[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comcast storing WiFi passwords in cleartext?

On 4/24/19 9:32 PM, Mike Bolitho wrote:
>> "than the relatively low risk of a database compromise leading to a
>> miscreant getting ahold of their wireless password and using their access
>> point as free wifi."
> And this is the thing, not only does someone have to 'hack' the database,
> they also need to drive up to your house and sit in your driveway to get
> free Internet. Of all the things to worry about, this is way down on my
> list.

Sounds like you live in a single-family home, in a low-density
neighborhood.  I live in an apartment complex, and WiFi Analyzer shows
more than 20 beacons visible from my kitchen.  Before I implemented MAC
filtering, my DHCP server logs showed connections by rogue equipment.
(And before you ask, my password is not a simple one.)

When I leave town for an extended period, I pull the plug on the wireless.

In an industrial park, I see the same dense tangle of beacons.  Let
alone those wireless systems that have disabled beacons.

If that database of wireless passwords also has the physical location of
the device, then the risks go up.

So the simple solution is to use your own AP, block SNMP access from the
worlds at your edge router, and the risk falls to zero.