I feel bad for the poor Rise Broadband guy he talks to, hes convinced their ESSIDs have infected him
On Sun, Apr 10, 2016 at 9:52 PM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > stupid malware, i would have been a real good bad guy, i need to learn to > code so i can hacksnphreaks stuff > > On Sun, Apr 10, 2016 at 9:46 PM, Josh Reynolds <j...@kyneticwifi.com> > wrote: > >> Correct >> On Apr 10, 2016 9:43 PM, "That One Guy /sarcasm" < >> thatoneguyst...@gmail.com> wrote: >> >>> no real way to do that remotely is there with no one holding the reset >>> and a layer 2 connection? >>> >>> On Sun, Apr 10, 2016 at 9:39 PM, Josh Reynolds <j...@kyneticwifi.com> >>> wrote: >>> >>>> No. TFTP flash recreates the flash filesystem. HTTP upgrade does not. >>>> On Apr 10, 2016 9:38 PM, "That One Guy /sarcasm" < >>>> thatoneguyst...@gmail.com> wrote: >>>> >>>>> if it happens to be crumped, and i http it a firmware, it should still >>>>> overwrite the funtime hatred shouldnt it? >>>>> >>>>> On Sun, Apr 10, 2016 at 9:34 PM, Josh Reynolds <j...@kyneticwifi.com> >>>>> wrote: >>>>> >>>>>> Nope. Just TFTP flash it to the newest stable firmware. >>>>>> On Apr 10, 2016 9:02 PM, "That One Guy /sarcasm" < >>>>>> thatoneguyst...@gmail.com> wrote: >>>>>> >>>>>>> Is there somethin ng to run against this air router to check it? >>>>>>> On Apr 10, 2016 7:53 PM, "Josh Reynolds" <j...@kyneticwifi.com> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/ >>>>>>>> >>>>>>>> >>>>>>>> http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/ >>>>>>>> >>>>>>>> >>>>>>>> https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false >>>>>>>> On Apr 10, 2016 6:21 PM, "That One Guy /sarcasm" < >>>>>>>> thatoneguyst...@gmail.com> wrote: >>>>>>>> >>>>>>>>> Josh, >>>>>>>>> >>>>>>>>> Can you expand that? >>>>>>>>> >>>>>>>>> >>>>>>>>> The following is the last communication, note this started as a >>>>>>>>> slowness complaint. >>>>>>>>> >>>>>>>>> Hi. I had a couple questions regarding the wireless router that >>>>>>>>> you provide with my service. Since I don't have access to the device, >>>>>>>>> could >>>>>>>>> you turn off broadcasting of the SSID please? The reason for this >>>>>>>>> request >>>>>>>>> due to a very damaging virus/malware that hit my home network >>>>>>>>> extremely >>>>>>>>> hard.gained access to my networks through the wireless connection and >>>>>>>>> my >>>>>>>>> phone, which then took out every thing else connected. The Wi-Fi that >>>>>>>>> caused the issue ended up as "OPEN" and not longer secure. Since >>>>>>>>> there is >>>>>>>>> such massive distances between any of us our her I would only see that >>>>>>>>> specific SSID on days when everthing allowed to to travel just a >>>>>>>>> litter bit >>>>>>>>> further. And when I did see it over the last 1.5 years, but it was >>>>>>>>> always >>>>>>>>> "Secured". Anyway... the story is much longer but A. can you hide the >>>>>>>>> SSID >>>>>>>>> and possibly change it to something else? This way I know it has a >>>>>>>>> little >>>>>>>>> extra protection. But please let me know the the SSID. Do you by >>>>>>>>> chance >>>>>>>>> know of an SSID near me of: ISPSTUFF360? It's Mac address is >>>>>>>>> 00:60:ld:f1:91:be. It came back as a Lucent Technologies device. >>>>>>>>> Also.. I >>>>>>>>> was not simply taken out of service by 1 "Open" device...I was taken >>>>>>>>> out by >>>>>>>>> 2 ! The second one that is also broadcasting as "Open is similar in >>>>>>>>> name. . >>>>>>>>> It\s SSID is ISPSTUFF1000. I have it's mac address somewhere in the >>>>>>>>> middle >>>>>>>>> of all this mess, but its the same I believe. It also resolved by MAC >>>>>>>>> address to a Lucent Technologies Devic. From what discovered from >>>>>>>>> once I >>>>>>>>> had a change to finish up replacing the hard drive in my laptop, >>>>>>>>> ending up >>>>>>>>> with corruption in the bios as well, replacing a drive in my >>>>>>>>> Workstations >>>>>>>>> as it would not ever respond to restoration software. And so much >>>>>>>>> figging >>>>>>>>> time to install everything. I had to be safe and reset my phone, my >>>>>>>>> tablet >>>>>>>>> pc and and my FLAC file of over 119gb of my entire music collection. >>>>>>>>> Not >>>>>>>>> to. I still dont feel comfortable given how destructive it was. I >>>>>>>>> immediately had to spend our upon hour callng banks, and Website, and >>>>>>>>> anyting that I accessed online to change my logins and passwords.. It >>>>>>>>> even >>>>>>>>> appears to have left it's mark on the Direct TV DVR as well. So I have >>>>>>>>> already spent more $ than I had to spare but I most definately dont >>>>>>>>> trust >>>>>>>>> any of the devices anylonger. Especially since the 2 devices are still >>>>>>>>> broadcasting as I send this. Kevin >>>>>>>>> >>>>>>>>> On Sun, Apr 10, 2016 at 3:59 PM, Josh Reynolds < >>>>>>>>> j...@kyneticwifi.com> wrote: >>>>>>>>> >>>>>>>>>> FYI antimalware/antivirus and adblock are the newest attack >>>>>>>>>> vectors. :) >>>>>>>>>> >>>>>>>>>> Pretty easy way to get persistent malware on machines now. >>>>>>>>>> On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" < >>>>>>>>>> thatoneguyst...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Im a worst case scenario artist. My concern is the customer will >>>>>>>>>>> talk to our customer service, theyll tell him we will replace his >>>>>>>>>>> router. >>>>>>>>>>> He will bring it in, get a replacement. Its been "infected" and >>>>>>>>>>> will hit >>>>>>>>>>> our Achilles heel. Customer service will drop it in the returns >>>>>>>>>>> bin. It >>>>>>>>>>> will get taken abk and connected to the machine thats used to dump >>>>>>>>>>> the >>>>>>>>>>> file, it will "infect" that machine, that machine will infect the >>>>>>>>>>> Customer >>>>>>>>>>> service network. A tech will pick up the router and install it at >>>>>>>>>>> another >>>>>>>>>>> POP. infecting that POP. he will also bring his laptop back and >>>>>>>>>>> connect it >>>>>>>>>>> to my network. My machine has no real antimalware and he will >>>>>>>>>>> infect it >>>>>>>>>>> across that network. My machine has all the keys to the castle. >>>>>>>>>>> >>>>>>>>>>> the reality is they guy probably had slow wifi in his detached >>>>>>>>>>> garage 1500 feet from his house, and his buddy mike said he must be >>>>>>>>>>> infected with some really nasty virus because his portable version >>>>>>>>>>> of AVG >>>>>>>>>>> from 2010 cant find it so it must be direct from anonymous. >>>>>>>>>>> >>>>>>>>>>> On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds < >>>>>>>>>>> j...@kyneticwifi.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Cross platform malware is a Thing now, and has been for several >>>>>>>>>>>> years. It's fortunately not very prevalent yet. >>>>>>>>>>>> On Apr 10, 2016 3:36 PM, "Bill Prince" <part15...@gmail.com> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> I don't believe it. >>>>>>>>>>>>> >>>>>>>>>>>>> We have a friend that comes to some outrageous conclusions >>>>>>>>>>>>> with scant information, and practically zero technical knowledge. >>>>>>>>>>>>> Yet when >>>>>>>>>>>>> he explains something, he sounds perfectly reasonable with >>>>>>>>>>>>> impeccable >>>>>>>>>>>>> logic. It just never is. >>>>>>>>>>>>> >>>>>>>>>>>>> bp >>>>>>>>>>>>> <part15sbs{at}gmail{dot}com> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> So we have this customer who experienced a ferocious malware, >>>>>>>>>>>>> still waiting on more details from the customer, its very >>>>>>>>>>>>> interesting >>>>>>>>>>>>> because it crossed multiple platforms. multiple cell phones, a >>>>>>>>>>>>> satellite >>>>>>>>>>>>> DVR, a PC etc. Im not sure how he verified infection, but he did >>>>>>>>>>>>> have to >>>>>>>>>>>>> factory his phones, his PC he said required a hard drive >>>>>>>>>>>>> replacement (not >>>>>>>>>>>>> sure what or who decided this) not sure how the satellite DVR was >>>>>>>>>>>>> mitigated. He thinks it came from a Rise Broadband (formerly >>>>>>>>>>>>> Prairie Inet >>>>>>>>>>>>> ESSID (I doubt this, the ESSIDs prairie inet ran were open, with >>>>>>>>>>>>> other >>>>>>>>>>>>> security for the access) >>>>>>>>>>>>> With it being as cross platform as it was im wondering how i >>>>>>>>>>>>> would check the air router we provide to see if it got hit as >>>>>>>>>>>>> well. All we >>>>>>>>>>>>> do is a dump file on the current firmware that sets a password, >>>>>>>>>>>>> ensures 443 >>>>>>>>>>>>> is open, sets a DMZ to an IP out of the DHCP scope, and we >>>>>>>>>>>>> manually set the >>>>>>>>>>>>> ESSID with WPA2, the key being the MAC on the label ( it think >>>>>>>>>>>>> this is the >>>>>>>>>>>>> WLAN) (we disable snmp, telnet, but leave ssh open), we also turn >>>>>>>>>>>>> off CDP >>>>>>>>>>>>> and the ubnt discovery >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Im hoping he has some good info on what this actually was, and >>>>>>>>>>>>> its not just a case of his buddy jim telling him all this. >>>>>>>>>>>>> >>>>>>>>>>>>> Anybody know of something in the wild capable of hitting all >>>>>>>>>>>>> these devices across a network (wired/wireless) >>>>>>>>>>>>> >>>>>>>>>>>>> Im asking about the airrrouter in particular, considering if >>>>>>>>>>>>> it were impacted, that could be a mess at the POP since most >>>>>>>>>>>>> customer NAT >>>>>>>>>>>>> are in the same subnet, with duplicate configs >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>>>> your team as part of yourself you have already failed as part of >>>>>>>>>>>>> the team. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>> your team as part of yourself you have already failed as part of >>>>>>>>>>> the team. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>> your team as part of yourself you have already failed as part of the >>>>>>>>> team. >>>>>>>>> >>>>>>>> >>>>> >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>> >>> >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.