Comcast begins man-in-the-middle attacks to show copyright notices on websites

[JerkyMcDilerino]

Source: http://www.neowin.net/news/comcast-begin-man-in-the-middle-attacks-to-show-copyright-notices-on-websites

 

Privacy and security fears have been raised by a Californian based developer, Jarred Sumner, who posted Github that Comcast - a US-based ISP - is using a man-in-the-middle(MITM) attack to warn users of potential copyright infringements they may have committed.

 

The message reads:

 

" An important message from Comcast. As part of the Copyright Alert System operated by the Center for Copyright Information, a copyright owned has sent Comcast a notice claiming your internet service from Comcast was used to copy or share a movie, television program or song improperly. We have sent an e-mail with more information about this notice to the comcast.net e-mail address of the primary account holder in your household."

 

The code responsible for displaying the alert is called comcast.js and spans 237 lines of code. This sort of MITM attack is only possible when users connect to an insecture website over a HTTP connection.

 

 

Usually when you enter a URL a request is made to the server, which then responds and sends the websites source code, which the browser displays. What Comcast is doing however, is intercepting the users request and then passing it to the server, in turn the server returns the data to Comcast who then inject their code and relay the modified data to the user, who then sees the alert. Criminals in the past have used this attack to trick users into releasing private information.

Man-in-the-middle attacks can be mitigated by using the secure protocol HTTPS, unfortunately many websites do not support this protocol yet, or do not have it enabled by default if problems are likely to occur with the website. The Electronic Frontier Foundation maintains an extension called HTTPS Everywhere which tries to force connection to HTTPS to help prevent HTTP connections being hijacked.

Another method to mitigate this attack, is by being permanently connected to a VPN, this will ensure that your traffic is routed through a secure connection at all times, preventing Comcast from ever intercepting a connection it can tamper with.

Source: Github via ZDNet

 

This is unacceptable for ISP to perform man-in-man-attack strategy that hackers use to gain personal information and crucial data.  

[Lethal Seraph]

Real dick move comcast.

[Sidiox]

That is some really douchy stuff.... 

We could have expected it to happen though, they are douche bags afterall

[PlayStation 2]

That's when you block the traffic coming from NBCComcast's URLs.

[Whorax]

I think I bust a blood vessel every time I see a thread about Comcast on here because it's inevitably something horrible that they're doing that further makes me question how they're so successful as a company. <--that's a rhetorical questioning

[superjuddy]

I think I bust a blood vessel every time I see a thread about Comcast on here because it's inevitably something horrible that they're doing that further makes me question how they're so successful as a company.

They're successful because most apartments pretty much force us to use them. At least in my area. If I had a choice i'd pay more for someone who didn't give a shit if I torrented or not, and just let the government handlle it.

[petem]

Not enough competition to keep them honest and customer oriented 

[TheKDub]

They're successful because most apartments pretty much force us to use them. At least in my area. If I had a choice i'd pay more for someone who didn't give a shit if I torrented or not, and just let the government handlle it.

 

This ^, or because they're the only option in your area that offers speeds over like 10mb/s down... (Hurry the fuck up google fibre!)

[SansVarnic]

So if you used a vpn would it help to stop it? I would hope so.

[Derangel]

I think I bust a blood vessel every time I see a thread about Comcast on here because it's inevitably something horrible that they're doing that further makes me question how they're so successful as a company.

 

Because most people don't have a choice. Through buying out competitors and paying cities for exclusive access the internet market in the US has become totally fucked. The lack of any real competition is one of the reasons why our internet infrastructure is so terrible.

[Whorax]

They're successful because most apartments pretty much force us to use them. At least in my area. If I had a choice i'd pay more for someone who didn't give a shit if I torrented or not, and just let the government handlle it.

Because most people don't have a choice. Through buying out competitors and paying cities for exclusive access the internet market in the US has become totally fucked. The lack of any real competition is one of the reasons why our internet infrastructure is so terrible.

I know, it was more or less a rhetorical question.

[SSL]

Obviously this is Comcast protecting content creators who don't have the ability to protect themselves from copyright infringement and of course for whom the effects are the worst.

 

It couldn't have to do with the fact that Comcast owns NBCUniversal and therefore has a vested interest in curtailing the illegal sharing of movies and TV shows. No indeed!

[Ridska]

Alas , Yee can kiss internet freedom goodbye in the kisser if this goes any futher.

 

Mean while , im Ok with my ISP in here at finnland.

[Albatross]

Alas , Yee can kiss internet freedom goodbye in the kisser if this goes any futher.

 

Mean while , im Ok with my ISP in here at finnland.

 

With all the dodo birds out there who say "lol I have nothing to hide" or "who cares if they do this and that?" it is no wonder Comcast/etc can get away with what they do.

 

[Prysin]

With all the dodo birds out there who say "lol I have nothing to hide" or "who cares if they do this and that?" it is no wonder Comcast/etc can get away with what they do.

 

they say so, but so much of the stuff we do on a daily basis on the internet is in the gray area when it comes to copyright laws, that you could get sued just for sharing watermarked pictures.

And with the way the huge companies are acting (basically finding your video/song then put it up on their own site and then delivering a DMCA to the CREATOR.... yes, that has happened more then a few times)... well, the internet is turning into north korea if the US lobbyists have their way.

[Dabombinable]

they say so, but so much of the stuff we do on a daily basis on the internet is in the gray area when it comes to copyright laws, that you could get sued just for sharing watermarked pictures.

And with the way the huge companies are acting (basically finding your video/song then put it up on their own site and then delivering a DMCA to the CREATOR.... yes, that has happened more then a few times)... well, the internet is turning into north korea if the US lobbyists have their way.

Its at the point that people might as well say fuck it, buy a good internet connection (if they can), then host their own website off their own server-the pricks would need to come and physically erase the server since their DMCA abuse would be futile.

[Belgarathian]

It seems ComCast are on a real role of dick moves recently....

[Tech_Dreamer]

Meh, not the proper way to fight against copyright, but still they're trying atleast to alert the users , but not this way

[mikeeginger]

Dick move

Use HTTPS Everywhere

[suicidalfranco]

guys, there's nothing wrong with this to begin with. You got nothing to hide, right? And if you do, you're probably doing something illegal and are a terrorist or rapist. Just think about the children.

[Misanthrope]

Even if it was done by the police it could easily be construed as entrapment, basically blurs away the notion that Copyright "Law" has anything to do with the legal system and it's basically being dictated and now enforced by private citizens(Corporations) with 0 fucking authority because fuck laws that's why.

[Trik'Stari]

guys, there's nothing wrong with this to begin with. You got nothing to hide, right? And if you do, you're probably doing something illegal and are a terrorist or rapist. Just think about the children.

^this.

 

Also, never mind that Comcast is one of the most egregious ISP's in the US.

 

Even if it was done by the police it could easily be construed as entrapment, basically blurs away the notion that Copyright "Law" has anything to do with the legal system and it's basically being dictated and now enforced by private citizens(Corporations) with 0 fucking authority because fuck laws that's why.

 

^also this.

[Blade of Grass]

Even if it was done by the police it could easily be construed as entrapment, basically blurs away the notion that Copyright "Law" has anything to do with the legal system and it's basically being dictated and now enforced by private citizens(Corporations) with 0 fucking authority because fuck laws that's why.

How is this entrapment? :huh:

Also, what are they enforcing? From what I see, this is just a notice being injected into a page.

Now, I don't agree with them injecting scripts into pages without the users permission, but we're not going to win this fight by making outlandish claims.

[GoodBytes]

I have realized that you love copy and pasting news from other sites as your own.

This is called plagiarism. This is not allowed in the Tech News section.

Please use quotes on thing you copy over, and explain the news in your own words. I moved the news under General Discussion until you fix your post. (PM me when you do so that I can move it back to the Tech News section).

Please read the Tech News guideline: http://linustechtips.com/main/topic/11724-read-before-posting-in-this-section/

[IReallyShouldBeWorking]

Really... Comcast is horrible. Only if it wasn't the only provider to offer 150M down i wouldn't care and switch but i would rather take 150 over the 10 that fairpoint has in this area (not saying they are a nice company either) those are the options I'm stuck with.