Posts Tagged: isp

hacks / technical15 Comments
6
Oct 09

Nice life hack with Mediacom

Most of my close friends can tell you that I do not like Mediacom.  In fact, I hate most telcos in general.  But Mediacom holds a special place on my shit list.  They are particularly evil.

  • They have this thing where for the first year you get fair priced service.  $90ish for digital cable + broadband.  The only problem is that after a year, it jumps up to like $120.
  • A few years ago, they put in the DNS resolution stuff that sends you to their paid search results when you look up an invalid domain.  When they did this, they introduced frequent artificial outages that lasted for at least 3 weeks.  It didn’t take but an hour or 2 for me to figure this out, and I pointed my DNS resolution to Open DNS.  After that, I no longer had issues.  But everyone else that I knew with Mediacom continued to suffer.
  • Their customer support is just this side of worthless.  At one point, years ago I paid a few extra dollars for a static IP address.  The install kit did not contain my IP, subnet, gateway, etc.  I called customer support to get this required data.  The 1st and 2nd tier support did not know what a static IP was.  In fact, the 1st tier insisted that I did not want this anyhow.  Finally after about 30 min, I was sent to someone that knew the first thing about networking and I had my data.  Several times when I used their services, the customer support insisted that they dot not support Linux or non-M$ systems.
  • Their interface for their Digital Cable is non-intuitive.  If you press the up button while watching a channel, it goes up one (channel 13 –> 14 for example).  But, when you are navigating the guide pressing the up button results in going down a channel (channel 14–> 13).  I’m a little anal about GUIs, so that my be insignificant to most of you.

But back to the hack…

I had a friend who just got a new apartment.  This person called Mediacom and they quoted her $90 for Digital Cable + Internet.  The friend agreed.  After a couple days, the person changed their mind and canceled right before the installer arrived.  My friend had discovered an open Wi-Fi network nearby.  The next day, this person got a phone call from Mediacom.  They called to offer her the same package, but this time for $50.  Rock on.  That’s pretty cheap.

By canceling, the friend was placed on a cancellation or save list.  This enabled the person for significant discounts.

Cheers,
Jonathan

news / technicalNo Comments
31
Dec 08

Embarq does not care about your safety

Last month I was able to finesse my way into naked DSL. I know, a lot of ISPs offer this but here in Jefferson City Missouri, no one openly admits that it is possible. In fact, you have to talk to a special level of customer support called the “save desk” to get it. But this article is not about naked DSL. This article is about Embarq’s inadequate security measures.

In my prior DSL usages, the ADSL modem has more or less behaved as a bridge by default. This sucks because most users will just plug the device directly into their windows based PC, thus allowing the world to view their C$ share or other obvious Microsoft vulnerabilities (assuming you use Microsoft Windows). But Embarq did something different. Their device came configured more as a router. Typically, I would praise this type of behavior. However, I would soon change my mind.

I host this website over my DSL connection. So, I needed to test my configuration under the new ISP. I found my public IP and navigated to it. To my disgust this form came up.

embarq-1

Wow, this is bad. So, it appears that I have a remotely accessible administrative console on my new ADSL modem. So, I’m already pretty upset. But then I notice that the password is PRE-POPULATED for me. So without changing the password, I click “Login”. , I am now presented with a screen that tells me what the default password is (“1234″). This screen also prompts me to change my password. So, I change my password and press “Login”.

embarq-2

So, lets see what we can do now…

embarq-3

Ok, it looks like I can now modify any of the settings that a normal consumer grade router provides me.

There are many attacks that may be performed with this console, so many that I can not even begin to think about the possibilities.

After a beer or 2, I calmed down and convinced myself that a warning to change your password must have been included in the documentation. So, I read though all the documents that came with the ADSL router. Sure enough, there is no mention of this administrative console, nor is there mention that you need to change this password.

This all leads me to one conclusion… Embarq does not care about your safety.

Cheers,
Jonathan Forck