BT Open Zone... Great Idea?

Safe WIFI Zones all over the UK....

This is probably going to turn into the biggest blog we've ever done, and only because we care!  BT Open Zone and BT WIFI Hotspots are becoming more and more frequent.  If you haven't noticed, then why not get your laptop and scan for WIFI hotspots, I guarantee that your sure to find one.  So its a great idea, right?

Look closer, you'll notice that theres no security key.  Your machine hops on wirelessly and effortlessly to the Open Zone. So if you can, then what stops everyone else doing it? Well, BT do have restrictions to prevent you accessing the 'Internet' without being a BT customer but so what? Your device is still connected to a wifi device without your permission and who else is on the device?

My concern is that if my laptop is connected to a WIFI device in a public place, I could be at risk.  Associate security consultants have confirmed that this is the case.  It's nothing far short of a place where you can be openly attacked and not even know it!

Those of you who know me, know I wouldn't take this lying down so I called BT. I know, I should know better. Since 1st of June 2011 our company has phoned BT 78 times and spoke to many representatives on the subject from BT Home, BT Business, BT Customer Services and even BT Wholesale who apparently install these WIFI zones. Not one person at BT could help, had any concerns or wanted to take any responsibility and help.  As a result, this has now become a government issue because BT is our biggest supplier of broadband and WIFI which is now a security risk, UK WIDE!

On a normal day, my Apple Mac sits 6ft away from our providers router.  So wireless strength is not a problem.  However, each and every time we boot up the MAC, we end up conected to the BT Open Zone WIFI.  The Open Zone signal is so strong that your device will always take the strongest signal first and this as I said previously has no security key to access it!

Convinced? Read this...  A security consultant attended a local Open Zone WIFI zone with me.  Upon accessing the zone, he was able to find 28 nodes (devices like, laptops etc).  He explained that with the right type of hacking equipment which is easily available on the web, he could hack into the nodes there and then! Upon doing so, showed me.  This is no joke.

Our next step is to create and formulate the evidence which will be presented to the local MP at his surgery.  The evidence will be compelling enough to force the enquiry into the House of Lords and hopefully pull the CEO Mr Ian Livingstone of BT business development, and Mr Jeff Kelly CEO of BT Global Services to task and force an investigation.

Watch this space as we update our case data.

Alledged - Twitter Hacks would Destroy Time and Reputations

Just recently a client advised via Twitter that ourTwitter account had been hacked and that we were sending out Direct Messages to the effect of:

"lmao...omg i am laughing so hard at this pic of you u i just found http://XXXXXXXX" (link removed to protect readers).

Twitter advises that if your account is sending SPAM or has been COMPROMISED to follow the instructions shown in this link.  Worth reading if you haven't already done so.  Having said that, RES Info-Tech is an IT Support and Consultancy company specialising in security and we doubt that 'your' account has been compromised.  We think in fact that it is TWITTER that has been compromised.

Why do we think this? Well, the instructions in the link above tell you to change your password. Ok, so we've done this numerous times in the last three days.  The SPAM outbreak is huge in numbers and not specific just to individuals.  In other words, do you know any hackers that would sit down and take the time to individually compromise YOUR account?  No, of course not.

The instructions also advise that all associated applications be removed from your twitter account until the offending application (thats facebook, hootsuite, tweet deck etc..) has been found.  We did that.  We scanned every PC and server in our business and even uninstalled all the associated applications.  Doing this left TWITTER.com all on its own!  We even made sure that all PC's and servers were powered off for the night.

The next morning, client who resides two doors down the passage in our Enterprise Centre visited us.  "Did you know you're sending DM's to us on Twitter about photo's?" 

"Damn I said...." pause... "Hold on, you and I don't even follow one another, and all my hardware is powered off and has been all night!" 

Bingo, we thought.  The problem could be at TWITTER.com.  In addition, it would have to be beyond all the database security with all contact information. So, ladies and gentleman, alledgedly you have not been compromised, alledgedly Twitter has.  If so, what are they doing to the rest of your data such as telephone numbers and email addresses. Are they accessible by this rogue infiltrator? Could be, so don't take the risk.

Twitter, it's your turn to respond and as our support calls have been ignored, your users deserve the right to a full investigation.  If you have been compromised, you need to publicly tell the world before we all lose our clients for unsolicited, unprofessional DM's leaving our reputation in shatters.  If you haven't been compromised, please explain to the world how this stops!

Thank you.

UPDATE:
Interestingly enough, I received a message from Twitter advising that my account had been compromised and asking me to reset my password.  I wonder how many others received the same message that I did? That's ok BUT, what are Twitter doing to prevent compromisation in the future?  How safe is my contact data held on their records? Twitter, please feel free to advise on this blog what security changes you have, or intend to make?