Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device's MAC address as a key component of authentication.

Listen to your technical guys

[qbast]

I can imagine the discussion:
- (technical guy) - we can't rely on MAC for security! MAC can be obtained by eavesdropping and then attacker can figure out how to break in
- (marketing guy) - yes, yes, but the simplicity for user is most important thing
- (management) - nobody will be able to figure out this MAC thingy anyway, make it so.