• Get involved.
    We want your input!
    Apply for Membership and join the conversations about everything related to broadcasting.

    After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
    If you use a disposable or false email address, your registration will be rejected.

    After your membership is approved, please take a minute to tell us a little bit about yourself.
    https://www.radiodiscussions.com/forums/introduce-yourself.1088/

    Thanks in advance and have fun!
    RadioDiscussions Administrators

Comcast's Xfinity flags data breach


The unauthorized access led to customer information that was "likely acquired", including usernames, hashed passwords, contact details and last four digits of social security numbers, the company said.


The data breach was due to a Citrix software vulnerability, the company said, adding that the software-related risk was now resolved.


Note the breach affects 36 million customers in this follow up.
 
And to think they preach to us about the need to keep OUR network secure :rolleyes:

Now hopefully this will teach them to STFU & PRACTICE what they PREACH for once :devilish:
 
And to think they preach to us about the need to keep OUR network secure :rolleyes:

Now hopefully this will teach them to STFU & PRACTICE what they PREACH for once :devilish:
Far be it from me to defend Xfinity/Comcast, which is a company I don't much care for, but I've had experience with configuring Citrix servers and they can be very hard to secure. The basic problem has been that Citrix has numerous defaults that are insecure and not really appropriate for a platform intended to provide screen access only. For example, at least once upon a time, the Citrix default was to allow Windows drivers on the secure side of the connection to be mounted through the Citrix server...which defeats the purpose of the server to begin with. Possibly that has changed. One has to nail down all the configuration settings, and it's easy to miss one.

Xfinity/Comcast does have a robust two-factor authentication platform, although their messaging around it can be unclear to a consumer-grade user. They are doing the right thing by encouraging people to use it for logging into the Xfinity/Comcast management/email portal. They probably should make it the default but likely they're concerned about the customer support calls that would be triggered as a result.
 
Status
This thread has been closed due to inactivity. You can create a new thread to discuss this topic.


Back
Top Bottom