Need help for argument with Comcast
-
@Dashrender said in Need help for argument with Comcast:
Assuming Comcast did come onsite and do that actual installation - assuming those passwords were set by a Comcast tech and never changed - which Comcast should be able to prove or disprove,
How in the fuck should that be possible? Are you saying someone should have a record of the passwords set originally? And then should be able to compare them to now? That is an insane level of auditing.
Have you done that for your new FreePBX system yet?
-
@scottalanmiller said in Need help for argument with Comcast:
@Dashrender said in Need help for argument with Comcast:
@scottalanmiller said in Need help for argument with Comcast:
@JaredBusch said in Need help for argument with Comcast:
@JasGot said in Need help for argument with Comcast:
So I think it's safe to say, these are lay people who have no idea about VoIP.
While true, and we all know that it is almost certainly not your customer's fault, this is completely irrelevant.
Well, at some point, they opted to not hire someone to oversee this and/or to not learn about it themselves.
Unless they put some security in place that was bypassed, it certainly sounds like their fault. Did they request that International calling be turned off? Did they manage their passwords well?
Sure, Comcast could have done these things, but Comcast's whole selling point is that they are high cost and don't look after you at all. That's their service offering. If customers opt for that and there isn't any false claims, it really would be their fault.
Things like this should be off by default - you and I both know they are left on by default for exactly this reason - to basically allow the end user to screw up, and when they do, Comcast/the vendor, totally wins. Obviously, it's one of the things that makes them a shity vendor.. and while they aren't the only phone vendor option in almost any case, they very likely could be the only ISP option for many.
I agree that they leave it on for the customer to get screwed. However, it is the expectation of every customer I've ever spoken to that all options are on. And traditionally, international calling was always on. The idea that it can be removed or is removed is a relatively recent one and a pretty niche thing.
Remember, this is a consumer service being used by a business - there's no PBX and it doesn't behave like a business phone. Consumers always expect Int calling to be on.
It's a tough one, as lots of people expect it on. Even if you ask customers, they never seem to want Int calling off until AFTER something like this happens. People just don't think about what the risk is.
Please remember that he is in Nebraska. They don't know that there is a place that is not the United States.
-
@Dashrender said in Need help for argument with Comcast:
Assuming Comcast did come onsite and do that actual installation - assuming those passwords were set by a Comcast tech and never changed - which Comcast should be able to prove or disprove, I'd say if they were set by a comcast tech, it's on them.. if they were set by the customer, then its on them.
That doesn't help, because the customer still is required to change from default, maintain regular changes, etc. Now if the phones were installed yesterday, that's one thing. But assuming that they've been in place for any length of time, the customer is expected to be changing the passwords or whatever.
And don't forget, we don't know that the customer didn't accidentally share out the password somewhere.
-
@scottalanmiller said in Need help for argument with Comcast:
Remember, this is a consumer service being used by a business - there's no PBX and it doesn't behave like a business phone. Consumers always expect Int calling to be on.
Sure, and they never expect to be hacked either.
-
@Dashrender said in Need help for argument with Comcast:
Regardless of how many times Scott says that these are businesses and they should be adulting, clearly, 95% don't, so it's really unreasonable to expect them to do better than the default, I'm thinking many courts would agree with that.
That's like saying that courts will side with hit and run offenders because, well it happens a lot and how are adults supposed to know not to run away when they've had an accident?
Um.....
-
@JaredBusch said in Need help for argument with Comcast:
@Dashrender said in Need help for argument with Comcast:
Assuming Comcast did come onsite and do that actual installation - assuming those passwords were set by a Comcast tech and never changed - which Comcast should be able to prove or disprove,
How in the fuck should that be possible? Are you saying someone should have a record of the passwords set originally? And then should be able to compare them to now? That is an insane level of auditing.
Have you done that for your new FreePBX system yet?
No, not what the value was, but I'm assuming - and that could be a huge mistake I understand - that the system (i.e. Comcast) set the original password.
-
@Dashrender said in Need help for argument with Comcast:
@scottalanmiller said in Need help for argument with Comcast:
Remember, this is a consumer service being used by a business - there's no PBX and it doesn't behave like a business phone. Consumers always expect Int calling to be on.
Sure, and they never expect to be hacked either.
Right... which makes this 100% the customer's problem. They didn't expect the standard things to happen, they didn't educate themselves, they didn't hire someone to think the problem through or follow good patterns. They chose to take on a responsibility that they weren't prepared to follow through on.
Courts don't use "lazy or didn't care or couldn't be bothered or dumb" as grounds for not meeting legal contractual obligations.
-
@scottalanmiller said in Need help for argument with Comcast:
@Dashrender said in Need help for argument with Comcast:
Regardless of how many times Scott says that these are businesses and they should be adulting, clearly, 95% don't, so it's really unreasonable to expect them to do better than the default, I'm thinking many courts would agree with that.
That's like saying that courts will side with hit and run offenders because, well it happens a lot and how are adults supposed to know not to run away when they've had an accident?
Um.....
Again, not the same thing at all - If you causally polled people, 95% would fail this... only upon actual reflection would they likely choose the right/adulting answer.
In the case of an accident - no one is just thinking that fleeing is acceptable.
Also, with driving, the testing/learning that happens to directly get your license gives a much greater chance to the understanding of the requirement to stay for that accident.But there is no such required learning for running a business - you keep saying it's "Just known" but every day people find examples of "street smarts" that so many people just don't have. Sure, good business owners "know" these things - either it seemed obvious to them and they just did it, or they learned it - who knows.. but the not good business owners - which drastically outnumber the others simply don't "know" this... and would only likely come to this conclusion when force to stop - drop - THINK about it - then proceed.
-
@Dashrender said in Need help for argument with Comcast:
But there is no such required learning for running a business
Here is the rub, anytime you say "business" any, and I mean ANY, thoughts you have them "getting away with not meeting their obligations" go out the window. Consumers get protections legally around being dumb, businesses do not. The day you open a business you accept all the responsibilities of security, licensing, taxes, management, etc. All of it. Since you just said this business made the mistake, you just showed that nothing else matters. Businesses have the responsibility and the government doesn't provide a "protect businesses from themselves" system, and they shouldn't.
So actually, there are more "requirements" like this for running a business than you think. Everything a business does it is required for them to know everything about. It's that simple. Just because there isn't a government test for it, or a license to acquire, doesn't make it not required.
-
@Dashrender said in Need help for argument with Comcast:
but the not good business owners
And it is the job of capitalism to put those bad owners out of business through mechanisms like this. It's their right to play fast and loose and take risks (including opening a business if they don't understand business), and it is the duty of the "system" to see that they don't succeed.
You are just seeing the system in action under the hood. The sausage is being made.
-
@Dashrender said in Need help for argument with Comcast:
and would only likely come to this conclusion when force to stop - drop - THINK about it - then proceed.
Sure, and it is THEIR responsibility to find a way to get that forced on them if they want to succeed.
-
@scottalanmiller said in Need help for argument with Comcast:
The other two weren't quite as dramatic, but were "You used the word 'business' in reference to your product but it doesn't meet any baseline expectations that would be necessary to consider this a business product, but only a consumer product, so our contract is void."
Did this work?
-
@syko24 said in Need help for argument with Comcast:
Not siding with Comcast but don’t forget there is the Companion application for Windows. There are also mobile apps to connect to the users accounts so they can do calls from the cell as if they are in the office. I had a client that signed up for voice edge a long time ago and I think they were responsible for setting up the accounts for the users.
Part of my task this morning was to review the settings for each phone/user. I found the ability to connect a softphone to the individual user accounts was turned off.
-
@JaredBusch said in Need help for argument with Comcast:
Whether or not they have any knowledge absolutely is irrelevant.
Someone chose a solution and had the responsibility of making the decision. Sure they likely never changed a damned thing from when Comcast set it up. But, assuming the self managed as you mentioned in a later post, it is still the customer's responsibility to maintain their system.
Sure, some sucker at the customer got sold up a fucking river buy an unscrupulous vendor. But that does not take the responsibility off of the customer.You still don't get it.
-
@syko24 said in Need help for argument with Comcast:
My bad, they being the customer had to create their own logins. The Comcast installer showed the office manager how to create the accounts and most likely suggested a basic password that would be reset when the user logged in for the first time.
The Comcast installer actually created the user accounts. The default password of 1234 was changed the same day, more than a month before the calls to Taiwan.
-
@JasGot said in Need help for argument with Comcast:
@scottalanmiller said in Need help for argument with Comcast:
The other two weren't quite as dramatic, but were "You used the word 'business' in reference to your product but it doesn't meet any baseline expectations that would be necessary to consider this a business product, but only a consumer product, so our contract is void."
Did this work?
Not sure, customers rarely follow through.
-
@JasGot said in Need help for argument with Comcast:
@syko24 said in Need help for argument with Comcast:
Not siding with Comcast but don’t forget there is the Companion application for Windows. There are also mobile apps to connect to the users accounts so they can do calls from the cell as if they are in the office. I had a client that signed up for voice edge a long time ago and I think they were responsible for setting up the accounts for the users.
Part of my task this morning was to review the settings for each phone/user. I found the ability to connect a softphone to the individual user accounts was turned off.
Interesting. The plot thickens.
-
@JasGot said in Need help for argument with Comcast:
@syko24 said in Need help for argument with Comcast:
My bad, they being the customer had to create their own logins. The Comcast installer showed the office manager how to create the accounts and most likely suggested a basic password that would be reset when the user logged in for the first time.
The Comcast installer actually created the user accounts. The default password of 1234 was changed the same day, more than a month before the calls to Taiwan.
That part is good. But was it changed to something good?
-
Here's where we are after examining their Comcast portal all morning. I'm going to state facts (in no particular order), so I do not expect to take any heat from the regular bashers here.
I'm also going to say that neither the end customer or I know if Comcast took any actions yesterday after they were confronted. I suspect not, but don't know. Settings I found this morning may or may not have been changed by Comcast since yesterday.
Two hours in their portal, and the printed and mailed phone bill that brought it all to their attention is here on my desk.
- Comcast sold, delivered, installed and configured all the users' phones and each user account. The business manager said they all setup their VM and changed their passwords later that same day.
- International calling for the entire account is turned off.
- Softphone connections have not been enabled for any user.
- Many user are using call forwarding successfully.
- The user who was "hacked" chose not to use call forwarding, but their call forwarding was (until I turned it off) turned on and was being forward to "5" which is not a valid number or a valid extension.
- There are no records of outgoing international calls in any of their call histories or logs at the Comcast portal.
- The calls to Taiwan are listed on the printed phone bill that arrived yesterday.
- 61 Calls to a mobile device in Taiwan and one call to a land line in the Philippines.
- There is a feature in the Comcast portal called "Hoteling". It is turned off.
- There are no Auto Attendant settings that would connect/forward to an outside number
- The calls to Taiwan occurred during a 51 minute time frame. 3:15am to 4:06am
I have lots of thoughts about each of these facts; they all lead me back to a billing issue where some other customer's call got charged to this account OR their was a breach to this account at Comcast and they caught it after 51 minutes and Comcast is not admitting it. The sudden end to the calls and the lack of call logging of these particular call in the portal are key factors to my thinking this way. The call forwarding to "5" could simply be an error that took place when setting up the users for "work from home".
-
@scottalanmiller said in Need help for argument with Comcast:
That part is good. But was it changed to something good?
They were told to use a random four digit number