All posts by Moderator

Comcast is leaking the names and passwords of customers’ wireless routers

Comcast has just been caught in a major security snafu: revealing the passwords of its customers’ Xfinity-provided wireless routers in plaintext on the web. Anyone with a subscriber’s account number and street address number will be served up the Wi-Fi name and password via the company’s Xfinity internet activation service.

Security researchers Karan Saini and Ryan Stevenson reported the issue to ZDnet.

The site is meant to help people setting up their internet for the first time: ideally, you put in your data, and Comcast sends back the router credentials while activating the service.

The problem is threefold:

  1. You can “activate” an account that’s already active
  2. The data required to do so is minimal and it is not verified via text or email
  3. The wireless name and password are sent on the web in plaintext

This means that anyone with your account number and street address number (e.g. the 1425 in “1425 Alder Ave,” no street name, city, or apartment number needed), both of which can be found on your paper bill or in an email, will instantly be given your router’s SSID and password, allowing them to log in and use it however they like or monitor its traffic. They could also rename the router’s network or change its password, locking out subscribers.

This only affects people who use a router provided by Xfinity/Comcast, which comes with its own name and password built in. Though it also returns custom SSIDs and passwords, since they’re synced with your account and can be changed via app and other methods.

What can you do? While this problem is at large, it’s no good changing your password — Comcast will just provide any malicious actor the new one. So until further notice all of Comcast’s Xfinity customers with routers provided by the company are at risk.

One thing you can do for now is treat your home network as if it is a public one — if you must use it, make sure encryption is enabled if you conduct any private business like buying things online. What will likely happen is Comcast will issue a notice and ask users to change their router passwords at large.

Another is to buy your own router — this is a good idea anyway, as it will pay for itself in a few months and you can do more stuff with it. Which to buy and how to install it, however, are beyond the scope of this article. But if you’re really worried, you could conceivably fix this security issue today by bringing your own hardware to the bargain.

I’ve contacted the company for comment and will update when I hear back.

Uizard raises funds for its AI that turns design mockups into source code

When you’re trying to build apps, there is a very tedious point where you have to stare at a wireframe and then laboriously turn it into code. Actually, the process itself is highly repetitive and ought to be much easier. The traditional software development from front-end design to front-end html/css development to working code is expensive, time-consuming, tedious and repetitive.

But most approaches to solving this problem have been more complex than they need to be. What if you could just turn wireframes straight into code and then devote your time to the more complex aspects of a build?

That’s the idea behind a Copenhagen-based startup called Uizard.

Uizard’s computer vision and AI platform claims to be able to automatically turn design mockups — and this could be on the back of napkin — into source code that developers can plug into their backend code.

It’s now raised an $800,000 pre-seed round led by New York-based LDV Capital with co-investors ByFounders, The Nordic Web Ventures, 7percent Ventures, New York Venture Partners, entrepreneur Peter Stern (co-founder of Datek) and Philipp Moehring and Andy Chung from AngelList . This fundraising will be used to grow the team and launch the beta product.

The company received interest in June 2017 when they released their first research milestone dubbed “pix2code” and implementation on GitHub was the second-mosttrending project of June 2017 ahead of Facebook Prepack and Google TensorFlow.