else with same issue.<br>
><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div></div>