Create a gist now

Instantly share code, notes, and snippets.

Embed
This is the code Comcast is injecting into its users web traffic.

Above is the code Comcast is injecting into their customers web traffic when they need to display an "important message".

Feel free to read the blog post that goes along with this code.

<script language="JavaScript" type="text/javascript">
// Comcast Cable Communications, LLC Proprietary. Copyright 2012.
// Intended use is to display browser notifications for critical and time sensitive alerts.
var SYS_URL='/e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do';
// var image_url='http://servicealerts.comcast.net:8080/images/mt';
var image_url='http://xfinity.comcast.net/constantguard/BotAssistance/notice/images';
var headertext1='<strong>Comcast Courtesy Notice</strong>';
var textline1='You have reached 90% of your <b>monthly data usage allowance</b>.';
var textline2='Please sign in for more information and to remove this alert.';
var acknowledgebutton='<a href=\"#\" onClick="document.location.href=\''+SYS_URL+'?dispatch=redirect&redirectName=login&paramName=bmUid\'" title="Sign in to acknowledge" style="color: #FFFFFF;"><img alt="Sign in to acknowledge" src="'+image_url+'/mt_signin.png"/></a>';
var verifybulletin='<a href="http://customer.comcast.com/help-and-support/internet/data-usage-plans-nash/" target="_new">How do I know this message is from Comcast?</a>';
if(self.location==top.location) {
document.write('<style type="text/css">');
document.write('#comcast_content {width: 600px; height:240px; box-shadow: 10px 10px 5px #888; background: #fff; border: 1px solid #454545; position:absolute; top:50px; left:100px; zoom:1; z-index: 9999999; opacity:0.90; filter:alpha(opacity=90);}');
document.write('#comcast_content .header {height: 35px; background:url('+image_url+'/headerbg.gif) repeat-x;}');
document.write('#comcast_content .a {color: #00a3e0;}');
document.write('#comcast_content .logo {float:left;}');
document.write('#comcast_content .content-wrapper {padding-left: 18px; padding-right: 15px; padding-bottom: 12px;}');
document.write('#comcast_content .headerimage { margin-top: 15px;}');
document.write('#comcast_content .header1 {margin: 18px 0 0 0; color: #C00000; padding: 3px; font: 23px/24px bold Arial, Helvetica, sans-serif;}');
document.write('#comcast_content .textcontent {margin: 12px 0 0 0; text-align: center; color: #303030; word-spacing: 0px; font: 14px/15px Arial, Helvetica, sans-serif; line-height: 1.20;}');
document.write('#comcast_content .acknowledge {padding-top:6px; text-align: center;}');
document.write('#comcast_content .how-do-i {float:left; position:absolute; bottom:20px; left:18px; margin: 12px 0 0 0; font: 13px/14px bold Arial, Helvetica, sans-serif; text-align: bottom;}');
document.write('#comcast_content .comcast-wrapper {float:right; position:absolute; bottom:15px; right:18px; padding-top:0px; text-align: right;}');
document.write('</style>');
document.write('<div class="main-wrapper" id="comcast_content">');
document.write('<div class="header" onmousedown="javascript:dragStart(event,\'comcast_content\')">');
document.write('<img src="'+image_url+'/xfinity-logo.gif" alt="Xfinity" class="logo"/>');
document.write('</div>');
document.write('<div class="content-wrapper">');
document.write('<p class="header1">');
document.write(headertext1);
document.write('</p>');
document.write('<p class="textcontent">');
document.write(textline1);
document.write('</p>');
document.write('<p class="textcontent">');
document.write(textline2);
document.write('</p>');
document.write('<p class="how-do-i">');
document.write(verifybulletin);
document.write('</p>');
document.write('<div class="acknowledge">');
document.write(acknowledgebutton);
document.write('</div>');
document.write('<div class="comcast-wrapper">');
document.write('<img src="'+image_url+'/message-by-comcast.gif" alt="Message by Comcast"/>');
document.write('</div>');
document.write('</div>');
document.write('</div>');
}
// Function to Determine browser and version. Copyright 2001 by Mike Hall.
// See http://www.brainjar.com for terms of use.
function Browser() {
var ua, s, i;
this.isIE = false;
this.isNS = false;
this.version = null;
ua = navigator.userAgent;
s = "MSIE";
if ((i = ua.indexOf(s)) >= 1) {
this.isIE = true; this.version = parseFloat(ua.substr(i + s.length)); return;
}
s = "Netscape6/";
if ((i = ua.indexOf(s)) >= 0) {
this.isNS = true; this.version = parseFloat(ua.substr(i + s.length)); return;
}
s = "Gecko";
if ((i = ua.indexOf(s)) >= 0) {
this.isNS = true; this.version = 6.1; return;
}
}
var browser1 = new Browser();
var dragObj = new Object();
dragObj.zIndex = 99999;
function dragStart(event, id) {
var el;
var x, y;
if (id) dragObj.elNode = document.getElementById(id);
else {
if (browser1.isIE) dragObj.elNode = window.event.srcElement;
if (browser1.isNS) dragObj.elNode = event.target;
if (dragObj.elNode.nodeType == 3) dragObj.elNode = dragObj.elNode.parentNode;
}
if (browser1.isIE) {
x = window.event.clientX + document.documentElement.scrollLeft + document.body.scrollLeft;
y = window.event.clientY + document.documentElement.scrollTop + document.body.scrollTop;
}
if (browser1.isNS) {
x = event.clientX + window.scrollX;
y = event.clientY + window.scrollY;
}
dragObj.cursorStartX = x;
dragObj.cursorStartY = y;
dragObj.elStartLeft = parseInt(dragObj.elNode.style.left, 10);
dragObj.elStartTop = parseInt(dragObj.elNode.style.top, 10);
if (isNaN(dragObj.elStartLeft)) dragObj.elStartLeft = 100;
if (isNaN(dragObj.elStartTop)) dragObj.elStartTop = 50;
if (browser1.isIE) {
document.attachEvent("onmousemove", dragGo);
document.attachEvent("onmouseup", dragStop);
window.event.cancelBubble = true;
window.event.returnValue = false; }
if (browser1.isNS) {
document.addEventListener("mousemove", dragGo, true);
document.addEventListener("mouseup", dragStop, true);
event.preventDefault();
}
}
// End Function
function dragGo(event) {
var x, y;
if (browser1.isIE) {
x = window.event.clientX + document.documentElement.scrollLeft + document.body.scrollLeft;
y = window.event.clientY + document.documentElement.scrollTop + document.body.scrollTop;
}
if (browser1.isNS) {
x = event.clientX + window.scrollX; y = event.clientY + window.scrollY;
}
dragObj.elNode.style.left = (dragObj.elStartLeft + x - dragObj.cursorStartX) + "px";
dragObj.elNode.style.top = (dragObj.elStartTop + y - dragObj.cursorStartY) + "px";
if (browser1.isIE) { window.event.cancelBubble = true; window.event.returnValue = false; }
if (browser1.isNS) event.preventDefault(); }
function dragStop(event) {
if (browser1.isIE) {
document.detachEvent("onmousemove", dragGo);
document.detachEvent("onmouseup", dragStop);
}
if (browser1.isNS) {
document.removeEventListener("mousemove", dragGo, true);
document.removeEventListener("mouseup", dragStop, true);
}
}
var xmlhttp=false; /*@cc_on @*/ /*@if (@_jscript_version >= 5) try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } } @end @*/ if (!xmlhttp && typeof XMLHttpRequest!='undefined') { try { xmlhttp = new XMLHttpRequest(); } catch (e) { xmlhttp=false; } } if (!xmlhttp && window.createRequest) { try { xmlhttp = window.createRequest(); } catch (e) { xmlhttp=false; } }
function acknowledge() { sendAck(); document.getElementById('comcast_content').style.display="none"; }
function sendAck(){ xmlhttp.open("GET", SYS_URL+'?dispatch=ackBulletin',true); xmlhttp.send(null) }
var comcastCheck=1;
var comcastTimer;
function checkBulletin(){
if(comcastCheck==0) { return; }
xmlhttp.open("GET", SYS_URL+'?dispatch=checkBulletin',true);
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
if(xmlhttp.responseText.indexOf('43a1028c-7d11-11de-b687-1f15c5ad6a13')==-1){
document.getElementById('comcast_content').style.display="none";
comcastCheck=1;
}
comcastTimer=setTimeout("checkBulletin()",5000);
};
};
xmlhttp.send(null);
}
checkBulletin();
</script>
@arkcom

This comment has been minimized.

Show comment
Hide comment
@arkcom

arkcom Apr 2, 2013

Wow. Comcast really sucks at JS.

arkcom commented Apr 2, 2013

Wow. Comcast really sucks at JS.

@drawcode

This comment has been minimized.

Show comment
Hide comment
@drawcode

drawcode Apr 2, 2013

Browser detection from the days of IE and Netscape battles, 2001 browser detect script. Surprised there isn't a check for document.layer or document.all.

drawcode commented Apr 2, 2013

Browser detection from the days of IE and Netscape battles, 2001 browser detect script. Surprised there isn't a check for document.layer or document.all.

@karock

This comment has been minimized.

Show comment
Hide comment
@karock

karock Apr 2, 2013

and a domain-relative link that will request a file from the domain you're currently on instead of one controlled by comcast... good job.

karock commented Apr 2, 2013

and a domain-relative link that will request a file from the domain you're currently on instead of one controlled by comcast... good job.

@nym

This comment has been minimized.

Show comment
Hide comment
@nym

nym Apr 2, 2013

JSHint Report

/*jshint forin:true, noarg:true, eqeqeq:true, evil:true, bitwise:true, browser:true, devel:true, jquery:true, indent:4, maxerr:50 */
Errors:

Line 12: if(self.location==top.location) {

Expected '===' and instead saw '=='.

Line 76: var dragObj = new Object();

The object literal notation {} is preferrable.

Line 85: if (dragObj.elNode.nodeType == 3) dragObj.elNode = dragObj.elNode.parentNode;

Expected '===' and instead saw '=='.

Line 140: var xmlhttp=false; /@cc_on @/ /_@if (@jscript_version >= 5) try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } } @EnD @/ if (!xmlhttp && typeof XMLHttpRequest!='undefined') { try { xmlhttp = new XMLHttpRequest(); } catch (e) { xmlhttp=false; } } if (!xmlhttp && window.createRequest) { try { xmlhttp = window.createRequest(); } catch (e) { xmlhttp=false; } }

Expected '!==' and instead saw '!='.

Line 143: function sendAck(){ xmlhttp.open("GET", SYS_URL+'?dispatch=ackBulletin',true); xmlhttp.send(null) }

Missing semicolon.

Line 148: if(comcastCheck==0) { return; }

Expected '===' and instead saw '=='.

Line 151: if (xmlhttp.readyState == 4) {

Expected '===' and instead saw '=='.

Line 152: if(xmlhttp.responseText.indexOf('43a1028c-7d11-11de-b687-1f15c5ad6a13')==-1){

Expected '===' and instead saw '=='.

Line 157: };

Unnecessary semicolon.

nym commented Apr 2, 2013

JSHint Report

/*jshint forin:true, noarg:true, eqeqeq:true, evil:true, bitwise:true, browser:true, devel:true, jquery:true, indent:4, maxerr:50 */
Errors:

Line 12: if(self.location==top.location) {

Expected '===' and instead saw '=='.

Line 76: var dragObj = new Object();

The object literal notation {} is preferrable.

Line 85: if (dragObj.elNode.nodeType == 3) dragObj.elNode = dragObj.elNode.parentNode;

Expected '===' and instead saw '=='.

Line 140: var xmlhttp=false; /@cc_on @/ /_@if (@jscript_version >= 5) try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } } @EnD @/ if (!xmlhttp && typeof XMLHttpRequest!='undefined') { try { xmlhttp = new XMLHttpRequest(); } catch (e) { xmlhttp=false; } } if (!xmlhttp && window.createRequest) { try { xmlhttp = window.createRequest(); } catch (e) { xmlhttp=false; } }

Expected '!==' and instead saw '!='.

Line 143: function sendAck(){ xmlhttp.open("GET", SYS_URL+'?dispatch=ackBulletin',true); xmlhttp.send(null) }

Missing semicolon.

Line 148: if(comcastCheck==0) { return; }

Expected '===' and instead saw '=='.

Line 151: if (xmlhttp.readyState == 4) {

Expected '===' and instead saw '=='.

Line 152: if(xmlhttp.responseText.indexOf('43a1028c-7d11-11de-b687-1f15c5ad6a13')==-1){

Expected '===' and instead saw '=='.

Line 157: };

Unnecessary semicolon.

@VIrtualApe

This comment has been minimized.

Show comment
Hide comment
@VIrtualApe

VIrtualApe Apr 2, 2013

what does this do guys?noob here hehe...thnks!:)

what does this do guys?noob here hehe...thnks!:)

@kevzettler

This comment has been minimized.

Show comment
Hide comment
@kevzettler

kevzettler Apr 2, 2013

@VIrtualApe

// Comcast Cable Communications, LLC Proprietary. Copyright 2012.
// Intended use is to display browser notifications for critical and time sensitive alerts.

I wonder if Mike Hall. See http://www.brainjar.com for terms of use.

Works for them and this is his code or if they just copy pasta'd.

@VIrtualApe

// Comcast Cable Communications, LLC Proprietary. Copyright 2012.
// Intended use is to display browser notifications for critical and time sensitive alerts.

I wonder if Mike Hall. See http://www.brainjar.com for terms of use.

Works for them and this is his code or if they just copy pasta'd.

@gavinlynch

This comment has been minimized.

Show comment
Hide comment
@gavinlynch

gavinlynch Apr 2, 2013

brainjar has been around for forever, I doubt he works for them. Likely a copy/paste job

brainjar has been around for forever, I doubt he works for them. Likely a copy/paste job

@RussellSprouts

This comment has been minimized.

Show comment
Hide comment
@RussellSprouts

RussellSprouts Apr 2, 2013

http://www.brainjar.com/terms.asp

Apparently, the code they copied is under GPL2. So, they are in violation unless they have permission from the author.

http://www.brainjar.com/terms.asp

Apparently, the code they copied is under GPL2. So, they are in violation unless they have permission from the author.

@STRML

This comment has been minimized.

Show comment
Hide comment
@STRML

STRML Apr 2, 2013

See more on why this is awful - including how it causes every page served on your system to pop an AJAX request to the wrong URL every 5 seconds, forever.

https://news.ycombinator.com/item?id=5482512

STRML commented Apr 2, 2013

See more on why this is awful - including how it causes every page served on your system to pop an AJAX request to the wrong URL every 5 seconds, forever.

https://news.ycombinator.com/item?id=5482512

@iknowkungfoo

This comment has been minimized.

Show comment
Hide comment
@iknowkungfoo

iknowkungfoo Apr 2, 2013

Is there a way to "Like" or up-vote @drawcode's comment?

Is there a way to "Like" or up-vote @drawcode's comment?

@kulte

This comment has been minimized.

Show comment
Hide comment
@kulte

kulte Apr 2, 2013

@drawcode 👍 is the best ur gonna do @iknowkungfoo

kulte commented Apr 2, 2013

@drawcode 👍 is the best ur gonna do @iknowkungfoo

@ryankearney

This comment has been minimized.

Show comment
Hide comment
@ryankearney

ryankearney Apr 2, 2013

Never thought anyone would stumble across this!

Here's my brief writeup for those interested

http://blog.ryankearney.com/2013/01/comcast-caught-intercepting-and-altering-your-web-traffic/

Owner

ryankearney commented Apr 2, 2013

Never thought anyone would stumble across this!

Here's my brief writeup for those interested

http://blog.ryankearney.com/2013/01/comcast-caught-intercepting-and-altering-your-web-traffic/

@kulte

This comment has been minimized.

Show comment
Hide comment
@cpdean

This comment has been minimized.

Show comment
Hide comment
@cpdean

cpdean Apr 2, 2013

@iknowkungfoo @kulte there's always gittip.

cpdean commented Apr 2, 2013

@iknowkungfoo @kulte there's always gittip.

@Mazda--

This comment has been minimized.

Show comment
Hide comment
@Mazda--

Mazda-- Apr 2, 2013

Good thing my neighbor doesn't have comcast.............YEAH, I steal his WiFi :)

Obviously I'm kidding, I don't want the christian mingle freaks to attack me! HAHAHHAA

Mazda-- commented Apr 2, 2013

Good thing my neighbor doesn't have comcast.............YEAH, I steal his WiFi :)

Obviously I'm kidding, I don't want the christian mingle freaks to attack me! HAHAHHAA

@nixpulvis

This comment has been minimized.

Show comment
Hide comment
@nixpulvis

nixpulvis Apr 3, 2013

The idea that my ISP is injecting JS into my traffic is very unsettling.

The idea that my ISP is injecting JS into my traffic is very unsettling.

@jwatte

This comment has been minimized.

Show comment
Hide comment
@jwatte

jwatte Apr 3, 2013

I'm adding the URL /e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do to my site right now!

jwatte commented Apr 3, 2013

I'm adding the URL /e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do to my site right now!

@michiel3

This comment has been minimized.

Show comment
Hide comment
@michiel3

michiel3 Apr 3, 2013

Do they inject a script-tag that points to this file? i.e. do they point to JS that is hosted on an external domain, like xfinity.comcast.net?

michiel3 commented Apr 3, 2013

Do they inject a script-tag that points to this file? i.e. do they point to JS that is hosted on an external domain, like xfinity.comcast.net?

@ryankearney

This comment has been minimized.

Show comment
Hide comment
@ryankearney

ryankearney Apr 3, 2013

@michiel3 No. They hijack your HTTP connection, intercept the GET request, and inject this code into the web page before delivering it to your browser.

Owner

ryankearney commented Apr 3, 2013

@michiel3 No. They hijack your HTTP connection, intercept the GET request, and inject this code into the web page before delivering it to your browser.

@nicinabox

This comment has been minimized.

Show comment
Hide comment
@nicinabox

nicinabox Apr 3, 2013

Would using Comcast's DNS play any part in this?

Would using Comcast's DNS play any part in this?

@ryankearney

This comment has been minimized.

Show comment
Hide comment
@ryankearney

ryankearney Apr 3, 2013

@nicinabox It doesn't matter which DNS you use since they're hijacking your entire connection, not just the DNS response. You could enter in the IP address directly and completely bypass DNS all together and Comcast would still end up hijacking your traffic.

Owner

ryankearney commented Apr 3, 2013

@nicinabox It doesn't matter which DNS you use since they're hijacking your entire connection, not just the DNS response. You could enter in the IP address directly and completely bypass DNS all together and Comcast would still end up hijacking your traffic.

@dansimpson

This comment has been minimized.

Show comment
Hide comment
@dansimpson

dansimpson Apr 3, 2013

@nicinabox I doubt it. They are the MITM as your ISP, which makes it easy to sniff your traffic.

@nicinabox I doubt it. They are the MITM as your ISP, which makes it easy to sniff your traffic.

@nicinabox

This comment has been minimized.

Show comment
Hide comment
@nicinabox

nicinabox Apr 3, 2013

@ryankearney @dansimpson As I suspected :/

@ryankearney @dansimpson As I suspected :/

@vfulco

This comment has been minimized.

Show comment
Hide comment
@vfulco

vfulco Apr 3, 2013

How does an average joe with a modicum of linux skills stop this? Do VPN connections help?

vfulco commented Apr 3, 2013

How does an average joe with a modicum of linux skills stop this? Do VPN connections help?

@nitsujri

This comment has been minimized.

Show comment
Hide comment
@nitsujri

nitsujri Apr 3, 2013

That's it, VPN'ing everywhere.

nitsujri commented Apr 3, 2013

That's it, VPN'ing everywhere.

@andreisentaro

This comment has been minimized.

Show comment
Hide comment
@andreisentaro

andreisentaro Apr 3, 2013

A case for end to end encryption.
This is what metered payment models lead to. The stunning part is that they are so disconnected from their customers that they might think this is just being helpful.

A case for end to end encryption.
This is what metered payment models lead to. The stunning part is that they are so disconnected from their customers that they might think this is just being helpful.

@doug1

This comment has been minimized.

Show comment
Hide comment
@doug1

doug1 Apr 3, 2013

Yet another reason to move everything to SSL. If it doesn't start with https:// then don't trust it.

doug1 commented Apr 3, 2013

Yet another reason to move everything to SSL. If it doesn't start with https:// then don't trust it.

@film42

This comment has been minimized.

Show comment
Hide comment
@film42

film42 Apr 3, 2013

Although "I second this!" Isn't really github-style, is there anyone who can confirm they're seeing injected js?

film42 commented Apr 3, 2013

Although "I second this!" Isn't really github-style, is there anyone who can confirm they're seeing injected js?

@ronreiter

This comment has been minimized.

Show comment
Hide comment
@ronreiter

ronreiter Apr 3, 2013

LOL.
document.write causes the page to re-render. This code re-renders the page like 50 times.

LOL.
document.write causes the page to re-render. This code re-renders the page like 50 times.

@nitelite

This comment has been minimized.

Show comment
Hide comment
@nitelite

nitelite Apr 3, 2013

Do they also intercept requests to the SYS_URL and inject the appropriate response from their own system or does it actually cause a 404 on the remote server (when you run this on comcasts network) ?

nitelite commented Apr 3, 2013

Do they also intercept requests to the SYS_URL and inject the appropriate response from their own system or does it actually cause a 404 on the remote server (when you run this on comcasts network) ?

@jantman

This comment has been minimized.

Show comment
Hide comment
@jantman

jantman Apr 3, 2013

Has anybody else on Comcast confirmed this? I'm on Comcast Xfinity in Conyers, GA... Just SSH'ed home and wget'ed a few URLs of mine, no such injection. Maybe they're smart enough to limit it to certain User-Agent strings, or certain major dmains... or this isn't implemented everywhere yet? Or just a hoax...?

jantman commented Apr 3, 2013

Has anybody else on Comcast confirmed this? I'm on Comcast Xfinity in Conyers, GA... Just SSH'ed home and wget'ed a few URLs of mine, no such injection. Maybe they're smart enough to limit it to certain User-Agent strings, or certain major dmains... or this isn't implemented everywhere yet? Or just a hoax...?

@jheidt

This comment has been minimized.

Show comment
Hide comment
@jheidt

jheidt Apr 3, 2013

@jantman based upon the content of the notice, it isnt doing this for all requests it runs across it's wires - it looks like this is only injected upon 'reaching 90% of your monthly data usage allowance'.

jheidt commented Apr 3, 2013

@jantman based upon the content of the notice, it isnt doing this for all requests it runs across it's wires - it looks like this is only injected upon 'reaching 90% of your monthly data usage allowance'.

@ryanmcilmoyl

This comment has been minimized.

Show comment
Hide comment
@ryanmcilmoyl

ryanmcilmoyl Apr 3, 2013

Rogers Cable here in Canada has been doing the same thing for a while, as while has inserting their own ad filled 'search' pages for DNS and 404 errors.

Rogers Cable here in Canada has been doing the same thing for a while, as while has inserting their own ad filled 'search' pages for DNS and 404 errors.

@bparker06

This comment has been minimized.

Show comment
Hide comment
@bparker06

bparker06 Apr 3, 2013

@vfulco Yes, a VPN, tunnel or similar connection would bypass this. You could also get around it with either layer7 filtering or a browser script/extension. Or if you're really paranoid, disable javascript or use a text browser.

@vfulco Yes, a VPN, tunnel or similar connection would bypass this. You could also get around it with either layer7 filtering or a browser script/extension. Or if you're really paranoid, disable javascript or use a text browser.

@nekromant

This comment has been minimized.

Show comment
Hide comment
@nekromant

nekromant Apr 3, 2013

Even for someone that doesn't do any web coding for a living this looks like utter crap.
Is the hmm... coding style original, or was identation messed up when copypasting?

Even for someone that doesn't do any web coding for a living this looks like utter crap.
Is the hmm... coding style original, or was identation messed up when copypasting?

@localjo

This comment has been minimized.

Show comment
Hide comment
@localjo

localjo Apr 3, 2013

@bparker06 any ideas what Chrome extensions might address this?

localjo commented Apr 3, 2013

@bparker06 any ideas what Chrome extensions might address this?

@andrebq

This comment has been minimized.

Show comment
Hide comment
@andrebq

andrebq Apr 3, 2013

Another point in favor of https

andrebq commented Apr 3, 2013

Another point in favor of https

@tricheco

This comment has been minimized.

Show comment
Hide comment
@tricheco

tricheco Apr 3, 2013

Dat // End Function

tricheco commented Apr 3, 2013

Dat // End Function

@abrown28

This comment has been minimized.

Show comment
Hide comment
@abrown28

abrown28 Apr 3, 2013

$('#comcast_content').remove();

abrown28 commented Apr 3, 2013

$('#comcast_content').remove();

@davearel

This comment has been minimized.

Show comment
Hide comment
@davearel

davearel Apr 3, 2013

Simply inspirational

davearel commented Apr 3, 2013

Simply inspirational

@ryankearney

This comment has been minimized.

Show comment
Hide comment
@ryankearney

ryankearney Apr 3, 2013

@nitelite Nope, it actually causes a 404 on your server.

@nekromant This is exactly how it appears when injected into the page. Nothing has been changed.

Owner

ryankearney commented Apr 3, 2013

@nitelite Nope, it actually causes a 404 on your server.

@nekromant This is exactly how it appears when injected into the page. Nothing has been changed.

@christianbundy

This comment has been minimized.

Show comment
Hide comment
@christianbundy

christianbundy Apr 3, 2013

I'm releasing a Chrome extension to block this injection. You can expect it to be released by 2pm PST today. You can follow me on Twitter for updates: @ChristianBundy

Done!

I'm releasing a Chrome extension to block this injection. You can expect it to be released by 2pm PST today. You can follow me on Twitter for updates: @ChristianBundy

Done!

@Whired

This comment has been minimized.

Show comment
Hide comment
@Whired

Whired Apr 3, 2013

How can a chrome extension stop a MITM without using some 3rd party service? Sure, you can remove it after it's already there, but that isn't really the issue here.

Whired commented Apr 3, 2013

How can a chrome extension stop a MITM without using some 3rd party service? Sure, you can remove it after it's already there, but that isn't really the issue here.

@Sushisource

This comment has been minimized.

Show comment
Hide comment
@Sushisource

Sushisource Apr 3, 2013

Everyone here is bitching about how bad this is (I agree) but no one's actually checked.

I'm on comcast, just fired up firebug and took a look at a few pages - they aren't injecting anything. I think this only happens if you absolutely DESTROY your bandwidth allotment. I go around 500gb+ a month and haven't had any warnings. So as much as I hate comcast I have to give them the benefit of the doubt here.

Everyone here is bitching about how bad this is (I agree) but no one's actually checked.

I'm on comcast, just fired up firebug and took a look at a few pages - they aren't injecting anything. I think this only happens if you absolutely DESTROY your bandwidth allotment. I go around 500gb+ a month and haven't had any warnings. So as much as I hate comcast I have to give them the benefit of the doubt here.

@andrewkolesnikov

This comment has been minimized.

Show comment
Hide comment
@andrewkolesnikov

andrewkolesnikov Apr 3, 2013

@Sushisource When you say that everyone is bitching about it and you agree, this implies you're bitching too. That and people don't need to check because the injected code obviously only appears when you're out of bandwidth.

@Sushisource When you say that everyone is bitching about it and you agree, this implies you're bitching too. That and people don't need to check because the injected code obviously only appears when you're out of bandwidth.

@kgreunke

This comment has been minimized.

Show comment
Hide comment
@kgreunke

kgreunke Apr 3, 2013

As a point of interest, Cox did something very similar to this when their email servers blew up not too long ago.

kgreunke commented Apr 3, 2013

As a point of interest, Cox did something very similar to this when their email servers blew up not too long ago.

@christianbundy

This comment has been minimized.

Show comment
Hide comment
@christianbundy

christianbundy Apr 4, 2013

Here's a Google Chrome extension to block this injection!

The document.write method is just too easy to block.

if (div = document.getElementById('comcast_content')) {
  div.parentNode.removeChild(div);
}

Tweet at me for love/hate/boredom.

Here's a Google Chrome extension to block this injection!

The document.write method is just too easy to block.

if (div = document.getElementById('comcast_content')) {
  div.parentNode.removeChild(div);
}

Tweet at me for love/hate/boredom.

@ryankearney

This comment has been minimized.

Show comment
Hide comment
@ryankearney

ryankearney Apr 4, 2013

@Sushisource Incorrect. I was around 280GB when this message started appearing. I live in the Nashville area where they actually enforce a hard cap, not a soft cap.

You can read more about it here: http://customer.comcast.com/help-and-support/internet/data-usage-what-are-the-different-plans-launching

Owner

ryankearney commented Apr 4, 2013

@Sushisource Incorrect. I was around 280GB when this message started appearing. I live in the Nashville area where they actually enforce a hard cap, not a soft cap.

You can read more about it here: http://customer.comcast.com/help-and-support/internet/data-usage-what-are-the-different-plans-launching

@mculp

This comment has been minimized.

Show comment
Hide comment
@mculp

mculp Apr 4, 2013

Charter injects a frame into the top of your pages when your bill is past due.

mculp commented Apr 4, 2013

Charter injects a frame into the top of your pages when your bill is past due.

@activars

This comment has been minimized.

Show comment
Hide comment
@activars

activars Apr 4, 2013

🍺 reminds me 90s primary school coding challenge.

activars commented Apr 4, 2013

🍺 reminds me 90s primary school coding challenge.

@robertmain

This comment has been minimized.

Show comment
Hide comment
@robertmain

robertmain Jan 28, 2015

Why is everyone so surprised that their JS is shit? They suck at literally everything else, why not JS also?

Why is everyone so surprised that their JS is shit? They suck at literally everything else, why not JS also?

@frank-weindel

This comment has been minimized.

Show comment
Hide comment
@frank-weindel

frank-weindel Apr 18, 2015

Here is some new code they are injecting for copyright violations: https://gist.github.com/frank-weindel/d4e6accfdadc44652f43

Here is some new code they are injecting for copyright violations: https://gist.github.com/frank-weindel/d4e6accfdadc44652f43

@AdamRakaska

This comment has been minimized.

Show comment
Hide comment
@AdamRakaska

AdamRakaska Jun 28, 2016

You can experience this by purchasing some internet time through one of their wifi hotspots also. You will get slide-ins that advertise internet packages to you.

After some google-fu, I learned they use a 3rd party technology to do this, its called FrontPorch. Here is a detailed document that explains what this technology is capable of:
https://net.educause.edu/Elements/Attachments/rfi/vendors/frontporch.pdf
http://www.frontporch.com

Enjoy

AdamRakaska commented Jun 28, 2016

You can experience this by purchasing some internet time through one of their wifi hotspots also. You will get slide-ins that advertise internet packages to you.

After some google-fu, I learned they use a 3rd party technology to do this, its called FrontPorch. Here is a detailed document that explains what this technology is capable of:
https://net.educause.edu/Elements/Attachments/rfi/vendors/frontporch.pdf
http://www.frontporch.com

Enjoy

@pcgeek86

This comment has been minimized.

Show comment
Hide comment
@pcgeek86

pcgeek86 Dec 3, 2016

As an Xfinity customer, I'm legitimately concerned about the security flaws that this exposes. No one should be injecting advertisements for a service that I already pay for, and exposing my system to security risks. Reckless.

pcgeek86 commented Dec 3, 2016

As an Xfinity customer, I'm legitimately concerned about the security flaws that this exposes. No one should be injecting advertisements for a service that I already pay for, and exposing my system to security risks. Reckless.

@hydranix

This comment has been minimized.

Show comment
Hide comment
@hydranix

hydranix Dec 29, 2016

I'm not even joking, but in the injection I just saw (Dec 29th 2016)

<script language="JavaScript" type="text/javascript">
// Comcast Cable Communications, LLC Propriertary, Copyright (C) 2012-2013 Comcast
// Intended use of this message is to display critical and time sensitive notifications to customers.

Note the spelling of "Propriertary".

hydranix commented Dec 29, 2016

I'm not even joking, but in the injection I just saw (Dec 29th 2016)

<script language="JavaScript" type="text/javascript">
// Comcast Cable Communications, LLC Propriertary, Copyright (C) 2012-2013 Comcast
// Intended use of this message is to display critical and time sensitive notifications to customers.

Note the spelling of "Propriertary".

@SpaceOctopus

This comment has been minimized.

Show comment
Hide comment
@SpaceOctopus

SpaceOctopus Mar 30, 2017

This is ridiculous. I can confirm it happens, as I have now received such notifications at least 3 times. I'm curious as to whether or not I can report this behavior to the FTC. The more reports they get about stuff like this, the more likely they are to do something about it. They must be doing something illegal here. Even if it's just using GPL code without permission.
I really hate Comcast as it is already, but when they are basically the monopoly where you live (no other provider), this is not just your run of the mill security flaw. Internet is a utility, and everyone needs it. To simply claim we can just stop paying Comcast is a gross oversimplification of the problem & completely ignores the fact this is a huge security flaw, not to mention the fact I think they're not allowed to hijack or inject your connection? Where the hell is consumer protection? Why is this allowed?

It's bad enough that they are imposing a bandwidth cap at all, especially when they are obviously lying about their reasons, and lying to customers by saying nonsense about how less than 1% of users use more than 1TB in a month, and that those people cause any sort of problem whatsoever, or that it should cost more or less depending on how much you use. That is retarded. Anyone with half a brain knows this is just a grab for more money. It doesn't cost them a dime extra to let the supposed 1% use more than that 1TB, not to mention the fact that 1% isn't even enough of a percentage to be worth doing anything about. Take into consideration the fact that these users are technically just using the bandwidth that isn't used by those people using less than 100gb in a month.... anyway, I feel like everyone is just allowing comcast to bend them over & taking it like they have to. Report them to the FTC. Do something. Just because data caps don't affect you, doesn't mean they are acceptable, or reasonable. You're screwing the rest of us. It is extremely unreasonable to charge overage fees the way they do. They can charge you up to $200 for overage. Per month. If you want truly unlimited internet, like you've been paying for FOR YEARS, and signed a contract for, you have to pay an additional $50 a month, on top of the amount you already pay, which is bullshit considering the fact you're paying for speeds you don't even get 1/8th of on a good day (even with a badass, brand new, super fast router & modem you pay for yourself)..... :(

@hydranix LOL at propriertary.

SpaceOctopus commented Mar 30, 2017

This is ridiculous. I can confirm it happens, as I have now received such notifications at least 3 times. I'm curious as to whether or not I can report this behavior to the FTC. The more reports they get about stuff like this, the more likely they are to do something about it. They must be doing something illegal here. Even if it's just using GPL code without permission.
I really hate Comcast as it is already, but when they are basically the monopoly where you live (no other provider), this is not just your run of the mill security flaw. Internet is a utility, and everyone needs it. To simply claim we can just stop paying Comcast is a gross oversimplification of the problem & completely ignores the fact this is a huge security flaw, not to mention the fact I think they're not allowed to hijack or inject your connection? Where the hell is consumer protection? Why is this allowed?

It's bad enough that they are imposing a bandwidth cap at all, especially when they are obviously lying about their reasons, and lying to customers by saying nonsense about how less than 1% of users use more than 1TB in a month, and that those people cause any sort of problem whatsoever, or that it should cost more or less depending on how much you use. That is retarded. Anyone with half a brain knows this is just a grab for more money. It doesn't cost them a dime extra to let the supposed 1% use more than that 1TB, not to mention the fact that 1% isn't even enough of a percentage to be worth doing anything about. Take into consideration the fact that these users are technically just using the bandwidth that isn't used by those people using less than 100gb in a month.... anyway, I feel like everyone is just allowing comcast to bend them over & taking it like they have to. Report them to the FTC. Do something. Just because data caps don't affect you, doesn't mean they are acceptable, or reasonable. You're screwing the rest of us. It is extremely unreasonable to charge overage fees the way they do. They can charge you up to $200 for overage. Per month. If you want truly unlimited internet, like you've been paying for FOR YEARS, and signed a contract for, you have to pay an additional $50 a month, on top of the amount you already pay, which is bullshit considering the fact you're paying for speeds you don't even get 1/8th of on a good day (even with a badass, brand new, super fast router & modem you pay for yourself)..... :(

@hydranix LOL at propriertary.

@r3wt

This comment has been minimized.

Show comment
Hide comment
@r3wt

r3wt Jun 21, 2017

@SpaceOctopus this is legal unfortunately. I would suggest writing letters to your representative(s). If enough people make enough noise about this, eventually a bill could be brought to make this practice illegal.

r3wt commented Jun 21, 2017

@SpaceOctopus this is legal unfortunately. I would suggest writing letters to your representative(s). If enough people make enough noise about this, eventually a bill could be brought to make this practice illegal.

@victoriafrench

This comment has been minimized.

Show comment
Hide comment
@victoriafrench

victoriafrench Dec 16, 2017

@r3wt how is this legal? what law makes it legal? When a customer is coming to my site and they intercept the code that I own the copyright to and modify it, they are illegally making a derivative work of my code. I don't see how anyone can claim this is legal. I am waiting for a response from our attorneys, we are looking for any cases that legalize this, but right now I don't see how anyone can claim this is legal.

@r3wt how is this legal? what law makes it legal? When a customer is coming to my site and they intercept the code that I own the copyright to and modify it, they are illegally making a derivative work of my code. I don't see how anyone can claim this is legal. I am waiting for a response from our attorneys, we are looking for any cases that legalize this, but right now I don't see how anyone can claim this is legal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment