Should Businesses Foot the Bill for Free Public Wifi?

Comcast announced it has surpassed one million Wi-Fi hotspots across the nation, according to a press release that the company recently issued.

How did they do that?

Outdoor Hotspots: Comcast has placed Xfinity WiFi hotspots in public locations across the country, ranging from shopping centers and commuter stations to parks, sporting venues, beaches and boardwalks. Cities include San Francisco, Chicago, Boston, Philadelphia, Washington, D.C., and Atlanta as well as areas of New Jersey, Maryland, Virginia and Delaware.

Business Hotspots: Most Comcast Business Internet customers are eligible to receive an Xfinity WiFi hotspot for no additional charge when they order service. This is a value-added feature that directly improves their patrons' experience. Examples include restaurants, cafes and bakeries, retail establishments and office waiting rooms.

Neighborhood Hotspots: Recently, Comcast began providing residential customers with Xfinity Wireless Gateways the ability to have a second "xfinitywifi" signal (or SSID) in their home that is separate and distinct from their private and secure home Wi-Fi signal. This additional access point provides Xfinity Internet subscribers with a Wi-Fi signal without the need to share a homeowner's private network password. This service is included at no additional charge.

As a business, we received a  notice from Comcast touting that their new Wifi Service is available and includes at no additional charge a free public wifi within. Also note that this free public wifi can’t be turned off if you accept the wifi router from them. This is a big deal because it means that as a business YOU are paying for Comcast to provide free wifi to the general public. How are you paying? You are paying by agreeing to let the public use your available bandwidth that you bought for your business to use. This is important because streaming applications like Spotify, for example, are designed to use a lot of bandwidth. We’ve seen over and over again streaming applications grind business to a near halt. Further I really hate the idea of inviting the world onto your network. Comcasts routers were vulnerable to the recent Heartbleed episode and no security is perfect. The fewer people you have hitting your wifi the better.

Our recommendation therefore is that our clients do not accept the free wifi router from Comcast. Wifi routers are inexpensive enough to not warrant the risk.

-Amy

Alert: More News About Heartbleed

Companies are beginning to issue statements on whether or not their web servers were compromised by the Heartbleed vulnerability. If you use any of the services below you need to visit them and change your password. You also need to change your password for any other site where you have used that same password.

Facebook, Instagram, IFFT, Pinterest, Twitter, USAA, Intuit – Turbo Tax, DropBox, Box, LastPass, Minecraft, NetFlix, OKCupid, Wunderlist, SoundCloud

Google: Search, Gmail, YouTube, Wallet, Play, Apps and App Engine. That Play is effected is a big deal. That means your Android phone and tablets are wide open. Google has yet to announce how they will handle issuing updates for all of the apps in the Google Play store.

Yahoo: Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr

Amazon: Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront,

More Bad News:

Because GoDaddy’s own servers were affected it means that the certificates they issued are also effected and must be rekeyed and reinstalled. Although we recently switched to providing our own SSL certificates to our clients through ENOM most of our clients are still using GoDaddy certificates. This means that we’ll be asking for a new set of security keys for each of your from GoDaddy and reapplying the certificates to your servers. Since your server isn’t directly affected this is merely a precautionary measure.

Some Good News: Here’s what isn’t affected.

Your servers. Microsoft software including all of their hosted products are safe. Bing is safe. eBay, Amazon (store), PayPal, Federal Government websites, Nordstrom, Wal-Mart, Target, Bank of America, Chase, Capital One, e*Trade, Citigroup, Fidelty, Schwab, Ameritrade, USBank, Wells Fargo and LinkedIN are all safe. EverNote and Apple are safe.

If you have any difficulty changing your passwords ask us for assistance. If you have any questions about Heartbleed ask us about that too.

-Amy

Alert: HeartBleed

Heartbleed is the latest in an epidemic of attacks on the Linux foundation of the Internet. Most websites use Linux in one way or another but until recently the hacker community has left them alone. But a couple of months ago cPanel, the application that every website uses to publish itself, was hacked and now it’s OpenSSL. OpenSSL is the SSL certificate processing portion of websites. The hack allows your username and password and any other data that you enter into the website to be harvested in plain text defeating the whole purpose of an SSL protected website. The worst part about these recent hacks is that no one noticed them for the last two years.

You can find out if a website that you visit hasn’t been patched yet by entering its address into this tool http://filippo.io/Heartbleed/ I would recommend doing that for any website where you are entering in your username and password.

If you are curious about which websites were vulnerable, here are a few that still are as of last night: yahoo, flickr, eventbright, zoho, squidoo, petflow, fool, lastpass and slate. They are among tens of thousands.

So let’s say you use one or more of those common websites. You might feel that there’s nothing there in your personal information to worry about. There’s just your name, email address, home address, business address and perhaps some stored credit card information. The later is of course a concern but the larger concern is whether you used that same password any where else. That’s really what the bad guys are after. Because once they have a password of yours, they throw it at the websites that might yield money: credit card, banking, investments, tax returns, payroll, maybe they’ll order something from Amazon. That’s the real danger. So take the time to look and change those passwords.

If you need assistance, we’re here to help.

-Amy

p.s. My apologies for yesterdays post. It was not meant for you. I hit enter and sent it to the wrong group. That was for ThirdTier where we help other IT firms with technical issues and for the last 16 months we also help them build better businesses. It’s time to give back and help make this profession better as a whole.