News Philly-area readers will be happy to hear!

King of Prussia – The Pennsylvania Department of Transportation will take advantage of dry, seasonable temperatures this weekend (Feb. 22-23) to patch potholes on state highways in the five-county Philadelphia region.

“The weather this weekend provides us with an opportunity to reduce the number of potholes on state highways in the region and to make permanent repairs with hot asphalt since temperatures will rise above 40 degrees,” PennDOT District Executive Lester C. Toaso said.

“We have been filling potholes since their premature outbreak in early January whenever crews have not been responding to the steady string of snow and ice storms in the region,” Toaso added. “During this time, we primarily filled holes with cold patch, a material used in the winter when hot asphalt is not available. Unfortunately, the harsh winter season undid many of these patches, but we will work aggressively to make permanent repairs.”

Yesterday (Feb. 20), nearly 40 PennDOT crews patched state roads in the Philadelphia region with hot asphalt.

The severe and early outbreak of potholes resulted from snow and ice seeping into pavements and temperature swings above and below the freezing mark.

A pothole develops when water penetrates into a roadway through pavement cracks and then freezes and expands, knocking loose small pieces of pavement. As cars and trucks ride over the area, cracks enlarge, more water enters and the cycle repeats itself to the point where the pavement fails.

Citizens can report potholes on state highways by calling 1-800-FIX-ROAD (I-800-349-7623).

Motorists can check conditions on major roadways by visiting www.511PA.com. 511PA, which is free and available 24 hours a day, provides traffic delay warnings, weather forecasts, traffic speed information and access to more than 680 traffic cameras. 511PA is also available by calling 5-1-1, and regional Twitter alerts are available on the 511PA website.

Just part of the joy that is being a Comcast customer! Click on the link, read the whole thing:

Are you a Comcast customer? Please change your password.

On February 6, NullCrew FTS hacked into at least 34 of Comcast’s servers and published a list of the company’s mail servers and a link to the root file with the vulnerability it used to penetrate the system on Pastebin.

Comcast, the largest internet service provider in the United States, ignored news of the serious breach in press and media for over 24 hours — only when the Pastebin page was removed did the company issue a statement, and even then, it only spoke to a sympathetic B2B outlet.

During that 24 hours, Comcast stayed silent, and the veritable “keys to the kingdom” sat out in the open internet, ripe for the taking by any malicious entity with a little know-how around mail servers and selling or exploiting customer data.

Comcast customers have not been not told to reset their passwords. But they should.

Once NullCrew FTS openly hacked at least 24 Comcast mail servers, and the recipe was publicly posted, the servers began to take a beating. Customers in Comcast’s janky, hard-to-find, 1996-style forums knew something was wrong, and forum posts reflected the slowness, the up and down servers, and the eventual crashing.

The telecom giant ignored press requests for comment and released a limited statement on February 7 — to Comcast-friendly outlet, broadband and B2B website Multichannel News.

The day-late statement failed to impress the few who saw it, and was criticized for its minimizing language and weak attempt to suggest that the breach had been unsuccessful.

From Comcast’s statement on Multichannel’s post No Evidence That Personal Sub Info Obtained By Mail Server Hack:

Comcast said it is investigating a claim by a hacker group that claims to have broken into a batch of the MSO email servers, but believes that no personal subscriber data was obtained as a result.

“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said. “We take our customers’ privacy and security very seriously, and we currently have no evidence to suggest any personal customer information was obtained in this incident.”

Not only is there a high probability that customer information was exposed — because direct access was provided to the public for 24 hours — but the vulnerability exploited by the attackers was disclosed and fixed in December 2013.

Just not by Comcast, apparently.

Vulnerability reported December 2013, not patched by Comcast
NullCrew FTS used the unpatched security vulnerability CVE-2013-7091 to open what was essentially an unlocked door for anyone access to usernames, passwords, and other sensitive details from Comcast’s servers.

NullCrew FTS used a Local File Inclusion (LFI) exploit to gain access to the Zimbra LDAP and MySQL database — which houses the usernames and passwords of Comcast ISP users.

“Fun Fact: 34 Comcast mail servers are victims to one exploit,” tweeted NullCrew FTS.

If you are a Comcast customer, you are at risk: All Comcast internet service includes a master email address.

Even if a customer doesn’t use Comcast’s Xfinity mail service, every Comcast ISP user has a master email account with which to manage their services, and it is accessible through a “Zimbra” webmail site.

This account is used to access payment information, email settings, user account creation and settings, and any purchases from Comcast’s store or among its services.

With access to this master email address, someone can give up to six “household members” access to the Comcast account.

NullCrew taunted Comcast on Twitter, then posted the data on Pastebin and taunted the company a little bit more.

Because there were “no passwords” on the Pastebin, some observers believed — incorrectly — that there was no serious risk for exploitation of sensitive customer information.

I didn’t know this, and I’ll bet you didn’t, either:

The website is getting slammed. You’re better off doing it over the phone:

Obama administration officials acknowledged Monday that they made an 11th-hour change in rules for the federal health insurance exchange to allow Americans to enroll in health plans through Christmas Eve — 24 hours later than advertised — and still get coverage that begins on New Year’s Day.

The switch occurred in the form of a software change that government officials and IT contractors inserted into the computer system over the weekend for the online insurance marketplace. Anyone who finishes enrolling by 11:59 p.m. Tuesday will have insurance on Jan. 1, the first day it becomes available.

I try not to think about these things. Ugh.

Don’t forget to turn your clocks back one hour after 2 a.m.!