Porn flick about Comcast would be called ‘Insatiable’

Swamp Rabbit and I were reading that Comcast, the nation’s No. 1 cable provider, has bought out Time Warner Cable, the No. 2 provider. I wondered aloud what’s become of the Federal Communications Commission, the outfit that is supposed to prevent media corporations from establishing monopolies that exploit consumers. And where is the so-called Department of Justice? These questions are at least as old as the 1980s, when Ben Bagdikian wrote The Media Monopoly.

“The FCC done got neutered,” the rabbit said. “I been livin’ in this swamp for years, but I know that. Where you been?”

Good question. I try to keep up with change, but I can’t figure out how the feds justify allowing companies like Comcast to make such crudely obvious power grabs. It’s hard to overestimate the effect of Comcast’s multimillion-dollar lobbying efforts, or the power of David Cohen, Comcast’s executive vice president. But still…

Here’s part of the explanation, from Guardian UK’s Dan Gilmor:

America’s cable companies grew up in the cozy embrace of local governments that gave them monopoly franchises, which they’ve expanded over the years via mergers and acquisitions, not just normal growth. The noncompetitive local franchise model means that when one cable giant buys another, the customers generally have the same choices as before for subscription TV (cable or satellite) and internet service (cable or phone company DSL).

Whose interest is served by such a deal? The shareholders of TWC and Comcast would be thrilled, for sure. So would the NSA and other surveillance statists, who would undoubtedly be happiest if we reverted to the era when a single behemoth telecommunications enterprise served, for all practical purposes, as an arm of the spy services.

The other main winners would be the remaining telecom “competitors” that would be part of an ever-cozier oligopoly of enterprises that upgrade reluctantly and, compared to providers in other developed nations, grossly overcharge their customers. So look for more mergers, even less user privacy, higher prices and – if this is possible for the generally loathed cable companies – even worse service.

Call it the reality of pervasive political corruption. As City Paper’s Daniel Denvir wrote:

Philadelphia’s elected officials will no doubt line up to back Comcast, which recently announced its plans to build a second (taxpayer-subsidized) skyscraper here in its hometown. This is a company that works hard to make political friends, and which is energetically supporting Gov. Tom Corbett’s imperiled reelection campaign.

But still… Isn’t it the job of the feds to make sure gluttonous corporations don’t morph into entities so powerful they can crush competition by buying the people who write the laws? And wasn’t that a naive question?

Maybe the current FCC commissioners and the DoJ have decided today’s media monsters are too big for quaint anti-trust laws. We should know by the end of the year.

Change your Comcast password

Comcast buys Time Warner Cable

Just part of the joy that is being a Comcast customer! Click on the link, read the whole thing:

Are you a Comcast customer? Please change your password.

On February 6, NullCrew FTS hacked into at least 34 of Comcast’s servers and published a list of the company’s mail servers and a link to the root file with the vulnerability it used to penetrate the system on Pastebin.

Comcast, the largest internet service provider in the United States, ignored news of the serious breach in press and media for over 24 hours — only when the Pastebin page was removed did the company issue a statement, and even then, it only spoke to a sympathetic B2B outlet.

During that 24 hours, Comcast stayed silent, and the veritable “keys to the kingdom” sat out in the open internet, ripe for the taking by any malicious entity with a little know-how around mail servers and selling or exploiting customer data.

Comcast customers have not been not told to reset their passwords. But they should.

Once NullCrew FTS openly hacked at least 24 Comcast mail servers, and the recipe was publicly posted, the servers began to take a beating. Customers in Comcast’s janky, hard-to-find, 1996-style forums knew something was wrong, and forum posts reflected the slowness, the up and down servers, and the eventual crashing.

The telecom giant ignored press requests for comment and released a limited statement on February 7 — to Comcast-friendly outlet, broadband and B2B website Multichannel News.

The day-late statement failed to impress the few who saw it, and was criticized for its minimizing language and weak attempt to suggest that the breach had been unsuccessful.

From Comcast’s statement on Multichannel’s post No Evidence That Personal Sub Info Obtained By Mail Server Hack:

Comcast said it is investigating a claim by a hacker group that claims to have broken into a batch of the MSO email servers, but believes that no personal subscriber data was obtained as a result.

“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said. “We take our customers’ privacy and security very seriously, and we currently have no evidence to suggest any personal customer information was obtained in this incident.”

Not only is there a high probability that customer information was exposed — because direct access was provided to the public for 24 hours — but the vulnerability exploited by the attackers was disclosed and fixed in December 2013.

Just not by Comcast, apparently.

Vulnerability reported December 2013, not patched by Comcast
NullCrew FTS used the unpatched security vulnerability CVE-2013-7091 to open what was essentially an unlocked door for anyone access to usernames, passwords, and other sensitive details from Comcast’s servers.

NullCrew FTS used a Local File Inclusion (LFI) exploit to gain access to the Zimbra LDAP and MySQL database — which houses the usernames and passwords of Comcast ISP users.

“Fun Fact: 34 Comcast mail servers are victims to one exploit,” tweeted NullCrew FTS.

If you are a Comcast customer, you are at risk: All Comcast internet service includes a master email address.

Even if a customer doesn’t use Comcast’s Xfinity mail service, every Comcast ISP user has a master email account with which to manage their services, and it is accessible through a “Zimbra” webmail site.

This account is used to access payment information, email settings, user account creation and settings, and any purchases from Comcast’s store or among its services.

With access to this master email address, someone can give up to six “household members” access to the Comcast account.

NullCrew taunted Comcast on Twitter, then posted the data on Pastebin and taunted the company a little bit more.

Because there were “no passwords” on the Pastebin, some observers believed — incorrectly — that there was no serious risk for exploitation of sensitive customer information.

Polaroids

As they went overboard
He turned and held up a card
And it said ‘Valentine.’

Shawn Colvin:

Open thread

Carl Jung says that when you fall in love, you’re seeing yourself enhanced and expanded through your lover’s eyes — that you’re really falling in love with yourself. Complicated, right?

Who was the love of your life?

Valentine’s Day

I was in the Rite-Aid Wednesday night (out of light bulbs again — I don’t know why but those “long life” bulbs never last longer than a couple of months for me) and the place was mobbed with men buying Valentine cards and gifts. “I don’t know if we’ll be able to dig out by Friday night, and if I don’t have anything for her, my wife will kill me,” one man told the cashier.

Which reminded me of this Steve Earle song. He wrote it for his then-wife when he was under house arrest and forget to pick up a present when he was allowed out of the house:

Site Meter