Human Compassion, with a price-tag that carries the weight of law is Socialism. One can be an advocate of compassion for others without advocating that compassion be mandated by the government. I see it as a significant distinction.

The numbering that fits most polls the best is random - but that's only because different applications require different conventions and it would be similarly bad.

I say have someone think about it for about 5 minutes and then choose an appropriate one before posting the polls.

Just SMS the name of the business to 46645 (googl) with your non-smart phone and get similar results messaged back

So, is it still between 3.14 and 3.15?

Remind me since when do we trust big companies to set anything right to protect their customers from outside threats.

The change that they made in this case is provably more secure than leaving it as it was. Default router passwords have allowed for at least one *large* scale phishing incident of a major bank in the last few years. All it took to accomplish was an emailed link and default router passwords. I wouldn't trust them to babysit my kids, but it's pretty hard to fuck up the implementation of TR-69.

Also I wouldn't leave out the possibility that they're getting all sorts of data concerning their customers' LAN, to target them for advertising for, say, faster networks, or TV set-top boxes like the Roku player if they notice a lot of video streaming

You can look up a list of the data types monitored by the TR-69 system. I've seen a dump of the standard data fields and most are benign and frankly only useful for network management.
That does not preclude them from implementing their own variables to send back but most of the data you've described is pretty easily captured off the wire from the WAN of their router or any other you use.

What are you all on about? He said [slashdot.org] he disabled administrative access from outside. No matter the password, there's intrusion going on here, so there is something to talk about.

Administrative access was not used for this. His actiontec, along with most other telco distributed CPEs use the TR-69 remote administration spec to allow for reconfiguration of services, firmware updates and other crap that used to require a technician to be sent out.

If a password was all there is to protect your router from outside, all hell would break loose for simple brute forcing. You also can't expect Aunt Irma to change her password first thing when she gets net access.

Which is why they changed his password from the default to a unique one. Even with remote access disabled, a default password on your router is a risk. see Pharming

Finally, even disregarding all that, even if he was stupid and careless, they can't just access the router if he didn't explicitly give them the right in a contract somewhere. I get you're all supercomputerexperts, but maybe we could talk about what he's asking?

Telcos are typically behind IBM and God on how many lawyers they have on staff. I'll eat my fucking shoe if it's not explicitly laid out in the TOS for FIOS that they can and will access the router for remote configuration changes, particularly for security reasons.

Why is there an open forced access port/back door?

There is a backdoor to allow changes in configuration that are usually, but not always, related to connectivity and function of the actual connection to the provider - the minutiae that even a field tech doesn't want to have to waste time with.

Is that ok without telling the owner?

Are we that sure it wasn't in that contract he signed?

What security is in place that entities besides Verizon can't access it?

A properly implemented TR-69 system is going to be more secure than any machine this guy is running on his network, guaranteed. The administration server address cannot be changed from the user accessible interfaces, the connection is initiated from the CPE to that server instead of the reverse and there are multiple layers of verification and encryption in use before anything is actually allowed to be updated or changed.

I looked in the router's settings and I see port 4567 goes to the router and is labeled 'Verizon FIOS Service.' Is this port for anything useful other than Verizon changing settings on my router? What security measures does Verizon have to protect that port from unauthorized access?

That would be the security used by the TR-069 spec for CPE remote management. If implemented correctly by hardware manufacturer and service provider, it's almost certainly more secure than any of the computers you have connected to the internet, even if you're not the kind of person that leaves a default password set on their router...

Seriously, having the default admin password set has been a bad idea with routers for a very long time. Think along the lines of a webpage doing a redirect attempt to the local gateway address with different providers default router passwords and then changing a setting like your DNS server...

Sound unrealistic? Already happened on a large scale years ago. Didn't work if you had changed your password or at least had a unique one in place like the device serial number.

So rest assured that what they did has actually increased the security of your network and has left no gaping hole in it's place.

So... pretty much any router sold by a telco is set up for remote management via the TR-069 spec. Even if you had already changed the password, they can still get in; it's something far different that accessing the admin interface through the WAN and almost certainly buried in their TOS.

I worked on a Qwest DSL connection for a friend and replaced their POS Actiontec with something more functional. When it came time to switch packages to a higher speed, the connection simply stopped working. Apparently Qwest changes the routers PPPoE information remotely when you upgrade to a higher speed and not having their equipment in place caused that to fail.

So, if you don't want them to screw with your settings, don't buy their crappy hardware and acknowledge that it may break as a result.

That whoosh you heard was Zapp Brannigan flying over your head in an out-of-control orbital restaurant.

After "Hot Electron Injection", Electrowetting has to be one of the sexiest technology terms I've heard in recent years...

Go to hyperlinktech.com and get 2 antennas that match to the frequency used by your type of cell phone. One should be highly directional, preferably parabolic and the other should be omnidirectional or, preferably, something with sector coverage.

Mount the highly directional antenna so it is pointed at the strongest source of signal for your phone, preferably with line of sight to the tower. Mount the sector coverage antenna so it is centered on the area you will be using your handset. I've heard having the antennas mounted apart from each other is preferable. You then want to wire them directly together. If you can get complementary connectors on each (one N-Male, one N-Female) you can just screw them together or wire them with an extension.

The directional antenna will act like a large collector and funnel that radio energy across the line and into your sector antenna, boosting the effective power by the sum of the antenna gains minus ~3dB. The energy output from your handset will be picked up by the sector antenna and sent back through that directional antenna toward the tower and see the same overall gain.

I've done something similar before with wifi using parabolic antennas to shoot it around an obstacle - no additional power required.

Not only did Claude Shannon put the 'Information' in Information Technology, he basically created the working fundamentals of the digital world we see today.

...Twanged into a tree

Fingerprints are no different that the outside of your clothes or the shape of your face -- they are freely observable to anyone that wants to know them.

I would contend they are not freely observable to anyone that *wants* to know them. It's an important distinction that one is not otherwise compelled to show their face in public, wear otherwise identifiable clothes in public (they'll look at you funny for being wrapped in a garbage bag) or leave your fingerprints anywhere in public. People choose to do so of their own free will or ignorance.

That the kind of freedom (choice) people are talking about when they talk about freedoms being eroded. And the choice to hand over fingerprints or give up a job is not on the same scale as the choice to hand over your fingerprints or not.

Certainly not a black and white scenario, but not a foregone conclusion like you seem to suggest.