Have you considered burning his house down?
On Fri, Apr 22, 2016 at 3:18 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:
> So this guys still at it, hes tried contacing rise multiple times, they
> wont help, blah blah blah, wants us to help.
>
> I did my due diligence, I called rise, told them we have a numbskul. I
> asked them if they were serving malicious content over unsecured wifi, he
> assured me they werent, something about bad juju and all, I told him sorry
> for calling, and im not a rat fink snitch but I need this custome roff my
> back so ill just point him to the FCC complaint form so they can tell him
> to get bent.
>
> I sent him the consumer complaint link with the FCC and told him its not
> our place to get involved.
>
> I assume this will end up resulting in him complaining every two days on
> that form about us too
>
> Im no snitch btw
>
> On Mon, Apr 11, 2016 at 5:49 PM, Bill Prince <part15...@gmail.com> wrote:
>
>> Flo is your customer?
>>
>> bp
>> <part15sbs{at}gmail{dot}com>
>>
>>
>> On 4/11/2016 2:38 PM, Ken Hohhof wrote:
>>
>> I think some of my customers were in a recent Progressive commercial:
>> http://lifelanes.progressive.com/park-ranger-mark/
>>
>>
>>
>> *From:* That One Guy /sarcasm <thatoneguyst...@gmail.com>
>> *Sent:* Monday, April 11, 2016 4:21 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] interesting malware, and checking an air router
>>
>> I feel bad for the poor Rise Broadband guy he talks to, hes convinced
>> their ESSIDs have infected him
>>
>> On Sun, Apr 10, 2016 at 9:52 PM, That One Guy /sarcasm <
>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>
>>> stupid malware, i would have been a real good bad guy, i need to learn
>>> to code so i can hacksnphreaks stuff
>>>
>>> On Sun, Apr 10, 2016 at 9:46 PM, Josh Reynolds < <j...@kyneticwifi.com>
>>> j...@kyneticwifi.com> wrote:
>>>
>>>> Correct
>>>> On Apr 10, 2016 9:43 PM, "That One Guy /sarcasm" <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> no real way to do that remotely is there with no one holding the reset
>>>>> and a layer 2 connection?
>>>>>
>>>>> On Sun, Apr 10, 2016 at 9:39 PM, Josh Reynolds <
>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote:
>>>>>
>>>>>> No. TFTP flash recreates the flash filesystem. HTTP upgrade does not.
>>>>>> On Apr 10, 2016 9:38 PM, "That One Guy /sarcasm" <
>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> if it happens to be crumped, and i http it a firmware, it should
>>>>>>> still overwrite the funtime hatred shouldnt it?
>>>>>>>
>>>>>>> On Sun, Apr 10, 2016 at 9:34 PM, Josh Reynolds <
>>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote:
>>>>>>>
>>>>>>>> Nope. Just TFTP flash it to the newest stable firmware.
>>>>>>>> On Apr 10, 2016 9:02 PM, "That One Guy /sarcasm" <
>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Is there somethin ng to run against this air router to check it?
>>>>>>>>> On Apr 10, 2016 7:53 PM, "Josh Reynolds" < <j...@kyneticwifi.com>
>>>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/>
>>>>>>>>>> http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/>
>>>>>>>>>> http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false>
>>>>>>>>>> https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false
>>>>>>>>>> On Apr 10, 2016 6:21 PM, "That One Guy /sarcasm" <
>>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Josh,
>>>>>>>>>>>
>>>>>>>>>>> Can you expand that?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> The following is the last communication, note this started as a
>>>>>>>>>>> slowness complaint.
>>>>>>>>>>>
>>>>>>>>>>> Hi. I had a couple questions regarding the wireless router that
>>>>>>>>>>> you provide with my service. Since I don't have access to the
>>>>>>>>>>> device, could
>>>>>>>>>>> you turn off broadcasting of the SSID please? The reason for this
>>>>>>>>>>> request
>>>>>>>>>>> due to a very damaging virus/malware that hit my home network
>>>>>>>>>>> extremely
>>>>>>>>>>> hard.gained access to my networks through the wireless connection
>>>>>>>>>>> and my
>>>>>>>>>>> phone, which then took out every thing else connected. The Wi-Fi
>>>>>>>>>>> that
>>>>>>>>>>> caused the issue ended up as "OPEN" and not longer secure. Since
>>>>>>>>>>> there is
>>>>>>>>>>> such massive distances between any of us our her I would only see
>>>>>>>>>>> that
>>>>>>>>>>> specific SSID on days when everthing allowed to to travel just a
>>>>>>>>>>> litter bit
>>>>>>>>>>> further. And when I did see it over the last 1.5 years, but it was
>>>>>>>>>>> always
>>>>>>>>>>> "Secured". Anyway... the story is much longer but A. can you hide
>>>>>>>>>>> the SSID
>>>>>>>>>>> and possibly change it to something else? This way I know it has a
>>>>>>>>>>> little
>>>>>>>>>>> extra protection. But please let me know the the SSID. Do you by
>>>>>>>>>>> chance
>>>>>>>>>>> know of an SSID near me of: ISPSTUFF360? It's Mac address is
>>>>>>>>>>> 00:60:ld:f1:91:be. It came back as a Lucent Technologies device.
>>>>>>>>>>> Also.. I
>>>>>>>>>>> was not simply taken out of service by 1 "Open" device...I was
>>>>>>>>>>> taken out by
>>>>>>>>>>> 2 ! The second one that is also broadcasting as "Open is similar in
>>>>>>>>>>> name. .
>>>>>>>>>>> It\s SSID is ISPSTUFF1000. I have it's mac address somewhere in the
>>>>>>>>>>> middle
>>>>>>>>>>> of all this mess, but its the same I believe. It also resolved by
>>>>>>>>>>> MAC
>>>>>>>>>>> address to a Lucent Technologies Devic. From what discovered from
>>>>>>>>>>> once I
>>>>>>>>>>> had a change to finish up replacing the hard drive in my laptop,
>>>>>>>>>>> ending up
>>>>>>>>>>> with corruption in the bios as well, replacing a drive in my
>>>>>>>>>>> Workstations
>>>>>>>>>>> as it would not ever respond to restoration software. And so much
>>>>>>>>>>> figging
>>>>>>>>>>> time to install everything. I had to be safe and reset my phone, my
>>>>>>>>>>> tablet
>>>>>>>>>>> pc and and my FLAC file of over 119gb of my entire music
>>>>>>>>>>> collection. Not
>>>>>>>>>>> to. I still dont feel comfortable given how destructive it was. I
>>>>>>>>>>> immediately had to spend our upon hour callng banks, and Website,
>>>>>>>>>>> and
>>>>>>>>>>> anyting that I accessed online to change my logins and passwords..
>>>>>>>>>>> It even
>>>>>>>>>>> appears to have left it's mark on the Direct TV DVR as well. So I
>>>>>>>>>>> have
>>>>>>>>>>> already spent more $ than I had to spare but I most definately dont
>>>>>>>>>>> trust
>>>>>>>>>>> any of the devices anylonger. Especially since the 2 devices are
>>>>>>>>>>> still
>>>>>>>>>>> broadcasting as I send this. Kevin
>>>>>>>>>>>
>>>>>>>>>>> On Sun, Apr 10, 2016 at 3:59 PM, Josh Reynolds <
>>>>>>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> FYI antimalware/antivirus and adblock are the newest attack
>>>>>>>>>>>> vectors. :)
>>>>>>>>>>>>
>>>>>>>>>>>> Pretty easy way to get persistent malware on machines now.
>>>>>>>>>>>> On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" <
>>>>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Im a worst case scenario artist. My concern is the customer
>>>>>>>>>>>>> will talk to our customer service, theyll tell him we will
>>>>>>>>>>>>> replace his
>>>>>>>>>>>>> router. He will bring it in, get a replacement. Its been
>>>>>>>>>>>>> "infected" and
>>>>>>>>>>>>> will hit our Achilles heel. Customer service will drop it in the
>>>>>>>>>>>>> returns
>>>>>>>>>>>>> bin. It will get taken abk and connected to the machine thats
>>>>>>>>>>>>> used to dump
>>>>>>>>>>>>> the file, it will "infect" that machine, that machine will infect
>>>>>>>>>>>>> the
>>>>>>>>>>>>> Customer service network. A tech will pick up the router and
>>>>>>>>>>>>> install it at
>>>>>>>>>>>>> another POP. infecting that POP. he will also bring his laptop
>>>>>>>>>>>>> back and
>>>>>>>>>>>>> connect it to my network. My machine has no real antimalware and
>>>>>>>>>>>>> he will
>>>>>>>>>>>>> infect it across that network. My machine has all the keys to the
>>>>>>>>>>>>> castle.
>>>>>>>>>>>>>
>>>>>>>>>>>>> the reality is they guy probably had slow wifi in his detached
>>>>>>>>>>>>> garage 1500 feet from his house, and his buddy mike said he must
>>>>>>>>>>>>> be
>>>>>>>>>>>>> infected with some really nasty virus because his portable
>>>>>>>>>>>>> version of AVG
>>>>>>>>>>>>> from 2010 cant find it so it must be direct from anonymous.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds <
>>>>>>>>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Cross platform malware is a Thing now, and has been for
>>>>>>>>>>>>>> several years. It's fortunately not very prevalent yet.
>>>>>>>>>>>>>> On Apr 10, 2016 3:36 PM, "Bill Prince" <
>>>>>>>>>>>>>> <part15...@gmail.com>part15...@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I don't believe it.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> We have a friend that comes to some outrageous conclusions
>>>>>>>>>>>>>>> with scant information, and practically zero technical
>>>>>>>>>>>>>>> knowledge. Yet when
>>>>>>>>>>>>>>> he explains something, he sounds perfectly reasonable with
>>>>>>>>>>>>>>> impeccable
>>>>>>>>>>>>>>> logic. It just never is.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> bp
>>>>>>>>>>>>>>> <part15sbs{at}gmail{dot}com>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> So we have this customer who experienced a ferocious
>>>>>>>>>>>>>>> malware, still waiting on more details from the customer, its
>>>>>>>>>>>>>>> very
>>>>>>>>>>>>>>> interesting because it crossed multiple platforms. multiple
>>>>>>>>>>>>>>> cell phones, a
>>>>>>>>>>>>>>> satellite DVR, a PC etc. Im not sure how he verified infection,
>>>>>>>>>>>>>>> but he did
>>>>>>>>>>>>>>> have to factory his phones, his PC he said required a hard drive
>>>>>>>>>>>>>>> replacement (not sure what or who decided this) not sure how
>>>>>>>>>>>>>>> the satellite
>>>>>>>>>>>>>>> DVR was mitigated. He thinks it came from a Rise Broadband
>>>>>>>>>>>>>>> (formerly
>>>>>>>>>>>>>>> Prairie Inet ESSID (I doubt this, the ESSIDs prairie inet ran
>>>>>>>>>>>>>>> were open,
>>>>>>>>>>>>>>> with other security for the access)
>>>>>>>>>>>>>>> With it being as cross platform as it was im wondering how i
>>>>>>>>>>>>>>> would check the air router we provide to see if it got hit as
>>>>>>>>>>>>>>> well. All we
>>>>>>>>>>>>>>> do is a dump file on the current firmware that sets a password,
>>>>>>>>>>>>>>> ensures 443
>>>>>>>>>>>>>>> is open, sets a DMZ to an IP out of the DHCP scope, and we
>>>>>>>>>>>>>>> manually set the
>>>>>>>>>>>>>>> ESSID with WPA2, the key being the MAC on the label ( it think
>>>>>>>>>>>>>>> this is the
>>>>>>>>>>>>>>> WLAN) (we disable snmp, telnet, but leave ssh open), we also
>>>>>>>>>>>>>>> turn off CDP
>>>>>>>>>>>>>>> and the ubnt discovery
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Im hoping he has some good info on what this actually was,
>>>>>>>>>>>>>>> and its not just a case of his buddy jim telling him all this.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Anybody know of something in the wild capable of hitting all
>>>>>>>>>>>>>>> these devices across a network (wired/wireless)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Im asking about the airrrouter in particular, considering if
>>>>>>>>>>>>>>> it were impacted, that could be a mess at the POP since most
>>>>>>>>>>>>>>> customer NAT
>>>>>>>>>>>>>>> are in the same subnet, with duplicate configs
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> If you only see yourself as part of the team but you don't
>>>>>>>>>>>>>>> see your team as part of yourself you have already failed as
>>>>>>>>>>>>>>> part of the
>>>>>>>>>>>>>>> team.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> If you only see yourself as part of the team but you don't see
>>>>>>>>>>>>> your team as part of yourself you have already failed as part of
>>>>>>>>>>>>> the team.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> If you only see yourself as part of the team but you don't see
>>>>>>>>>>> your team as part of yourself you have already failed as part of
>>>>>>>>>>> the team.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> If you only see yourself as part of the team but you don't see your
>>>>>>> team as part of yourself you have already failed as part of the team.
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> If you only see yourself as part of the team but you don't see your
>>>>> team as part of yourself you have already failed as part of the team.
>>>>>
>>>>
>>>
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
