stupid malware, i would have been a real good bad guy, i need to learn to code so i can hacksnphreaks stuff
On Sun, Apr 10, 2016 at 9:46 PM, Josh Reynolds <j...@kyneticwifi.com> wrote: > Correct > On Apr 10, 2016 9:43 PM, "That One Guy /sarcasm" < > thatoneguyst...@gmail.com> wrote: > >> no real way to do that remotely is there with no one holding the reset >> and a layer 2 connection? >> >> On Sun, Apr 10, 2016 at 9:39 PM, Josh Reynolds <j...@kyneticwifi.com> >> wrote: >> >>> No. TFTP flash recreates the flash filesystem. HTTP upgrade does not. >>> On Apr 10, 2016 9:38 PM, "That One Guy /sarcasm" < >>> thatoneguyst...@gmail.com> wrote: >>> >>>> if it happens to be crumped, and i http it a firmware, it should still >>>> overwrite the funtime hatred shouldnt it? >>>> >>>> On Sun, Apr 10, 2016 at 9:34 PM, Josh Reynolds <j...@kyneticwifi.com> >>>> wrote: >>>> >>>>> Nope. Just TFTP flash it to the newest stable firmware. >>>>> On Apr 10, 2016 9:02 PM, "That One Guy /sarcasm" < >>>>> thatoneguyst...@gmail.com> wrote: >>>>> >>>>>> Is there somethin ng to run against this air router to check it? >>>>>> On Apr 10, 2016 7:53 PM, "Josh Reynolds" <j...@kyneticwifi.com> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/ >>>>>>> >>>>>>> >>>>>>> http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/ >>>>>>> >>>>>>> >>>>>>> https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false >>>>>>> On Apr 10, 2016 6:21 PM, "That One Guy /sarcasm" < >>>>>>> thatoneguyst...@gmail.com> wrote: >>>>>>> >>>>>>>> Josh, >>>>>>>> >>>>>>>> Can you expand that? >>>>>>>> >>>>>>>> >>>>>>>> The following is the last communication, note this started as a >>>>>>>> slowness complaint. >>>>>>>> >>>>>>>> Hi. I had a couple questions regarding the wireless router that you >>>>>>>> provide with my service. Since I don't have access to the device, >>>>>>>> could you >>>>>>>> turn off broadcasting of the SSID please? The reason for this request >>>>>>>> due >>>>>>>> to a very damaging virus/malware that hit my home network extremely >>>>>>>> hard.gained access to my networks through the wireless connection and >>>>>>>> my >>>>>>>> phone, which then took out every thing else connected. The Wi-Fi that >>>>>>>> caused the issue ended up as "OPEN" and not longer secure. Since there >>>>>>>> is >>>>>>>> such massive distances between any of us our her I would only see that >>>>>>>> specific SSID on days when everthing allowed to to travel just a >>>>>>>> litter bit >>>>>>>> further. And when I did see it over the last 1.5 years, but it was >>>>>>>> always >>>>>>>> "Secured". Anyway... the story is much longer but A. can you hide the >>>>>>>> SSID >>>>>>>> and possibly change it to something else? This way I know it has a >>>>>>>> little >>>>>>>> extra protection. But please let me know the the SSID. Do you by chance >>>>>>>> know of an SSID near me of: ISPSTUFF360? It's Mac address is >>>>>>>> 00:60:ld:f1:91:be. It came back as a Lucent Technologies device. >>>>>>>> Also.. I >>>>>>>> was not simply taken out of service by 1 "Open" device...I was taken >>>>>>>> out by >>>>>>>> 2 ! The second one that is also broadcasting as "Open is similar in >>>>>>>> name. . >>>>>>>> It\s SSID is ISPSTUFF1000. I have it's mac address somewhere in the >>>>>>>> middle >>>>>>>> of all this mess, but its the same I believe. It also resolved by MAC >>>>>>>> address to a Lucent Technologies Devic. From what discovered from once >>>>>>>> I >>>>>>>> had a change to finish up replacing the hard drive in my laptop, >>>>>>>> ending up >>>>>>>> with corruption in the bios as well, replacing a drive in my >>>>>>>> Workstations >>>>>>>> as it would not ever respond to restoration software. And so much >>>>>>>> figging >>>>>>>> time to install everything. I had to be safe and reset my phone, my >>>>>>>> tablet >>>>>>>> pc and and my FLAC file of over 119gb of my entire music collection. >>>>>>>> Not >>>>>>>> to. I still dont feel comfortable given how destructive it was. I >>>>>>>> immediately had to spend our upon hour callng banks, and Website, and >>>>>>>> anyting that I accessed online to change my logins and passwords.. It >>>>>>>> even >>>>>>>> appears to have left it's mark on the Direct TV DVR as well. So I have >>>>>>>> already spent more $ than I had to spare but I most definately dont >>>>>>>> trust >>>>>>>> any of the devices anylonger. Especially since the 2 devices are still >>>>>>>> broadcasting as I send this. Kevin >>>>>>>> >>>>>>>> On Sun, Apr 10, 2016 at 3:59 PM, Josh Reynolds < >>>>>>>> j...@kyneticwifi.com> wrote: >>>>>>>> >>>>>>>>> FYI antimalware/antivirus and adblock are the newest attack >>>>>>>>> vectors. :) >>>>>>>>> >>>>>>>>> Pretty easy way to get persistent malware on machines now. >>>>>>>>> On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" < >>>>>>>>> thatoneguyst...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Im a worst case scenario artist. My concern is the customer will >>>>>>>>>> talk to our customer service, theyll tell him we will replace his >>>>>>>>>> router. >>>>>>>>>> He will bring it in, get a replacement. Its been "infected" and will >>>>>>>>>> hit >>>>>>>>>> our Achilles heel. Customer service will drop it in the returns bin. >>>>>>>>>> It >>>>>>>>>> will get taken abk and connected to the machine thats used to dump >>>>>>>>>> the >>>>>>>>>> file, it will "infect" that machine, that machine will infect the >>>>>>>>>> Customer >>>>>>>>>> service network. A tech will pick up the router and install it at >>>>>>>>>> another >>>>>>>>>> POP. infecting that POP. he will also bring his laptop back and >>>>>>>>>> connect it >>>>>>>>>> to my network. My machine has no real antimalware and he will infect >>>>>>>>>> it >>>>>>>>>> across that network. My machine has all the keys to the castle. >>>>>>>>>> >>>>>>>>>> the reality is they guy probably had slow wifi in his detached >>>>>>>>>> garage 1500 feet from his house, and his buddy mike said he must be >>>>>>>>>> infected with some really nasty virus because his portable version >>>>>>>>>> of AVG >>>>>>>>>> from 2010 cant find it so it must be direct from anonymous. >>>>>>>>>> >>>>>>>>>> On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds < >>>>>>>>>> j...@kyneticwifi.com> wrote: >>>>>>>>>> >>>>>>>>>>> Cross platform malware is a Thing now, and has been for several >>>>>>>>>>> years. It's fortunately not very prevalent yet. >>>>>>>>>>> On Apr 10, 2016 3:36 PM, "Bill Prince" <part15...@gmail.com> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> I don't believe it. >>>>>>>>>>>> >>>>>>>>>>>> We have a friend that comes to some outrageous conclusions with >>>>>>>>>>>> scant information, and practically zero technical knowledge. Yet >>>>>>>>>>>> when he >>>>>>>>>>>> explains something, he sounds perfectly reasonable with >>>>>>>>>>>> impeccable logic. >>>>>>>>>>>> It just never is. >>>>>>>>>>>> >>>>>>>>>>>> bp >>>>>>>>>>>> <part15sbs{at}gmail{dot}com> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: >>>>>>>>>>>> >>>>>>>>>>>> So we have this customer who experienced a ferocious malware, >>>>>>>>>>>> still waiting on more details from the customer, its very >>>>>>>>>>>> interesting >>>>>>>>>>>> because it crossed multiple platforms. multiple cell phones, a >>>>>>>>>>>> satellite >>>>>>>>>>>> DVR, a PC etc. Im not sure how he verified infection, but he did >>>>>>>>>>>> have to >>>>>>>>>>>> factory his phones, his PC he said required a hard drive >>>>>>>>>>>> replacement (not >>>>>>>>>>>> sure what or who decided this) not sure how the satellite DVR was >>>>>>>>>>>> mitigated. He thinks it came from a Rise Broadband (formerly >>>>>>>>>>>> Prairie Inet >>>>>>>>>>>> ESSID (I doubt this, the ESSIDs prairie inet ran were open, with >>>>>>>>>>>> other >>>>>>>>>>>> security for the access) >>>>>>>>>>>> With it being as cross platform as it was im wondering how i >>>>>>>>>>>> would check the air router we provide to see if it got hit as >>>>>>>>>>>> well. All we >>>>>>>>>>>> do is a dump file on the current firmware that sets a password, >>>>>>>>>>>> ensures 443 >>>>>>>>>>>> is open, sets a DMZ to an IP out of the DHCP scope, and we >>>>>>>>>>>> manually set the >>>>>>>>>>>> ESSID with WPA2, the key being the MAC on the label ( it think >>>>>>>>>>>> this is the >>>>>>>>>>>> WLAN) (we disable snmp, telnet, but leave ssh open), we also turn >>>>>>>>>>>> off CDP >>>>>>>>>>>> and the ubnt discovery >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Im hoping he has some good info on what this actually was, and >>>>>>>>>>>> its not just a case of his buddy jim telling him all this. >>>>>>>>>>>> >>>>>>>>>>>> Anybody know of something in the wild capable of hitting all >>>>>>>>>>>> these devices across a network (wired/wireless) >>>>>>>>>>>> >>>>>>>>>>>> Im asking about the airrrouter in particular, considering if it >>>>>>>>>>>> were impacted, that could be a mess at the POP since most customer >>>>>>>>>>>> NAT are >>>>>>>>>>>> in the same subnet, with duplicate configs >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>>> your team as part of yourself you have already failed as part of >>>>>>>>>>>> the team. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>> your team as part of yourself you have already failed as part of the >>>>>>>>>> team. >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>>> team as part of yourself you have already failed as part of the team. >>>>>>>> >>>>>>> >>>> >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.