Need help for argument with Comcast



  • We have a customer that had Comcast VoIP phone service installed a couple of months ago.

    Yesterday they received a bill that shows $600 in voice charges to Taiwan. When they called Comcast to ask what that was all about; Comcast told them Ext #XXX was hacked and they are responsible for the charges because they did not use a strong enough password for their SIP accounts.

    Now, there isn't anyone at this office that even knows what SIP or VoIP stand for, and they do not know how the phones are even working with the big 'ol PBX gone from the back room.

    So I think it's safe to say, these are lay people who have no idea about VoIP.

    Comcast provided the phones, the VoiceEdge Router, and the service.

    The people know how to answer calls, dial out, and listen to their Voicemail.

    I can see how it is the end user's error that allowed someone access to a SIP account.

    I am looking for $500,000 for a 5% stake in my company, Oh wait, that's Shark Tank!

    I am looking for the right words, in the right order to tell comcast to shove it and eat the charges. And make them do it.

    Thanks.



  • @JasGot said in Need help for argument with Comcast:

    Comcast provided the phones, the VoiceEdge Router, and the service.

    Do you have access to change anything?



  • @JasGot said in Need help for argument with Comcast:

    So I think it's safe to say, these are lay people who have no idea about VoIP.

    While true, and we all know that it is almost certainly not your customer's fault, this is completely irrelevant.



  • @JasGot said in Need help for argument with Comcast:

    Comcast VoIP

    Which service? That will likely matter a lot.

    https://business.comcast.com/learn/phone



  • Who set this up? I mean I can't imagine that the customer set this up - if Comcast set default passwords that were weak, I would say that's on them.



  • @JasGot said in Need help for argument with Comcast:

    Yesterday they received a bill that shows $600 in voice charges to Taiwan. When they called Comcast to ask what that was all about; Comcast told them Ext #XXX was hacked and they are responsible for the charges because they did not use a strong enough password for their SIP accounts.

    That's kind of how it works. Comcast makes money putting their customers at risk. They are a bad company with bad service and have no business offerings (their phones are a consumer service sold to businesses that don't look into things), I know of no situation where it would be okay to use at home or at work. The cost is astronomic and they make all IT side issues fall on the client, they don't provide support. So it is up to every Comcast user (home or business) to hire and IT department to manage the phones and phone processes and be aware of VoIP.

    Sadly, the customer opted to be their own IT department when choosing Comcast and essentially accepted responsibility for these kinds of issues. This is why something like phones should never, ever be handled without IT overseeing it. Trying to bypass IT and get a "free pass" to not pay for that security and knowledge will always result in companies like Comcast taking advantage and hackers targeting them.

    In a system like the one that you offer, there are four critical ways that they would have been protected:

    1. Good passwords, not easy ones.
    2. Firewall and Intrusion Detection mechanisms.
    3. Abuse limiting on the phone account.
    4. International calling off by default.

    That's a LOT of things to have been skipped or to have gone wrong here for this to have happened in this day and age.



  • @JasGot said in Need help for argument with Comcast:

    So I think it's safe to say, these are lay people who have no idea about VoIP.

    But they opted to be their own IT. What they know or understand doesn't matter because they decided to be their own IT.

    It's like going to the pharmacy and just taking medication then finding out it hurts you or doesn't do what you thought - if you don't know your ailment and medications you are supposed to talk to a doctor and a pharmacist. There's nothing wrong with not being your own doctor, and there's no expectation of you being one, but if you opt to take things into your own hands, that's your decision but you are accountable for that decision.



  • @JasGot said in Need help for argument with Comcast:

    Comcast provided the phones, the VoiceEdge Router, and the service.

    Right, but not the IT, security, consulting, oversight, or knowledge. None of the pieces that provide protection.



  • @JasGot said in Need help for argument with Comcast:

    I am looking for the right words, in the right order to tell comcast to shove it and eat the charges. And make them do it.

    There really aren't any. They can try, but this truly is 100% on the customer. Why did they choose such a costly, risky service if they weren't looking to take the responsibility that goes with it?



  • @JaredBusch said in Need help for argument with Comcast:

    @JasGot said in Need help for argument with Comcast:

    So I think it's safe to say, these are lay people who have no idea about VoIP.

    While true, and we all know that it is almost certainly not your customer's fault, this is completely irrelevant.

    Well, at some point, they opted to not hire someone to oversee this and/or to not learn about it themselves.

    Unless they put some security in place that was bypassed, it certainly sounds like their fault. Did they request that International calling be turned off? Did they manage their passwords well?

    Sure, Comcast could have done these things, but Comcast's whole selling point is that they are high cost and don't look after you at all. That's their service offering. If customers opt for that and there isn't any false claims, it really would be their fault.



  • @Dashrender said in Need help for argument with Comcast:

    Who set this up? I mean I can't imagine that the customer set this up - if Comcast set default passwords that were weak, I would say that's on them.

    Maybe. And one can hope. BUT, any system with passwords it is up to the end IT department to not accept default passwords. It's never the hardware vendor's job to do that. Comcast doesn't do the end point support, that's past their demarc. So unless Comcast doesn't allow them to set passwords, then it's not Comcast's job to secure the passwords because that's not on their portion of the support.

    We deal with Comcast every day. Customers choose them primarily because they think that they'll get some magic deal without having to learn anything, pay anyone for advice, and without shopping around and doing their due diligence. None of those things are things that make it Comcast's fault. Is Comcast's service bad? Yeah, it's the worst. The absolute worsts. High cost, no support, no features, not even a business class product. Just consumer lines sold to businesses. It's a bare bones service that isn't good for anyone. But customers flock to it. So really, Comcast is delivering the service that their customers demand. They are voting with their wallets. Why? No idea, but they do.

    So unless Comcast has somehow not provided what they said that they would do, and I've never had them claim that they provided security, support, IT, etc. to date, then no, it's not Comcast's problem.



  • @JaredBusch said in Need help for argument with Comcast:

    o you have access to change anything?

    Only their VM password.



  • @JaredBusch said in Need help for argument with Comcast:

    While true, and we all know that it is almost certainly not your customer's fault, this is completely irrelevant.

    It's not irrelevant from the stand point I said this so you would understand they have no knowledge. That statement was for your benefit in this discussion.



  • @JasGot said in Need help for argument with Comcast:

    @JaredBusch said in Need help for argument with Comcast:

    o you have access to change anything?

    Only their VM password.

    If you can't change the extension passwords, then everything changes. If Comcast demands that the customer handle IT and truly doesn't allow them to, then you are all set.

    Then the conversation goes like this "I'm sorry Comcast, but you and only you control the IP, firewall, IDS, passwords, and other security mechanisms. Your allowance of third parties to use my phone system without my consent is a violation of my contract and of the law and now only can you not charge me for this, but we need to immediately discuss my compensation for your security breach of the system I paid you to provide."



  • @JasGot said in Need help for argument with Comcast:

    @JaredBusch said in Need help for argument with Comcast:

    While true, and we all know that it is almost certainly not your customer's fault, this is completely irrelevant.

    It's not irrelevant from the stand point I said this so you would understand they have no knowledge. That statement was for your benefit in this discussion.

    Yes, definitely we'd expect no end user to have knowledge of these things. But the only piece that really would matter is if they understand passwords. And, of course, if they were given the ability to change/set those passwords.



  • @JaredBusch said in Need help for argument with Comcast:

    Which service? That will likely matter a lot.

    I'm not sure. I won;t see the bill until morning. Most likely it is: Comcast Business VoiceEdge. An I see the "Self Managed" part πŸ™‚



  • @Dashrender said in Need help for argument with Comcast:

    Who set this up? I mean I can't imagine that the customer set this up - if Comcast set default passwords that were weak, I would say that's on them.

    Comcast did everything from porting, to providing the hardware, to installing the service and the hardware and providing training.



  • @scottalanmiller said in Need help for argument with Comcast:

    But they opted to be their own IT. What they know or understand doesn't matter because they decided to be their own IT.

    I would have to side with the customer here. Their expectations were that since Comcast was the provider for each and every aspect of the phone system, with a three year contract that includes support; that the IT side of it was Comcast's job.

    I'm not saying they weren't mislead, I'm saying, based on their expectations from the rep, this should be Comcast's problem.



  • @JasGot said in Need help for argument with Comcast:

    @Dashrender said in Need help for argument with Comcast:

    Who set this up? I mean I can't imagine that the customer set this up - if Comcast set default passwords that were weak, I would say that's on them.

    Comcast did everything from porting, to providing the hardware, to installing the service and the hardware and providing training.

    Well they have to do the porting, there's no way around that for them πŸ™‚

    What kind of training? End user training, or IT training, though?



  • @scottalanmiller said in Need help for argument with Comcast:

    Right, but not the IT, security, consulting, oversight, or knowledge. None of the pieces that provide protection

    I would say this is not what Comcast led them to believe.



  • @scottalanmiller said in Need help for argument with Comcast:

    Well, at some point, they opted to not hire someone to oversee this and/or to not learn about it themselves.

    This is certainly true.



  • @JasGot said in Need help for argument with Comcast:

    I would have to side with the customer here. Their expectations were that since Comcast was the provider for each and every aspect of the phone system, with a three year contract that includes support; that the IT side of it was Comcast's job.

    Only if that's in the contract. Under no conditions of what you describe would that ever be implied, especially as Comcast is not an IT vendor.

    Now the words "support" might mean that, but it doesn't imply it. It just implies the possibility, but not the expectation.

    It's a bit like buying a BMW with absolute total maintenance coverage, but then expecting them to drive the car for you, too. Could they do that? Of course, but no amount of warranty covers that.

    Totally supported solutions in other arenas, like email, or hyperconvergence, never include the IT piece. This would be a place where we are expecting this one situation to be totally different than all others that are similar. Not that it can't be, but unless it's really clearly stated somewhere, it's not a reasonable expectation.



  • @scottalanmiller said in Need help for argument with Comcast:

    If you can't change the extension passwords, then everything changes. If Comcast demands that the customer handle IT and truly doesn't allow them to, then you are all set.
    .
    Then the conversation goes like this "I'm sorry Comcast, but you and only you control the IP, firewall, IDS, passwords, and other security mechanisms. Your allowance of third parties to use my phone system without my consent is a violation of my contract and of the law and now only can you not charge me for this, but we need to immediately discuss my compensation for your security breach of the system I paid you to provide."

    I'll confirm this in the morning. If it is true (and I do believe it is) I'll use your text to do battle with Comcast. πŸ™‚



  • @scottalanmiller said in Need help for argument with Comcast:

    Totally supported solutions in other arenas, like email, or hyperconvergence, never include the IT piece. This would be a place where we are expecting this one situation to be totally different than all others that are similar. Not that it can't be, but unless it's really clearly stated somewhere, it's not a reasonable expectation.

    True.



  • I'll let you know what I find out in the morning. I hope for the customer's sake, they have absolutely no way to manage the SIP connections or firewall settings on the service.



  • @JasGot said in Need help for argument with Comcast:

    @scottalanmiller said in Need help for argument with Comcast:

    Right, but not the IT, security, consulting, oversight, or knowledge. None of the pieces that provide protection

    I would say this is not what Comcast led them to believe.

    That's definitely possible, I'd not put anything past Comcast. But you also have the problem of "is there ever an excuse for having had the Comcast conversation in the first place?"

    I mean think about it... we have a known bad actor that we can't trust and violates the infrastructure monopoly bundling rule in business (never bundle an unnecessary service with a monopoly infrastructure provider) that is just basic business common sense (so no IT knowledge needed) and at some point the customer decided that even though this is a company that everyone knows you can't trust and should never voluntarily do business with, they either allowed their sales people in the door and/or sought them out and engaged in business with them.

    If you ask a person you know is going to try to trick you to do so, is it still a trick?



  • @JasGot said in Need help for argument with Comcast:

    I'll let you know what I find out in the morning. I hope for the customer's sake, they have absolutely no way to manage the SIP connections or firewall settings on the service.

    Yeah, maybe Comcast screwed up on this one. I've done this "provide the legal wording to threaten Comcast" already three times this week for similar items!

    The other two weren't quite as dramatic, but were "You used the word 'business' in reference to your product but it doesn't meet any baseline expectations that would be necessary to consider this a business product, but only a consumer product, so our contract is void."



  • Not siding with Comcast but don’t forget there is the Companion application for Windows. There are also mobile apps to connect to the users accounts so they can do calls from the cell as if they are in the office. I had a client that signed up for voice edge a long time ago and I think they were responsible for setting up the accounts for the users.



  • @syko24 said in Need help for argument with Comcast:

    they were responsible

    They who? Because this sounds like they bought the self managed solution so far. Which means it is totally on the customer. Sure Comcast might have set it all up. But with that solution, they are supposed to train and walk away.

    Just because the customer thinks something, does not make it a fact.



  • @JasGot said in Need help for argument with Comcast:

    @JaredBusch said in Need help for argument with Comcast:

    While true, and we all know that it is almost certainly not your customer's fault, this is completely irrelevant.

    It's not irrelevant from the stand point I said this so you would understand they have no knowledge. That statement was for your benefit in this discussion.

    Whether or not they have any knowledge absolutely is irrelevant.

    Someone chose a solution and had the responsibility of making the decision. Sure they likely never changed a damned thing from when Comcast set it up. But, assuming the self managed as you mentioned in a later post, it is still the customer's responsibility to maintain their system.

    Sure, some sucker at the customer got sold up a fucking river buy an unscrupulous vendor. But that does not take the responsibility off of the customer.


Log in to reply