I have considered the fact that sometimes wiring is bad in homes, yes. On Fri, Apr 22, 2016 at 3:55 PM, Mathew Howard <[email protected]> wrote:
> Have you considered burning his house down? > > On Fri, Apr 22, 2016 at 3:18 PM, That One Guy /sarcasm < > [email protected]> wrote: > >> So this guys still at it, hes tried contacing rise multiple times, they >> wont help, blah blah blah, wants us to help. >> >> I did my due diligence, I called rise, told them we have a numbskul. I >> asked them if they were serving malicious content over unsecured wifi, he >> assured me they werent, something about bad juju and all, I told him sorry >> for calling, and im not a rat fink snitch but I need this custome roff my >> back so ill just point him to the FCC complaint form so they can tell him >> to get bent. >> >> I sent him the consumer complaint link with the FCC and told him its not >> our place to get involved. >> >> I assume this will end up resulting in him complaining every two days on >> that form about us too >> >> Im no snitch btw >> >> On Mon, Apr 11, 2016 at 5:49 PM, Bill Prince <[email protected]> wrote: >> >>> Flo is your customer? >>> >>> bp >>> <part15sbs{at}gmail{dot}com> >>> >>> >>> On 4/11/2016 2:38 PM, Ken Hohhof wrote: >>> >>> I think some of my customers were in a recent Progressive commercial: >>> http://lifelanes.progressive.com/park-ranger-mark/ >>> >>> >>> >>> *From:* That One Guy /sarcasm <[email protected]> >>> *Sent:* Monday, April 11, 2016 4:21 PM >>> *To:* [email protected] >>> *Subject:* Re: [AFMUG] interesting malware, and checking an air router >>> >>> I feel bad for the poor Rise Broadband guy he talks to, hes convinced >>> their ESSIDs have infected him >>> >>> On Sun, Apr 10, 2016 at 9:52 PM, That One Guy /sarcasm < >>> <[email protected]>[email protected]> wrote: >>> >>>> stupid malware, i would have been a real good bad guy, i need to learn >>>> to code so i can hacksnphreaks stuff >>>> >>>> On Sun, Apr 10, 2016 at 9:46 PM, Josh Reynolds < <[email protected]> >>>> [email protected]> wrote: >>>> >>>>> Correct >>>>> On Apr 10, 2016 9:43 PM, "That One Guy /sarcasm" < >>>>> [email protected]> wrote: >>>>> >>>>>> no real way to do that remotely is there with no one holding the >>>>>> reset and a layer 2 connection? >>>>>> >>>>>> On Sun, Apr 10, 2016 at 9:39 PM, Josh Reynolds < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> No. TFTP flash recreates the flash filesystem. HTTP upgrade does not. >>>>>>> On Apr 10, 2016 9:38 PM, "That One Guy /sarcasm" < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> if it happens to be crumped, and i http it a firmware, it should >>>>>>>> still overwrite the funtime hatred shouldnt it? >>>>>>>> >>>>>>>> On Sun, Apr 10, 2016 at 9:34 PM, Josh Reynolds < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> Nope. Just TFTP flash it to the newest stable firmware. >>>>>>>>> On Apr 10, 2016 9:02 PM, "That One Guy /sarcasm" < >>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Is there somethin ng to run against this air router to check it? >>>>>>>>>> On Apr 10, 2016 7:53 PM, "Josh Reynolds" < <[email protected]> >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/> >>>>>>>>>>> http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/> >>>>>>>>>>> http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false> >>>>>>>>>>> https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false >>>>>>>>>>> On Apr 10, 2016 6:21 PM, "That One Guy /sarcasm" < >>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Josh, >>>>>>>>>>>> >>>>>>>>>>>> Can you expand that? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> The following is the last communication, note this started as a >>>>>>>>>>>> slowness complaint. >>>>>>>>>>>> >>>>>>>>>>>> Hi. I had a couple questions regarding the wireless router that >>>>>>>>>>>> you provide with my service. Since I don't have access to the >>>>>>>>>>>> device, could >>>>>>>>>>>> you turn off broadcasting of the SSID please? The reason for this >>>>>>>>>>>> request >>>>>>>>>>>> due to a very damaging virus/malware that hit my home network >>>>>>>>>>>> extremely >>>>>>>>>>>> hard.gained access to my networks through the wireless connection >>>>>>>>>>>> and my >>>>>>>>>>>> phone, which then took out every thing else connected. The Wi-Fi >>>>>>>>>>>> that >>>>>>>>>>>> caused the issue ended up as "OPEN" and not longer secure. Since >>>>>>>>>>>> there is >>>>>>>>>>>> such massive distances between any of us our her I would only see >>>>>>>>>>>> that >>>>>>>>>>>> specific SSID on days when everthing allowed to to travel just a >>>>>>>>>>>> litter bit >>>>>>>>>>>> further. And when I did see it over the last 1.5 years, but it was >>>>>>>>>>>> always >>>>>>>>>>>> "Secured". Anyway... the story is much longer but A. can you hide >>>>>>>>>>>> the SSID >>>>>>>>>>>> and possibly change it to something else? This way I know it has a >>>>>>>>>>>> little >>>>>>>>>>>> extra protection. But please let me know the the SSID. Do you by >>>>>>>>>>>> chance >>>>>>>>>>>> know of an SSID near me of: ISPSTUFF360? It's Mac address is >>>>>>>>>>>> 00:60:ld:f1:91:be. It came back as a Lucent Technologies device. >>>>>>>>>>>> Also.. I >>>>>>>>>>>> was not simply taken out of service by 1 "Open" device...I was >>>>>>>>>>>> taken out by >>>>>>>>>>>> 2 ! The second one that is also broadcasting as "Open is similar >>>>>>>>>>>> in name. . >>>>>>>>>>>> It\s SSID is ISPSTUFF1000. I have it's mac address somewhere in >>>>>>>>>>>> the middle >>>>>>>>>>>> of all this mess, but its the same I believe. It also resolved by >>>>>>>>>>>> MAC >>>>>>>>>>>> address to a Lucent Technologies Devic. From what discovered from >>>>>>>>>>>> once I >>>>>>>>>>>> had a change to finish up replacing the hard drive in my laptop, >>>>>>>>>>>> ending up >>>>>>>>>>>> with corruption in the bios as well, replacing a drive in my >>>>>>>>>>>> Workstations >>>>>>>>>>>> as it would not ever respond to restoration software. And so much >>>>>>>>>>>> figging >>>>>>>>>>>> time to install everything. I had to be safe and reset my phone, >>>>>>>>>>>> my tablet >>>>>>>>>>>> pc and and my FLAC file of over 119gb of my entire music >>>>>>>>>>>> collection. Not >>>>>>>>>>>> to. I still dont feel comfortable given how destructive it was. I >>>>>>>>>>>> immediately had to spend our upon hour callng banks, and Website, >>>>>>>>>>>> and >>>>>>>>>>>> anyting that I accessed online to change my logins and passwords.. >>>>>>>>>>>> It even >>>>>>>>>>>> appears to have left it's mark on the Direct TV DVR as well. So I >>>>>>>>>>>> have >>>>>>>>>>>> already spent more $ than I had to spare but I most definately >>>>>>>>>>>> dont trust >>>>>>>>>>>> any of the devices anylonger. Especially since the 2 devices are >>>>>>>>>>>> still >>>>>>>>>>>> broadcasting as I send this. Kevin >>>>>>>>>>>> >>>>>>>>>>>> On Sun, Apr 10, 2016 at 3:59 PM, Josh Reynolds < >>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> FYI antimalware/antivirus and adblock are the newest attack >>>>>>>>>>>>> vectors. :) >>>>>>>>>>>>> >>>>>>>>>>>>> Pretty easy way to get persistent malware on machines now. >>>>>>>>>>>>> On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" < >>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Im a worst case scenario artist. My concern is the customer >>>>>>>>>>>>>> will talk to our customer service, theyll tell him we will >>>>>>>>>>>>>> replace his >>>>>>>>>>>>>> router. He will bring it in, get a replacement. Its been >>>>>>>>>>>>>> "infected" and >>>>>>>>>>>>>> will hit our Achilles heel. Customer service will drop it in the >>>>>>>>>>>>>> returns >>>>>>>>>>>>>> bin. It will get taken abk and connected to the machine thats >>>>>>>>>>>>>> used to dump >>>>>>>>>>>>>> the file, it will "infect" that machine, that machine will >>>>>>>>>>>>>> infect the >>>>>>>>>>>>>> Customer service network. A tech will pick up the router and >>>>>>>>>>>>>> install it at >>>>>>>>>>>>>> another POP. infecting that POP. he will also bring his laptop >>>>>>>>>>>>>> back and >>>>>>>>>>>>>> connect it to my network. My machine has no real antimalware and >>>>>>>>>>>>>> he will >>>>>>>>>>>>>> infect it across that network. My machine has all the keys to >>>>>>>>>>>>>> the castle. >>>>>>>>>>>>>> >>>>>>>>>>>>>> the reality is they guy probably had slow wifi in his >>>>>>>>>>>>>> detached garage 1500 feet from his house, and his buddy mike >>>>>>>>>>>>>> said he must >>>>>>>>>>>>>> be infected with some really nasty virus because his portable >>>>>>>>>>>>>> version of >>>>>>>>>>>>>> AVG from 2010 cant find it so it must be direct from anonymous. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds < >>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cross platform malware is a Thing now, and has been for >>>>>>>>>>>>>>> several years. It's fortunately not very prevalent yet. >>>>>>>>>>>>>>> On Apr 10, 2016 3:36 PM, "Bill Prince" < >>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I don't believe it. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> We have a friend that comes to some outrageous conclusions >>>>>>>>>>>>>>>> with scant information, and practically zero technical >>>>>>>>>>>>>>>> knowledge. Yet when >>>>>>>>>>>>>>>> he explains something, he sounds perfectly reasonable with >>>>>>>>>>>>>>>> impeccable >>>>>>>>>>>>>>>> logic. It just never is. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> bp >>>>>>>>>>>>>>>> <part15sbs{at}gmail{dot}com> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> So we have this customer who experienced a ferocious >>>>>>>>>>>>>>>> malware, still waiting on more details from the customer, its >>>>>>>>>>>>>>>> very >>>>>>>>>>>>>>>> interesting because it crossed multiple platforms. multiple >>>>>>>>>>>>>>>> cell phones, a >>>>>>>>>>>>>>>> satellite DVR, a PC etc. Im not sure how he verified >>>>>>>>>>>>>>>> infection, but he did >>>>>>>>>>>>>>>> have to factory his phones, his PC he said required a hard >>>>>>>>>>>>>>>> drive >>>>>>>>>>>>>>>> replacement (not sure what or who decided this) not sure how >>>>>>>>>>>>>>>> the satellite >>>>>>>>>>>>>>>> DVR was mitigated. He thinks it came from a Rise Broadband >>>>>>>>>>>>>>>> (formerly >>>>>>>>>>>>>>>> Prairie Inet ESSID (I doubt this, the ESSIDs prairie inet ran >>>>>>>>>>>>>>>> were open, >>>>>>>>>>>>>>>> with other security for the access) >>>>>>>>>>>>>>>> With it being as cross platform as it was im wondering how >>>>>>>>>>>>>>>> i would check the air router we provide to see if it got hit >>>>>>>>>>>>>>>> as well. All >>>>>>>>>>>>>>>> we do is a dump file on the current firmware that sets a >>>>>>>>>>>>>>>> password, ensures >>>>>>>>>>>>>>>> 443 is open, sets a DMZ to an IP out of the DHCP scope, and we >>>>>>>>>>>>>>>> manually set >>>>>>>>>>>>>>>> the ESSID with WPA2, the key being the MAC on the label ( it >>>>>>>>>>>>>>>> think this is >>>>>>>>>>>>>>>> the WLAN) (we disable snmp, telnet, but leave ssh open), we >>>>>>>>>>>>>>>> also turn off >>>>>>>>>>>>>>>> CDP and the ubnt discovery >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Im hoping he has some good info on what this actually was, >>>>>>>>>>>>>>>> and its not just a case of his buddy jim telling him all this. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Anybody know of something in the wild capable of hitting >>>>>>>>>>>>>>>> all these devices across a network (wired/wireless) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Im asking about the airrrouter in particular, considering >>>>>>>>>>>>>>>> if it were impacted, that could be a mess at the POP since >>>>>>>>>>>>>>>> most customer >>>>>>>>>>>>>>>> NAT are in the same subnet, with duplicate configs >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> If you only see yourself as part of the team but you don't >>>>>>>>>>>>>>>> see your team as part of yourself you have already failed as >>>>>>>>>>>>>>>> part of the >>>>>>>>>>>>>>>> team. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> If you only see yourself as part of the team but you don't >>>>>>>>>>>>>> see your team as part of yourself you have already failed as >>>>>>>>>>>>>> part of the >>>>>>>>>>>>>> team. >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>>> your team as part of yourself you have already failed as part of >>>>>>>>>>>> the team. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>>> team as part of yourself you have already failed as part of the team. >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> If you only see yourself as part of the team but you don't see your >>>>>> team as part of yourself you have already failed as part of the team. >>>>>> >>>>> >>>> >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >>> >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
