lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 8 Oct 2011 11:26:33 +1100
From: xD 0x41 <secn3t@...il.com>
To: Terrence <secretpackets@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Verizon Wireless DNS Tunneling

Interesting thread... issues of privacy are again raping the tech world..
please assist in exposing comcast if this is indeed true.
Either someone has been playing admin and put up some kind of fake login
page although thats highly unlikely,proof of the actual deployment of an exe
by the isp is a huge issue.
I know some isp's make use of port 80, and remote-assist,but they do not
rely on it,not in a usual Isp that is forsure.
Comcast is huge, id be looking into it more and gathering REAL HARD proof of
this,wether it was a tech acting alone or infact some kind of page they have
forwaded you to to "assist" possibly..if you can recall any recent
interactions with comcast,and what took place, this would also help.
You want exactly what page was downloaded FROM  and then ask them about it
(beforehand though makesure to also check theyre TOS regarding theyre usage
of anything - i doubt this would be visible so you maybe onto a winnder),it
would be great to see it even this exe and allow the list to debug it.
That would then probably give you plenty of info about the executable IF it
was installed by a comcast tech, you could then sue for that and any
*damages* or, just having a slower line/instability/droputs/downage etc
etc.... i would definately be looking into it before assuming it is comcasts
exe 100%.
It is a massive breach of privacy if this is how they are acting, unless it
is standard practice for some cases where they may assist remotely, and then
would probably need some diagnostic executables,but really this should not
be hard to find.. I would get your logs out and even take a peek into tmp of
your downloads for IE/FF or whatever your browser, and try to trace it to
when it was implanted.
Goodluck,cheers!
xd


On 8 October 2011 01:47, Terrence <secretpackets@...il.com> wrote:

> To the guy saying that comcast  requires an executable to authenticate you.
> Ha. You should prolly wipe your install.
> On Oct 7, 2011 10:41 AM, <Valdis.Kletnieks@...edu> wrote:
>
>> On Fri, 07 Oct 2011 10:36:39 EDT, James Wright said:
>>
>> > That would probably explain why the Comcast service page downloads an
>> > executable to authenticate you.  At that point they have control over
>> the
>> > end user's machine and can either clear the DNS cache or force a reboot.
>>
>> That must suck if you're a non-Windows user. ;)
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ