Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Is Comcast's year-long WiFi initiative secure for its users?

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 16, 2014

Click here to order the best dedicated server and at a great price.

If you live in the U.S. and you're a Comcast cable customer, your home's private Wi-Fi router is being turned into a public hotspot and for about a whole year already.

It's potentially scary while annoying at the same time. But the upside is that you get Internet access almost everywhere in your community.

As we said earlier, it's been one year already since Comcast started its gigantic project to blanket residential and commercial areas in several U.S. cities with continuous Wi-Fi coverage.

Imagine waves of wireless Internet emitting from every home, business and public waiting areas. To be sure, Comcast has been swapping out customers' old WiFi routers with new ones capable of doubling as public hotspots.

So far, the company has turned 3 million home devices into public ones. By year's end it plans to activate that feature on the other 5 million already installed. Yes, it's a huge project, but it's coming along within schedule, Comcast says.

So anyone with an Xfinity account can register their devices (laptop, tablet, smartphone) and the public network will always keep them registered-- at a friend's home, coffee shop or bus stop in their immediate community.

But what about security and privacy? It seems like Comcast did this the right way, at least we can only hope...

Outsiders never get access to your private, password-protected home network. Each router has two separate antennas, Comcast explained. That means criminals or potential hackers can't jump from the public channel into your network and hack into one of your devices or your PC.

And don't expect every passing stranger to get access. The Wi-Fi signal is no stronger than it is now, so anyone parked in front of your house or apartment will have a difficult time tapping into the public network. This system was meant for your guests or friends at home, not on the street.

As for strangers tapping your router for illegal activity, Comcast said you'll be guilt-free if the FBI comes knocking. Anyone hooking up to the "Xfinity Wi-Fi" public network must sign in with their own traceable IP nad Comcast customer credentials.

Still, no system is ever 100 percent foolproof, and this could be unnecessary exposure to potential harm. Craig Young, a computer security researcher at Tripwire, has tested the top 50 routers on the market right now.

He found that about 68.4 percent of them have serious weaknesses. If a hacker finds one in this Comcast router, then all bets are off.

"If you're opening up another access point, it increases the likelihood that someone can tamper with your router," he said.

What about connection speed? Having several people tapping a single machine tends to clog up the Wi-Fi connection, however. But Comcast says it found a way to make this work.

With two separate networks, each antenna has its own data speed cap. Comcast said the private channel provides whatever speed customers already pay to get (most have 25 Megabits per second).

The public hotspot channel is given 15 Mbps and allows up to five people to connect at a time. That simply means that by having your data-hungry friends over shouldn't slow down your Netflix stream, Comcast says.

Company spokesman Charlie Douglas promised "there's more than enough capacity" in the cables connecting to people's homes to make this work.

"You shouldn't experience any conflict between the two networks," he said. "It's something our engineers thought about carefully. The last thing we want to allow is to create a bad user experience."

Comcast's initiative started in northern New Jersey last year, and has now spread to Boston, Chicago, Houston, Indianapolis, Minneapolis, Philadelphia, San Francisco, Seattle and a few other cities.

"Before this, there was no value in having Internet when you're not at home," Douglas said. "Every time you left the house you walked away from your subscription. But with all these hotspot locations, you can connect to the Internet remotely. Everyone's device is mobile. It makes a lot of sense."

But what if you don't like the idea of your private routers turned into public hotspots? You can turn it off by calling Comcast or logging into your account online.

The company says that fewer than 1 percent of customers have done that so far. Still, you have to wonder of the security implications in this. As they say: better be safe than sorry, so you might want to think twice before going along with this.

In other internet security news

A scientific researcher from the RSA says he has found an entirely new trojan during his investigations of the criminal underground.

To be sure, Eli Marcus says the "Pandemiya" trojan comprises about 25,000 lines of new code. With most malware based on proven platforms, entirely new code is a rarity in the internet security world.

And Pandemiya is very nasty-- it can steal data from forms, create fake web pages and take screen shots to send back to the botmasters who deploy the malware.

Worse, the virus is modular, very pervasive and unique, thanks to its ability to inject itself into all new processes via the Windows security registry function CreateProcess API.

It even has an upgrade path-- Marcuswrites that a $1,500 version offers basic functions but a $2,000 version allows .dll file plug-ins to enhance its functionality.

A Facebook attack module is also reportedly in the works. "The advent of a freshly coded new trojan malware application is not too common in the underground," Marcus writes, adding that the modular approach means Pandemiya could become more pervasive in the near future.

Pandemiya can also sign off botnet files, a feat Marcus said helped prevent hijacking and analysis by cops and security personnel.

Dynamically encrypted communications help it to dodge network analysers. Like other trojans, Pandemiya is foisted on machines through exploit kits and drive-by infections that target security vulnerabilities in buggy software such as Java, Silverlight and Flash.

Marcus speculated that the trojan was relatively unknown until now due to its high price and new-kid-on-the-block status compared to the likes of Zeus and Citadel.

The good news is that Pandemiya can easily be removed with a little registry-tweaking and command line action.

In other internet security news

Two young Canadian teenagers have made a mockery of bank security by hacking into an automatic teller machine during a lunch break between classes.

The two 14 year olds, identified as Caleb Turon and Matthew Hewlett, broke into a Bank of Montreal ATM during school lunch by following an online manual for accessing the machine's administrator functions.

The security charade continued when the pair, after being asked by the bank's head of security for proof of their hack, simply broke back into the machine and printed off information including transaction data, surcharge profits and the total cash held in the unit.

Turon and Hewlett gained access to that data by guessing the administrator password on their first attempt, indicating the ATM had default settings enabled.

The kids took it upon themselves to perform a civic duty by dropping the surcharge for transactions to one cent and changing the welcome display screen to-- "Go away. This ATM has been hacked".

Hewlett told the Winnipeg Sun they did not expect the hack to work. "We thought it would be fun to try it, but we were not expecting it to work," he told the newspaper.

The kids may have discovered one of a handful of websites that contained very detailed documentation explaining how to access administrative functions of ATMs.

Those forums existed ostensibly to help service people to access a variety of ATM makes and models but could be used by criminals or apparently even children to break into the units.

The bank said that customer information was not compromised and it would review security of its ATMs.

In other internet security news

Microsoft has reportedly left Windows 7 exposed by only applying patches to its newest operating systems, Windows 8.

Internet security researchers discovered the flaws after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in Windows 7.

They said that the shortcoming could lead to the discovery of zero day security vulnerabilities.

The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks.

Researcher Moti Joseph speculated that Microsoft had not applied the fixes to Windows 7 to save money.

"Why is it that Microsoft inserted a safe function into Windows 8 but not Windows 7? The answer is money-- Microsoft does not want to waste development time on older operating systems and they want people to move to higher operating systems," Joseph said in a presentation at the Troopers 2014 Conference.

Microsoft has been contacted for comment, and we are still waiting to hear from the company. Together with malware analyst Marion Marschalek, the two researchers developed a capable tool dubbed DiffRay which would compare Windows 8 with 7, and log any safe functions absent in the older platform.

"It was scary simple, Marschalek said, and it was also faster than finding security vulnerabilities by hand," he added.

Security technicians could then probe those functions to identify the vulnerabilities and various exploits that could be done by potential hackers.

In a demonstration of DiffRay, the researchers found four missing safe functions in Windows 7 that also were present in 8.

"If we get one zero-day from this project, it's worth it," Joseph said. Future work will extend DiffRay's capabilities to find potential security vulnerabilities in Windows 8.1, add intelligence to trace input values for various functions and then incorporate even more intelligent signatures used to find potential security flaws. Duplicates and abundant false positives in the current version would also be ironed out.

In other internet security news

Microsoft said earlier today that it's planning to deliver at least seven security updates June 10 in its scheduled Patch Tuesday update next week.

Microsoft has posted its advance notification for the upcoming security release, which it said will consist of two critical security bulletins and five others rated as important.

According to the software giant, the critical update will address a pair of remote code execution flaws and will be considered a top deployment priority for Windows, Windows Server, Internet Explorer, Office, and Lync.

The first bulletin addresses critical security issues in Internet Explorer, while the second addresses one or more flaws in Microsoft Office and Lync (excluding Lync Server).

As is usually the case, Microsoft does not post specific details on the security vulnerabilities until after the patches have been released.

All currently supported versions of both client-side Windows and Windows Server will receive at least one bulletin rated as critical, although the Internet Explorer bulletin is considered a lower priority on Server systems where the browser is less likely to be accessible to an attacker.

Users and system administrators running Windows Vista, Windows 7, 8, 8.1, and Windows RT should consider both bulletins critical fixes and top priorities for testing and deployment.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Comcast.

Click here to order the best dedicated server and at a great price.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.