That the local gas and water supplier of Lübeck, Germany also acts as an ISP for residential DSL connections is maybe surprising, but not particularly bad.
Painful, however, is that they apparently keep the administrative interface of their customers' DSL modems open to the evil, evil Internet. No prob, as long as it is password protected, you might think. Of course it is. But, to make attacking the poor customers a piece of cake, the current password is automatically provided in a value field of an HTML form.
Every, even only partly intelligent fifth-grader can probably write a script to use this invitation for playing around with other people's internet connection. Which - of course - did not lead the ISP to do anything about the situation so far. Even if they were already mailed a username-password list of all their customers...
This shining example of ISP insecurity really makes me want to cry.
And, considering I am a Comcast customer, I hope that at least they know what they are doing. The last time I had to do with their customer service, I honestly did not have that impression -- so I wonder who's possibly playing around with my modem in this very moment? ;)
(via a German story by Isotopp)