Can Comcast data files be broken into easily?

Discussion in 'Computer Security' started by Edw. Peach, Dec 28, 2005.

  1. Edw. Peach

    Edw. Peach Guest

    I have been with Comcast for some years now. I use a few of my email
    accounts through them. I've noticed that with my primary account I
    suddenly start getting crap mail at a point. This first happened a
    few years ago when I started getting email to an account I never use
    for mail, only as my primary account. It had a real oddball name with
    numbers and I've never used that particular name anywhere else, ever.
    Earlier this year I changed my primary account to a different user
    name and deleted that old one. The new account I chose as my primary
    account is one I only use for family members and very close personal
    friends. Now I'm starting to get advertising on this one. I don't
    get it. The only thing that would explain this is that someone hacked
    into Comcast's accounts and gets the names that way. I'm tempted to
    ask Comcast but hesitate because I'm sure they don't want it known if
    such incidents do occur.

    How possible is this, that someone hacks into their primary accounts
    and harvests the primary email account names?
    Edw. Peach, Dec 28, 2005
    #1
    1. Advertising

  2. Edw. Peach

    Robert Haar Guest

    On 2005/12/28 8:41 AM, "Edw. Peach" <> wrote:

    > How possible is this, that someone hacks into their primary accounts
    > and harvests the primary email account names?


    It is possible that someone has hacked into Comcast's systems that hold the
    user account information. No system is or can be totally secure.

    I think it is just as likely that someone has sold the list of Comcast
    customers to spammers.
    Robert Haar, Dec 28, 2005
    #2
    1. Advertising

  3. Edw. Peach

    Bit Twister Guest

    On Wed, 28 Dec 2005 08:41:49 -0500, Edw Peach wrote:

    > The new account I chose as my primary
    > account is one I only use for family members and very close personal
    > friends. Now I'm starting to get advertising on this one. I don't
    > get it. The only thing that would explain this is that someone hacked
    > into Comcast's accounts and gets the names that way.


    Most likely not. Spammers have bots which crawl the internet and snarf
    email addresses from web pages, usenet posts and other places.
    Also, malware (viruses, trojans, worms,...) can check files on the
    computer for email addresses and mail them home to the malware owner.

    That is why I have seperate trash email accounts for friends,
    ebusiness, family,...

    That way if spam starts showing up, I have a group of people to notify
    that they may be infected. I have never used the primary email addy
    for anything until this Usenet auth bs. :(

    Once the spammer has a list of email addies he will strip the name off the
    domain and add all the major ISP's comain and see how many new email
    addies are found.

    Example: ,.....

    That is why I create email addy like

    A note here. Anytime you create a bogus email/domain address, you need to
    make it something like lid.
    That way it can be trashed by the postmasters receiving it very easily.

    There is a real none.net. whois none.net snippet follows:

    domain: none.net
    owner-name: nonenet
    owner-address: 138 boulevard du chat qui ronronne
    owner-address: F-75022, Paris
    owner-address: France


    Your post could cause extra work for the none.net postmaster. :(
    Unless you realy have a none.net email account. :)
    Bit Twister, Dec 28, 2005
    #3
  4. Edw. Peach

    Donnie Guest

    "Edw. Peach" <> wrote in message
    news:...
    > I have been with Comcast for some years now. I use a few of my email
    > accounts through them. I've noticed that with my primary account I
    > suddenly start getting crap mail at a point. This first happened a
    > few years ago when I started getting email to an account I never use
    > for mail, only as my primary account. It had a real oddball name with
    > numbers and I've never used that particular name anywhere else, ever.
    > Earlier this year I changed my primary account to a different user
    > name and deleted that old one. The new account I chose as my primary
    > account is one I only use for family members and very close personal
    > friends. Now I'm starting to get advertising on this one. I don't
    > get it. The only thing that would explain this is that someone hacked
    > into Comcast's accounts and gets the names that way. I'm tempted to
    > ask Comcast but hesitate because I'm sure they don't want it known if
    > such incidents do occur.
    >
    > How possible is this, that someone hacks into their primary accounts
    > and harvests the primary email account names?

    #######################################
    Search google or email harvesters. Accounts aren't always "hacked"
    donnie.
    Donnie, Dec 29, 2005
    #4
  5. Edw. Peach

    Edw. Peach Guest

    I did call Comcast and the technician told me that probably someone's
    address book was stolen. The funny thing is I only use this one
    account for two family members and perhaps five friends. I NEVER use
    it online or have anybody else write me with it. I have other
    accounts for that.

    My account has other personalities and those don't get nailed. I use
    those accounts quite a bit, one for business.

    My first account that was getting this mail was even stranger because
    I never used it for email except for dealing with Comcast. That's why
    I thought the system/database might have been cracked at Comcast.

    The mail I'm getting isn't all spam. Some of it seems to be fragments
    of conversations. I really don't get this at all.

    Here's one I got:

    "Hi
    Want to know if australis was in the therefor or with the
    jocose.
    Let me know
    Jewel "

    My address was added as a CC with about 15 other names.

    Any ideas on this?
    Edw. Peach, Dec 29, 2005
    #5
  6. Edw. Peach

    Robert Haar Guest

    On 2005/12/29 7:45 AM, "Edw. Peach" <> wrote:

    > I did call Comcast and the technician told me that probably someone's
    > address book was stolen. The funny thing is I only use this one
    > account for two family members and perhaps five friends. I NEVER use
    > it online or have anybody else write me with it. I have other
    > accounts for that.
    >
    > My account has other personalities and those don't get nailed. I use
    > those accounts quite a bit, one for business.
    >
    > My first account that was getting this mail was even stranger because
    > I never used it for email except for dealing with Comcast. That's why
    > I thought the system/database might have been cracked at Comcast.


    I have NEVER used my primary Comcast account for sending email, nor have I
    given it out to ANYONE. As a result, I have received no spam on that
    account, unless you include the Comcast advertising. I did create several
    secondary accounts and use different addresses for different purposes. All
    of them get SPAM to some extent.

    I am inclined to agree with the Comcast technician. I you ever use or give
    out an email address, it is at risk for harvesting by spammers. Even if it
    just a return address on an email sitting in the inbox of a trusted friend,
    that computer could be infected by malware and report out everything that
    looks like an email address to some spammer.
    Robert Haar, Dec 29, 2005
    #6
  7. Edw. Peach

    Moe Trin Guest

    On Wed, 28 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
    <>, Bit Twister wrote:

    >Edw Peach wrote:


    >> The only thing that would explain this is that someone hacked
    >> into Comcast's accounts and gets the names that way.


    >Most likely not.


    Agreed. I know of one disgruntled ex-employee of an ISP that had taken a
    copy of the passwd file, and sold the (~100k) usernames, but even that is
    pretty rare, mainly because the spammer pays very little.

    >Spammers have bots which crawl the internet and snarf email addresses from
    >web pages, usenet posts and other places.


    Another tactic has been grabbing names out of the telephone book, and trying
    those with common alterations (lastname + initial or digit for example).

    >Also, malware (viruses, trojans, worms,...) can check files on the
    >computer for email addresses and mail them home to the malware owner.


    Haven't seen that very often - it's more likely to result in a denial of
    service (mail bomb) attack on the server where the klown is collecting
    the data, given the speed that the common malware goes through the
    dumb user community.

    >That is why I have seperate trash email accounts for friends,
    >ebusiness, family,...


    Good concept

    >That way if spam starts showing up, I have a group of people to notify
    >that they may be infected. I have never used the primary email addy
    >for anything until this Usenet auth bs. :(


    It used to be that we'd use /dev/random to create passwords for new
    accounts with the usernames being the common first initial + last name
    or last name + first initial or a number. Now, I'm using /dev/random
    to create public usernames, so they won't be found by dictionary attacks.

    >Once the spammer has a list of email addies he will strip the name off the
    >domain and add all the major ISP's comain and see how many new email
    >addies are found.


    head -2 /dev/random | uuencode ZZZZ

    head -2 /dev/random | mimencode

    then take the first 10 or twenty characters of the result. Only problem
    is that usernames _MUST_ begin with a letter.

    >A note here. Anytime you create a bogus email/domain address, you need to
    >make it something like lid.
    >That way it can be trashed by the postmasters receiving it very easily.


    http://www.faqs.org/faqs/net-abuse-faq/munging-address/

    Using the 'invalid' domain causes the sending mail server to reject the
    mail, because there never will be a top level domain with that name.
    RFC2606 also lists 'test', 'example' and 'localhost', though 'invalid' is
    the one recommended. The RFC also lists 'example.com', 'example.net' and
    'example.org' as safe names to use when munging. Unfortunately, many
    people grab some witty name out of mid-air, and think that it's OK,
    without making any effort to see if it's not a real name used by some
    company or organization. Using 'ping candidate.domain' is not a reliable
    test, nor is attempting to connect to 'www.candidate.domain' - use 'whois'
    data instead.

    >There is a real none.net. whois none.net snippet follows:


    as well as a lot of other domain names people use for munging.

    Old guy
    Moe Trin, Dec 29, 2005
    #7
  8. Edw. Peach

    TwistyCreek Guest

    Robert Haar wrote:

    > I am inclined to agree with the Comcast technician. I you ever use or give
    > out an email address, it is at risk for harvesting by spammers. Even if it
    > just a return address on an email sitting in the inbox of a trusted
    > friend, that computer could be infected by malware and report out
    > everything that looks like an email address to some spammer.


    That's just part of it. Even if nobody you send an email to ever falls
    victim to a worm or someone swiping their address book to sell to
    spammers, you return address is in the clear on every email you send. Even
    if it's encrypted. And even if you "munge" your From header and include
    your real email in an encrypted message body, if anyone replies to you
    your real email address is visible.

    If you think there aren't underpaid techs at various points along the way
    between you and people who you email with the know how to snarf addresses
    and the motivation to mess with it, you're a fool.
    TwistyCreek, Dec 29, 2005
    #8
  9. Edw. Peach

    Donnie Guest


    > My address was added as a CC with about 15 other names.
    >
    > Any ideas on this?

    #############################
    Did you recognize any of the other names?
    donnie.
    Donnie, Dec 30, 2005
    #9
  10. Edw. Peach

    Dave Keays Guest

    Edw. Peach wrote:
    > I have been with Comcast for some years now. I use a few of my email
    > accounts through them. I've noticed that with my primary account I
    > suddenly start getting crap mail at a point. This first happened a
    > few years ago when I started getting email to an account I never use
    > for mail, only as my primary account. It had a real oddball name with
    > numbers and I've never used that particular name anywhere else, ever.
    > Earlier this year I changed my primary account to a different user
    > name and deleted that old one. The new account I chose as my primary
    > account is one I only use for family members and very close personal
    > friends. Now I'm starting to get advertising on this one. I don't
    > get it. The only thing that would explain this is that someone hacked
    > into Comcast's accounts and gets the names that way. I'm tempted to
    > ask Comcast but hesitate because I'm sure they don't want it known if
    > such incidents do occur.
    >
    > How possible is this, that someone hacks into their primary accounts
    > and harvests the primary email account names?


    Are any of those friends or family people who send jokes or pretty pictures to
    everybody in their addressbook? I know I've got a few friends like that and I've
    never been able to persuade them to take me off their list.

    So if one person on that list is infected, all people on that list are vulnerable.

    What about dictionary attacks like other posters suggested?

    SBC has a system where you can add additional email addresses and drop them
    later when you want to. I've also seen people use web-based email accounts
    (YAHOO, GMAIL, ...) to do this.

    You might set-up an account with Yahoo and filter the hell out of your main
    account (assuming your ISP has filtering capabilities), tell your friends/family
    about this address by snail mail or mouth. When that Yahoo account starts
    getting spam, drop it and set-up another one.

    I've also setup an address for anything I want to communicate back to me.
    Newsletters, ecommerce validations, etc.

    I use the public sink "mailinator.com" when I join a newsgroup. I wish I had
    done that years ago. If I only knew better then, my main address wouldn't be so
    useless now.

    --

    Dave Keays
    Dave Keays, Dec 30, 2005
    #10
  11. Edw. Peach

    Edw. Peach Guest

    Of course not. ;)
    Edw. Peach, Dec 30, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. david ramon

    Re: "Comcast Mail" <>

    david ramon, Oct 22, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    1,004
    trout
    Oct 22, 2003
  2. Gord Stephan

    cannot share files easily

    Gord Stephan, Apr 27, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    404
  3. Norm
    Replies:
    2
    Views:
    484
    The Great Attractor
    May 22, 2007
  4. Carlos

    Remove pre-SP1 files easily

    Carlos, Apr 8, 2008, in forum: Windows 64bit
    Replies:
    2
    Views:
    454
    Carlos
    Apr 8, 2008
  5. EMB
    Replies:
    2
    Views:
    272
    Gordon
    Aug 30, 2008
Loading...

Share This Page