[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comcast storing WiFi passwords in cleartext?
On 25/04/2019 3:13 AM, Benjamin Sisco wrote:
> I think we all understand the value of using oneâ??s own equipment and keeping the firmware up to date if one is in any way concerned about security. We all should also understand that in a managed environment such as an ISP there should be no reasonable expectation of privacy regarding the configuration of the equipment attached to the ISP's network (rented or customer owned).
Accepting i'm not a North American...
The reasonable expectation of privacy should be that the customer knows
precisely what is private, and what is not. If the ISP makes it very
clear that every configuration item on the edge device is known to, or
accessible by, the ISP for support purposes, then there's no problem. At
which point everyone's "reasonable expectations" are the same, and
there's no issue.
(Those for whom the support provided by the ISP is key, will enjoy this
service. Those who don't, have the option of doing their own thing.Â
Even better.. provide the user the means to disable the sharing of this
information by choice?? Would save buying and running additional
hardware for those who don't feel the need to have their creds shared,
for example).
First thing i've done with all ISP-provided CPE is disable all the
remote-login stuff that's enabled by default for tech support purposes.
Full knowledge and disclosure is all that's needed!
>
> The bigger concern should be the cleartext portion of the subject. Thereâ??s ZERO reason to store or transmit any credentials (login, service, keys, etc.), in any location, in an unencrypted fashion regardless of their perceived value or purpose. Unless you like risk.
As someone else said, the problem is the level of trust you're placing
in your ISP and in their own security... a large aggregate of private
information is just waiting to be pwned.
Mark.