Why Verizon Fios Will Continue to Fail

December 18, 2010

*** Update 3/1/2011 ***

Finally, after over 3 months of asking Verizon to fix their database and let me re-order Fios, I know have the ability. There were a handful of things I did to get my ability to order service restored. I am not sure which one did the trick. I called and emailed Verizon about the issue a few times. Each time they said they would look into it. Week went by so I tried a few more things. The next thing I did was sign up for future notification using an alias name and email address. I figured maybe Verizon knew who Gigamike was and didnt want me to have their service after posting my opinions on this blog. I have to admit, that is a little narcissistic. The last thing I did, just a few day ago, was email the Verizon Business office claiming I need a serviceability check for my address so that I can run a web site out of my house. Only a few days later, I can now suddenly order service again. Im not sure what the fix was, maybe it was my original call back in Decemeber and Verizon’s opinion  of a couple weeks really means a couple months.

Now all I need to do is wait for the Video hub to be built and testing to be complete and I will sever my Time Warner Cable connections once again.

**Original Post 12/18/2011**

I really loved Fios when I had it (I canceled it when they raised the price 25% but didn’t increase the speed  along with it). I really enjoy competition in the market place and as a Fios customer I was looking forward to one day enjoying Fios TV.

As a now former Fios customer, I had been looking forward to the day that Verizon would lower their prices so I could enjoy Fios Internet service once again. I was also looking forward to the day that maybe, just maybe, Verizon would introduce Fios TV in my area and offer some competitive rates. Unfortunately while the later may be true in the coming months, I am not going to be able to enjoy it and here’s why:

Last month my 12 month promotion with Time Warner Cable was about to expire and I was facing paying $55/month for Road Runner. I still think this is way too much for anyone to pay for Internet access so I decided to try Verizon Fios again. I still have the ONT (fiber optic converter box) and the fiber connected to my house so I figured it would be a quick process to log on to Verizon’s website and re-order Fios Internet. Unfortunately, its not that easy.

When I go to the Verizon Fios website and enter my address to check for availability, it tells me that Internet is not available in my area. It then gives me the opportunity to sign up for future availability notifications. I was curious to see if perhaps Fios was no longer in my neighborhood so I entered my next-door neighbor’s address. Not supprisingly, they still can order new Fios service. Their house is about 15 feet away from my ONT and they can get Fios but I cannot?? I thought this must be some kind of error so I popped on the instant chat to see if a Verizon rep could help me out. The rep asked me for my address and began searching in the system. The rep came back and told me that Fios was not available(I also can no longer get DSL since the Verizon tech removed the copper line from my house 3 years ago). When I asked the rep why I cannot get Fios, I  received an odd response: I was told that I was not in a Fios market and one day Fios might be available in my town or neighborhood. I almost began laughing because this is obviously inaccurate. I was so irritated that I logged off that chat session and opened a new one with a different rep hoping I would get better luck. This rep told me that my address wasn’t eligible for Fios service and one day I might be eligible. When I explained to this rep that I am a former Fios customer and already have an ONT and fiber on my house, he told me that the hub must be “out of available ports.” I know this is plausible but in my neighborhood about 25 of the 500 or so houses served by the local hub have fios so its simply not true. I explained that my next-door neighbor could get Fios so clearly there are available ports. The rep soon gave up and suggested that I called Verizon sales and get it straightened out.

I decided to call Verizon Fios Sales so I could speak to a human and perhaps sign up for Fios that method. Although this task seems simple, it was yet another futile attempt to get Fios. I was on hold for over 15 minutes waiting for a sales rep to help me out. I soon gave up and called Time Warner Cable. I had a rep in less than 60 seconds and was able to lock in another promotion for a year at a fraction of Verizon Fios prices. Road Runner isnt horrible and their customer service is clearly better.

So, while I would love to be a Verizon Fios customer it just isnt in my future. It is at no fault of my own, I just couldn’t be a Verizon customer if I tried any harder. I suppose I could order it at my neighbor’s address and when the tech arrives explain to him/her the situation. Lets be honest, that just isnt going to work either.

If Verizon doesn’t figure out a solution to this problem they are going to fail. I cannot be the only former Fios customer. How can Verizon expect to have a successful TV rollout if they cannot reactivate a customer’s account?

Dear Verizon,

Let me know when you want to light up the ONT on my house. I would love to be your customer again assuming you let me.

Sincerely,

Gigamike

Advertisements

Fios: I was your biggest fan

November 9, 2009

Although somewhat critical towards some of Verizon’s practices, I was Verizon Fios’s biggest fan for over 3 years. I was a fan because they promised faster speeds, they were the answer to time warner, and it was just plain cool to have a fiber optic cable running to my house.

However, yesterday I received a letter from Verizon that they were increasing my rates. They weren’t going to increase my speeds along with my rate, just how much I pay.  How much do you ask? They are raising my rates from $39.99 to $49.99 for a 10Mbps download / 2 Mbps upload package. Note that this package is still too small to get free wifi. This is an increase of 25%. I called Verizon and asked if they could give me any kind of promotional price if I lock in for another year or so. I tried everything to get them to give it to me for a lower price and they only offered me $47.99/month if I lock in for another year. Weeeeee, $2 per month!!!

I promptly called Time Warner to check on their promotions. They are offering 10Mbps/1Mbps for $29.99 or 15Mbps/1Mbps with speed boost up to 22Mbps for $34.95/month for 12 months. I opted for the Turbo package and I am absolutely satisfied with it so far.

Now, I know that many people think that the cost of things simply go up, and I completely agree. Its okay for a company to occasionally raise their rates as the cost of business goes up. But a $10 per month, 25%, increase is quite a bit especially since I am not going to get anything extra out of the deal.

Thanks to the power of competition, Time Warner will have my business for at least the next 12 months. If VZ decides to come out with any promotions within the next year that offer a better price/performance deal, I will go back.  But for a cheap-o like me, every dollar counts.

Today I unplugged the power from the ONT and popped the battery out. Hey, now I have a free battery for my other dead UPS. Sweet. Anyone want to buy an Actiontec Mi424wr?


Verizon’s Botched Installations

September 9, 2008

OK, so first I told you about how Verizon falsely sells their service as ‘secure’. As it turns out the installtion is (in some cases) not even safe!! I dont hate Verizon in any way but come on guys, get it together.  Its so disappointing that what should be the best broadband service in the country is failing so miserably.

I read on slashdot a few weeks back how the New York State Public Service Commission did an audit and found “a high proportion” of New York Fios installations were not grounded properly. What does this mean? At first I didnt think it was that big of a deal because its all fiber optic and there isnt any conductive copper running to my house anymore. Apparently its a bigger deal than that because Verizon has been ordered to go revisit EVERY fios installation in New York State and inspect the ground wire. They must correct the issue in 45 days.

Yesterday, 2 verizon dudes came to my house to check my installation. My ONT (Optical Network Terminal) is on the outside of my house and there are about 5 wires that run inside. A couple for power and to monitor the UPS. One is for my ethernet cable. And the last one is the ground wire.

My wife let these clowns into the house after calling me to verify. I told her to tell them that the ONT was grounded to a water pipe in the basement above a certain window. I told her they would need to remove the ceiling tile to get to it. These clowns didnt believe her (or me) and went to go check the circuit breaker (also in the basement, but far-far away from the ONT). When they didnt see the ground wire on the circuit panel she insisted it was where I first said it was. They removed the ceiling tile and said to her “hey, I guess this guy (me) knows what he is talking about after all.” If only they knew 🙂 .

They then told her that the ground cable was too far away from the ONT (its only about 6 feet from the ONT) and it would have to be redone. I guess this isnt a bad thing especially since VZ plans to compensate the customers affected. Hopefully they wont reground it to the gas main like in one of these pictures.

I will let you know what this so called compenastion is when or if I get it.


MySpace sucks and so does their security

July 9, 2008

I have never been a fan of MySpace but it just dissapoints me when I see such a popular site suck so bad at security. There have been lots of security problems with myspace in the past and I commend the developers for quickly resolving them. But something just irritates me.

I visit a lot of sites that require encryption just like you probably do. Just about every one of these sites use some type of encryption to protect your login information. And I dont just mean sites like banks and Amazon. Google mail and Yahoo Mail, for example, make you sign in using SSL by redirecting you to a secure HTTPS page. This practice makes it very difficult if not impossible for that casual hacker to get your info. Facebook even encrypts your password by somehow using AJAX and SSL in the login box even though the rest of their signon page does not use SSL. Again, Facebook is putting towards a little bit of effort to protect your login info by encrypting it.

MySpace on the other hand does the opposite. By opposite I mean they do nothing!! Their entire site is plain-text and so is their login! They make zero effort to protect your login with encryption or SSL or anything like that. I know this because I was able to grab my own MySpace username and password using some simple network sniffing tools. These tools are free and very easy to use. Someone asked me “are you sure they just didnt have a sign-on box that uses ssl?” I told him “my sniffer does not lie!”

Now this isnt that big of a deal really. Or is it? This complete disregard to basic security isnt going to give all my friends free poker chips, or invite a bunch of random people to be my friend and see my hot pics. It just wouldnt really be that big of a deal if that happend. I am of course referring to those pesky “myspace viruses” that many people seem to get. The only real issue is that if you use MySpace in a public place you could get your password jacked. By public place I mean a coffee shop, hotel, airport, college campus, or anywhere that has wireless interenet access. All that it takes is some newb like me to open up one of my many wireless sniffing tools, save the packet capture in a pcap format and open it with Cain. I now have every password, including myspace passwords, that has been entered since I started my capture. Well, not every password, just the plain-text ones such as myspace.

Ok, so you are saying to yourself something like “whooptie-doo someone could get my MySpace password and rearange my favorite friends and post comments as me. Who cares?” Unfortunately the problem is much larger than that for many people. Think about how many sites you personally go to. Now ask yourself if you have a different username and password for EACH site?? I didnt think so. So now is your not-so-precious myspace also the same password to your Facebook, email, bank account, work email, online shopping sites, turbotax, what else? Scary isnt it?? Read my tips below, especially number 3!!

I got criticized from a security ‘expert’ once for exposing something and not providing a solution. So here is my attempt at a solution:

  1. MySpace: Fix your shizzle! I think the quickest way for a security vulnerability to be fixed is by making it public. If Facebook can do it, why cant MySpace? Is it a money issue? Laziness? Stupidity?
  2. People: Be careful what sites you visit in public places. For example I NEVER, I mean NEVER login to ANYTHING when I am at a hotel, wireless or not. Wireless is worse because everyone can see what you are doing. But what if its wired? Well, do you trust the people at the hotel? Who’s to say that the hotel clerk, making pennies an hour, isnt studying to be some kind of IT guy. He/she might know a thing or two about computers. If he/she had the right tools your stuff could get jacked.
  3. Dont use the same password for each site. I know its hard, but try to mix it up as much as you can. I will tell you a story that might scare you into better password security. I once operated a website which required people to login to do anything useful. One the visitors would create an account their password would be stored in a database in plain text. I decided to take a looksie one day and try one of the accounts on a few other sites. The sad thing is that many of the credentials on my site worked on various other sites. Just think to yourself about that forum, usergroup, poker club, whatever other site that you go to that isnt run by a corporation or might me shady. Who is their IT guy? Who designed the site? Im not saying that anyone is doing anything malicious but the site could be run by someone that gets bored like I did one day.

Verizons False Sense of Security (returns)

July 9, 2008

As I wrote previously someone (“J”) emailed me about my original post. He said it wasnt a good idea to put things on the internet like this and if I took it down he would take care of it, as in get the vulnerability resolved. I complied and “J” has been giving me updates on his so-called progress. He said that when his company contacted Verizon they pretty much said “ya, so” or something to that effect. Its been quite a while since I heard anything from him so I wonder if there ever was a plan to get it fixed. Some of my friends and colleagues think the guy was trying to steal my article for his own personal gain. I am not that paranoid but I guess it could be possible. Especially since he wrote an article on writing articles that pay. (I had to use google cache because his article mysteriously disappeared shortly after i posted this) I shouldnt be so naive.

Anyway, I decided to put the article back online so here it is:

(originally posted on 5/6/2008)

I got a Verizon Fios internet connection a little over a year ago. When the installer came he brought with him an Actiontec MI424-WR wireless router. The router is pretty decent but Verizon’s opinion of wireless security scares me.

After the tech installed the unit he proceeded to setup my PCs. He showed me a sticker on the bottom of the Actiontec router that had the “wireless security key” along with the ESSID and MAC adddress of the router. The key is a 10 character 64bit WEP key and I noticed it looked very similar to the router MAC address.

In fact the WEP key just happens to be the last 10 characters of the MAC address. This just seems lazy in my opinion. A couple of my neighbors also have Fios internet and I wanted to see if this WEP key = last 10 of MAC address principal was true on all of these Verizon/Actiontec routers. They didn’t change their ESSID so I figured I give it a try. In only a few seconds I was able to sniff the air and find a packet containing their access point’s mac address. I sniffed for a few more seconds to grab some encrypted packets and was able to test decryption of these packets using the last 10 characters of the source MAC that I found in one of the packets.

One of my Fios neighbors doesn’t even use the wireless part of the router but I was still able to grab his AP’s MAC (and WEP key) without any associated wireless clients because the Actiontec sends out an ‘IGMP Membership Report’ and ‘Spanning Tree Protocol’ update about once every second. These packets are sent over the air with the wireless access-point as a source MAC Address.

Sure, WEP has already been proven to be insecure and cracked in minutes using some free wireless cracking tools but thanks to Verizon/Actiontec you don’t need to go through all of that when the router is handing you the WEP key over the air.

What is even more disturbing is that Verizon is deploying this same setup to businesses. Doctors offices, lawyers, etc.

For anyone using the Actiontec with the default settings all of this can be fixed by switching to WPA. Here is a link to the PDF manual for the Actiontec MI424WR. Go to page 32. http://onlinehelp.verizon.net/consumer/bin/pdf/ActiontecMI1424WRUserManual.pdf

Make sure you use a strong Pre-shared key of several alpha-numeric characters.


Verizon’s false sense of security with Fios installations.

May 6, 2008

This post returns here: https://gigamike.wordpress.com/2008/07/09/verizons-false-sense-of-security-returns/ with some other info. Read below then the follow-up for a good laugh.

Today (6/6/2008 ) I was politely asked by someone claiming to be working on the Verizon security issue to take my article down. I suppose that the impact of my findings could be severe if the information got into the wrong hands.

Personally, I think my original article was a little too cryptic and probably went over most people’s heads that read it. Anyway, I have decided out of good conscience to remove the article. I would hate for something so horrible to happen to Verizon to somehow make me (or everyone) lose my Fios.

But the bottom line is that phone companies (or any company) shouldnt pretend to be something that they are not. Maybe many of the Verizon peeps that head up the fios team still think they are dealing with voice. It wouldnt hurt to have a professional security adviser to say “WEP, are you kidding me?? You’re fired” to the newb that thought of the idea in the first place. But I guess we were all newbs at one point in our lives.

I was just about to publish a step-by-step “how-to” but this anonymous source contacted me just in time.

The original article is available to security experts upon request. Just post a comment to this blog. I will be notified and try to see if you are legit. If you are then you might get a copy.