Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comcast web mail servers hacked, all users at risk


  • Please log in to reply
7 replies to this topic

#1 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 AM

Posted 06 February 2014 - 07:10 PM

http://www.neowin.net/news/comcast-web-mail-servers-hacked-all-users-at-risk

 

 

Hacking group NullCrew FTS declared today that it had exploited a security flaw in Comcast’s Zimbra webmail server. It’s believed that the group used what is known as a LFI exploit or local file inclusion vulnerability to obtain usernames and passwords of Comcast ISP users.

The hacking group claims it used this exploit to gain access to the Zimbra LDAP and MySQL database which house the user accounts and passwords. The group posted earlier on pastebin.com a list of what they gained access to, but with no usernames or passwords listed. The posting has since been removed by pastebin.

Every Comcast ISP user has a master account, which is accessible through their Zimbra webmail site. This account can be used to access your payment information, e-mail settings, user account creation and services you purchase from Comcast. Even if you do not use their mail service, you still will have a master account. It is strongly recommended that, if you are a Comcast user, you change your password as soon as possible. 

Comcast performed out-of-schedule maintenance on their mail servers last night, hopefully to fix this exploit. No more information is available at this time on what maintenance was performed.

 

 

You may also want to read comments at the above site like this one:

This issue was identified recently and a patch had been released. Zimbra had contacted all their customers to update to the latest version. Looks like Comcast were a little lazy and got pwned.

 

 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 06 February 2014 - 09:05 PM

Broni it appears Comcast forgot to send themselves a "notice of finding Bots." :whistle:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Broni

Broni

    The Coolest BC Computer

  • Topic Starter

  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 AM

Posted 06 February 2014 - 09:12 PM

Hahahaha....good one....lol


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 06 February 2014 - 09:20 PM

I thought you would get a kick out of that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Broni

Broni

    The Coolest BC Computer

  • Topic Starter

  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 AM

Posted 06 February 2014 - 09:26 PM

I did :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Broni

Broni

    The Coolest BC Computer

  • Topic Starter

  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 AM

Posted 06 February 2014 - 09:42 PM

It looks like Comcast tries to be even funnier.

They scare people through their phones...lol

http://forums.comcast.com/t5/Web-Portal/Just-received-a-constant-guard-alert-on-my-phone/td-p/2001747

 

Just received a constant guard alert on my phone saying that comcast has detected a bot on my home network and I should visit....https://amibotted.comcast.net  

 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 07 February 2014 - 04:16 PM

 

StephenMBon
01-16-2014 05:37 PM

 

Below is the info without solution except to purchase additional software of course.

 

Of course....it's all about making more sales and generating a larger profit for the company on the wallets of their consumers.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Broni

Broni

    The Coolest BC Computer

  • Topic Starter

  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 AM

Posted 07 February 2014 - 05:56 PM

It's pretty amazing how a big company like Comcast can be pulling scams like this.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users