Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

May you do Good Magic with Perl. -- Larry Wall's blessing


computers / alt.online-service.comcast / Re: Two Factor Authorization Mystery Solved

SubjectAuthor
* Two Factor Authorization Mystery SolvedRetirednoguilt
+* Re: Two Factor Authorization Mystery SolvedVanguardLH
|`- Re: Two Factor Authorization Mystery SolvedRetirednoguilt
`- Re: Two Factor Authorization Mystery SolvedLane

1
Two Factor Authorization Mystery Solved

<ukasrf$1gt5g$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=563&group=alt.online-service.comcast#563

 copy link   Newsgroups: alt.online-service.comcast
Path: i2pn2.org!i2pn.org!news.nntp4.net!news.hispagatos.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: HapilyRe...@fakeaddress.com (Retirednoguilt)
Newsgroups: alt.online-service.comcast
Subject: Two Factor Authorization Mystery Solved
Date: Thu, 30 Nov 2023 15:55:08 -0500
Organization: A noiseless patient Spider
Lines: 50
Message-ID: <ukasrf$1gt5g$1@dont-email.me>
Reply-To: HapilyRetired@fakeaddress.com
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 30 Nov 2023 20:55:11 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="d45fe9c143ebf38ca819f5bb9a3bcc4f";
logging-data="1602736"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/i3TezZLHORUQA39vUMNyNA70FrddnsBE="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:kgD9eSFweQdAaTslet9JoKZZRss=
Content-Language: en-US
 by: Retirednoguilt - Thu, 30 Nov 2023 20:55 UTC

As more and more web sites (especially those for financial institutions)
deploy 2 factor authorization, I'm describing my recent experience and
what I found and did to resolve it.

Previously I had no problems logging on to a web site using two factor
authorization. I'd click on the box on the web page to get an automated
phone call to my land line and almost immediately, my phone would ring
and I'd get the call speaking the numerical code that I entered on the
web site form.

Yesterday, trying to log on, my phone never rang. However, a minute or
two later, I'd get notification of a new voice mail. Turns out the
voice mail was from the financial institution I was trying to log on to.
The computer generated voice mail said that apparently I was having
trouble logging on and I should try again or call a toll free number the
recording provided to get assistance. Several more attempts yielded the
same result. I eventually called and asked to be connected to their web
site technical support department. The person I spoke with said they
had not changed anything in their two factor authorization protocol and
had no idea why their automated call was not ringing through to me.

I began considering potential reasons and wondered if COMCAST Voice had
changed their spam protection protocols and the problem was caused by an
issue at COMCAST. I logged on to my COMCAST account and went to the
spam blocking section of their "voice" settings. Apparently they now
have 4 or maybe 5 categories into which they sort incoming calls.
Verified authentic calls (don't ask me how the numbers are verified, I
have no idea) display a "[V]" at the beginning of the caller ID display.
Some other calls that apparently don't have any shady history but
haven't been verified just display the identity and number, and then
there are 3 categories of calls categorized as low risk, medium risk,
and high risk. On the spam blocking web page, there are 3 radio buttons
to the right of each spam risk category labeled "Block", "Send to
voicemail" and "Allow". The default settings were high risk - block,
with both medium and low risk sent to voice mail. On a hunch, I changed
the setting for low risk to allow. I then attempted again to log in to
the financial institution. When I clicked on the button on the web site
to send the code, almost immediately my phone rang and when I picked up,
I heard the code. What was interesting was that the caller ID displayed
"Spam?" before the name and number of the caller. I've reported the
erroneous designation of that phone number as "Spam?" to COMCAST and
indicated that "[V]" was much more appropriate for a critical phone
number at a financial institution with more than one trillion dollars
under management!

If you have COMCAST phone service and recently experienced mysterious
failure to receive expected incoming calls, check your account's spam
blocking settings. COMCAST never informed me that they changed their
protocols and default incoming call routing/blocking behavior. After
all, informing customers of that change would probably cost them money.

Re: Two Factor Authorization Mystery Solved

<gqckk59o8ccs.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=564&group=alt.online-service.comcast#564

 copy link   Newsgroups: alt.online-service.comcast
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: alt.online-service.comcast
Subject: Re: Two Factor Authorization Mystery Solved
Date: Thu, 30 Nov 2023 15:14:42 -0600
Organization: Usenet Elder
Lines: 78
Sender: V@nguard.LH
Message-ID: <gqckk59o8ccs.dlg@v.nguard.lh>
References: <ukasrf$1gt5g$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net pAqfHMXGiySZCpslxS5uBw6jjE8AKnqiQs02v4VblQH6fH6OEe
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:8+y2pF8vWjUekOUcoCWHDi7rJ/o= sha256:ucC8nUzegVfiv/+Ku8Fv2fJNLc1dV1a9SJCs/ZVO5Z4=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Thu, 30 Nov 2023 21:14 UTC

Retirednoguilt <HapilyRetired@fakeaddress.com> wrote:

> As more and more web sites (especially those for financial institutions)
> deploy 2 factor authorization, I'm describing my recent experience and
> what I found and did to resolve it.
>
> Previously I had no problems logging on to a web site using two factor
> authorization. I'd click on the box on the web page to get an automated
> phone call to my land line and almost immediately, my phone would ring
> and I'd get the call speaking the numerical code that I entered on the
> web site form.
>
> Yesterday, trying to log on, my phone never rang. However, a minute or
> two later, I'd get notification of a new voice mail. Turns out the
> voice mail was from the financial institution I was trying to log on to.
> The computer generated voice mail said that apparently I was having
> trouble logging on and I should try again or call a toll free number the
> recording provided to get assistance. Several more attempts yielded the
> same result. I eventually called and asked to be connected to their web
> site technical support department. The person I spoke with said they
> had not changed anything in their two factor authorization protocol and
> had no idea why their automated call was not ringing through to me.
>
> I began considering potential reasons and wondered if COMCAST Voice had
> changed their spam protection protocols and the problem was caused by an
> issue at COMCAST. I logged on to my COMCAST account and went to the
> spam blocking section of their "voice" settings. Apparently they now
> have 4 or maybe 5 categories into which they sort incoming calls.
> Verified authentic calls (don't ask me how the numbers are verified, I
> have no idea) display a "[V]" at the beginning of the caller ID display.
> Some other calls that apparently don't have any shady history but
> haven't been verified just display the identity and number, and then
> there are 3 categories of calls categorized as low risk, medium risk,
> and high risk. On the spam blocking web page, there are 3 radio buttons
> to the right of each spam risk category labeled "Block", "Send to
> voicemail" and "Allow". The default settings were high risk - block,
> with both medium and low risk sent to voice mail. On a hunch, I changed
> the setting for low risk to allow. I then attempted again to log in to
> the financial institution. When I clicked on the button on the web site
> to send the code, almost immediately my phone rang and when I picked up,
> I heard the code. What was interesting was that the caller ID displayed
> "Spam?" before the name and number of the caller. I've reported the
> erroneous designation of that phone number as "Spam?" to COMCAST and
> indicated that "[V]" was much more appropriate for a critical phone
> number at a financial institution with more than one trillion dollars
> under management!
>
> If you have COMCAST phone service and recently experienced mysterious
> failure to receive expected incoming calls, check your account's spam
> blocking settings. COMCAST never informed me that they changed their
> protocols and default incoming call routing/blocking behavior. After
> all, informing customers of that change would probably cost them money.

I just checked my Comcast voicemail spam block settings which I haven't
touched nor even reviewed in maybe 3 years, or more. They are:

High risk calls: Block
Medium risk calls: Send to voicemail
Low risk calls: Allow

There is no indications what are the defaults if you never touched them,
or they got introduced since you previously reviewed your spam block
settings.

Despite Comcast adding spam call filtering (which seems new to me since
I don't know when they added it), I had already incorporated NoMoRobo
with my Comcast Voice number. For spammers, I hear 1 rings, and then
silence. The CID gets sent between the 1st and 2nd ring, and why I
still hear the 1st ring. So, I don't pick up until the 2nd ring.

https://corporate.comcast.com/press/releases/comcast-new-advanced-spam-blocker-feature-xfinity-voice-customers
(dated Oct 2021)

Looks like I haven't reviewed my Voice settings for at least 2 years.

As for "verified" status of a call, the article above refers to:

https://corporate.comcast.com/press/releases/fcc-chairman-pai-crtc-chairman-scott-stirshaken-calls-xfinity-voice-telus-wireless

Re: Two Factor Authorization Mystery Solved

<ukd062$1u5mt$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=565&group=alt.online-service.comcast#565

 copy link   Newsgroups: alt.online-service.comcast
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: HapilyRe...@fakeaddress.com (Retirednoguilt)
Newsgroups: alt.online-service.comcast
Subject: Re: Two Factor Authorization Mystery Solved
Date: Fri, 1 Dec 2023 11:04:14 -0500
Organization: A noiseless patient Spider
Lines: 96
Message-ID: <ukd062$1u5mt$1@dont-email.me>
References: <ukasrf$1gt5g$1@dont-email.me> <gqckk59o8ccs.dlg@v.nguard.lh>
Reply-To: HapilyRetired@fakeaddress.com
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 1 Dec 2023 16:04:18 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="cb7fce42d77d78e7d8325ae40156009f";
logging-data="2037469"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+M/YMI5FQBlY+6zgO2GjJzLxABf1PyXE0="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:3ALH/+6YXBpuXFIUQBp2nA0ZuKE=
Content-Language: en-US
In-Reply-To: <gqckk59o8ccs.dlg@v.nguard.lh>
 by: Retirednoguilt - Fri, 1 Dec 2023 16:04 UTC

On 11/30/2023 4:14 PM, VanguardLH wrote:
> Retirednoguilt <HapilyRetired@fakeaddress.com> wrote:
>
>> As more and more web sites (especially those for financial institutions)
>> deploy 2 factor authorization, I'm describing my recent experience and
>> what I found and did to resolve it.
>>
>> Previously I had no problems logging on to a web site using two factor
>> authorization. I'd click on the box on the web page to get an automated
>> phone call to my land line and almost immediately, my phone would ring
>> and I'd get the call speaking the numerical code that I entered on the
>> web site form.
>>
>> Yesterday, trying to log on, my phone never rang. However, a minute or
>> two later, I'd get notification of a new voice mail. Turns out the
>> voice mail was from the financial institution I was trying to log on to.
>> The computer generated voice mail said that apparently I was having
>> trouble logging on and I should try again or call a toll free number the
>> recording provided to get assistance. Several more attempts yielded the
>> same result. I eventually called and asked to be connected to their web
>> site technical support department. The person I spoke with said they
>> had not changed anything in their two factor authorization protocol and
>> had no idea why their automated call was not ringing through to me.
>>
>> I began considering potential reasons and wondered if COMCAST Voice had
>> changed their spam protection protocols and the problem was caused by an
>> issue at COMCAST. I logged on to my COMCAST account and went to the
>> spam blocking section of their "voice" settings. Apparently they now
>> have 4 or maybe 5 categories into which they sort incoming calls.
>> Verified authentic calls (don't ask me how the numbers are verified, I
>> have no idea) display a "[V]" at the beginning of the caller ID display.
>> Some other calls that apparently don't have any shady history but
>> haven't been verified just display the identity and number, and then
>> there are 3 categories of calls categorized as low risk, medium risk,
>> and high risk. On the spam blocking web page, there are 3 radio buttons
>> to the right of each spam risk category labeled "Block", "Send to
>> voicemail" and "Allow". The default settings were high risk - block,
>> with both medium and low risk sent to voice mail. On a hunch, I changed
>> the setting for low risk to allow. I then attempted again to log in to
>> the financial institution. When I clicked on the button on the web site
>> to send the code, almost immediately my phone rang and when I picked up,
>> I heard the code. What was interesting was that the caller ID displayed
>> "Spam?" before the name and number of the caller. I've reported the
>> erroneous designation of that phone number as "Spam?" to COMCAST and
>> indicated that "[V]" was much more appropriate for a critical phone
>> number at a financial institution with more than one trillion dollars
>> under management!
>>
>> If you have COMCAST phone service and recently experienced mysterious
>> failure to receive expected incoming calls, check your account's spam
>> blocking settings. COMCAST never informed me that they changed their
>> protocols and default incoming call routing/blocking behavior. After
>> all, informing customers of that change would probably cost them money.
>
> I just checked my Comcast voicemail spam block settings which I haven't
> touched nor even reviewed in maybe 3 years, or more. They are:
>
> High risk calls: Block
> Medium risk calls: Send to voicemail
> Low risk calls: Allow
>
> There is no indications what are the defaults if you never touched them,
> or they got introduced since you previously reviewed your spam block
> settings.
>
> Despite Comcast adding spam call filtering (which seems new to me since
> I don't know when they added it), I had already incorporated NoMoRobo
> with my Comcast Voice number. For spammers, I hear 1 rings, and then
> silence. The CID gets sent between the 1st and 2nd ring, and why I
> still hear the 1st ring. So, I don't pick up until the 2nd ring.

Your default settings make sense and as I noted, are what I set mine to
do while trouble shooting. Don't know how/why/when my low risk setting
(which I had never previously seen or touched) was set to send the call
to voicemail. I figured my post was too long already to add that I also
use NOMOROBO on that line. However, my phone, a Panasonic, has a
setting option that silences the first ring of every incoming call. We
hear nothing when a call is intercepted by NOMOROBO. To give us enough
time to get to a handset before the COMCAST voice mail kicks in, in the
COMCAST voice settings, I raised the number of rings before voicemail
intercepts the call by one ring. Many times each day, if I happen to
see the LCD screen of my phone out of the corner of my eyes, I'll note
that the screen lights up and displays "incoming call" for about 5-7
seconds. The phone never rings and the call never registers on the
phone's caller ID history list. However, it does show up on my COMCAST
Voice calling log and inevitably is an unwanted spam and/or robocall.
>
> https://corporate.comcast.com/press/releases/comcast-new-advanced-spam-blocker-feature-xfinity-voice-customers
> (dated Oct 2021)
>
> Looks like I haven't reviewed my Voice settings for at least 2 years.
>
> As for "verified" status of a call, the article above refers to:
>
> https://corporate.comcast.com/press/releases/fcc-chairman-pai-crtc-chairman-scott-stirshaken-calls-xfinity-voice-telus-wireless

Re: Two Factor Authorization Mystery Solved

<d1lkmi9pn4v3hjfsfsr1b4dofonqhdtmgk@4ax.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=566&group=alt.online-service.comcast#566

 copy link   Newsgroups: alt.online-service.comcast
From: inva...@invalid.invalid (Lane)
Newsgroups: alt.online-service.comcast
Subject: Re: Two Factor Authorization Mystery Solved
Date: Fri, 01 Dec 2023 16:47:57 -0500
Organization: ViperNews - www.vipernews.com
Message-Id: <d1lkmi9pn4v3hjfsfsr1b4dofonqhdtmgk@4ax.com>
References: <ukasrf$1gt5g$1@dont-email.me>
X-No-Archive: yes
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 17
Path: i2pn2.org!i2pn.org!news.1d4.us!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!peer02.ams4!peer.am4.highwinds-media.com!news.highwinds-media.com!feeder.usenetexpress.com!tr2.eu1.usenetexpress.com!news.uzoreto.com!posting.uzoreto.com!not-for-mail
Nntp-Posting-Date: Fri, 01 Dec 2023 21:47:55 +0000
X-Complaints-To: https://www.uzoreto.com/ntd/
X-Received-Bytes: 1454
 by: Lane - Fri, 1 Dec 2023 21:47 UTC

Retirednoguilt wrote:

> COMCAST never informed me that they changed their
> protocols and default incoming call routing/blocking behavior. After
> all, informing customers of that change would probably cost them money.

These changes were rolled out in September, 2021. I was informed via
email. One of the links from that email was this one:

https://www.xfinity.com/support/articles/spam-blocker-overview

When I initially checked my settings, they were indeed the same as the
default settings mentioned in the article.

For the most part, it's worked pretty well. One or two spectacular
glitches, though, like them flagging my eye surgeon's number as spam.
Wasn't too happy about that.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor