ZDNet reports that over 30 Comcast mail servers were compromised recently:

NullCrew FTS used a Local File Inclusion (LFI) exploit to gain access to the Zimbra LDAP and MySQL database — which houses the usernames and passwords of Comcast ISP users.

I am a Comcast customer and I haven’t heard anything from them about this. Which is line with what ZDNet has reported, that they haven’t been forth coming with details yet.

Off I went to change my Comcast password. That is when I ran into this disappointing password policy:

comcast-password-limits

The good part is that they do support special characters, which is more than I can say for some other password policies I’ve seen.

The bad part is that it only supports up to 16 characters and doesn’t allow spaces. That suggests that Comcast might be storing the passwords in plain text. Which of course would be bad.