Have you considered burning his house down? On Fri, Apr 22, 2016 at 3:18 PM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote:
> So this guys still at it, hes tried contacing rise multiple times, they > wont help, blah blah blah, wants us to help. > > I did my due diligence, I called rise, told them we have a numbskul. I > asked them if they were serving malicious content over unsecured wifi, he > assured me they werent, something about bad juju and all, I told him sorry > for calling, and im not a rat fink snitch but I need this custome roff my > back so ill just point him to the FCC complaint form so they can tell him > to get bent. > > I sent him the consumer complaint link with the FCC and told him its not > our place to get involved. > > I assume this will end up resulting in him complaining every two days on > that form about us too > > Im no snitch btw > > On Mon, Apr 11, 2016 at 5:49 PM, Bill Prince <part15...@gmail.com> wrote: > >> Flo is your customer? >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> >> On 4/11/2016 2:38 PM, Ken Hohhof wrote: >> >> I think some of my customers were in a recent Progressive commercial: >> http://lifelanes.progressive.com/park-ranger-mark/ >> >> >> >> *From:* That One Guy /sarcasm <thatoneguyst...@gmail.com> >> *Sent:* Monday, April 11, 2016 4:21 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] interesting malware, and checking an air router >> >> I feel bad for the poor Rise Broadband guy he talks to, hes convinced >> their ESSIDs have infected him >> >> On Sun, Apr 10, 2016 at 9:52 PM, That One Guy /sarcasm < >> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote: >> >>> stupid malware, i would have been a real good bad guy, i need to learn >>> to code so i can hacksnphreaks stuff >>> >>> On Sun, Apr 10, 2016 at 9:46 PM, Josh Reynolds < <j...@kyneticwifi.com> >>> j...@kyneticwifi.com> wrote: >>> >>>> Correct >>>> On Apr 10, 2016 9:43 PM, "That One Guy /sarcasm" < >>>> thatoneguyst...@gmail.com> wrote: >>>> >>>>> no real way to do that remotely is there with no one holding the reset >>>>> and a layer 2 connection? >>>>> >>>>> On Sun, Apr 10, 2016 at 9:39 PM, Josh Reynolds < >>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote: >>>>> >>>>>> No. TFTP flash recreates the flash filesystem. HTTP upgrade does not. >>>>>> On Apr 10, 2016 9:38 PM, "That One Guy /sarcasm" < >>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote: >>>>>> >>>>>>> if it happens to be crumped, and i http it a firmware, it should >>>>>>> still overwrite the funtime hatred shouldnt it? >>>>>>> >>>>>>> On Sun, Apr 10, 2016 at 9:34 PM, Josh Reynolds < >>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote: >>>>>>> >>>>>>>> Nope. Just TFTP flash it to the newest stable firmware. >>>>>>>> On Apr 10, 2016 9:02 PM, "That One Guy /sarcasm" < >>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote: >>>>>>>> >>>>>>>>> Is there somethin ng to run against this air router to check it? >>>>>>>>> On Apr 10, 2016 7:53 PM, "Josh Reynolds" < <j...@kyneticwifi.com> >>>>>>>>> j...@kyneticwifi.com> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> <http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/> >>>>>>>>>> http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/> >>>>>>>>>> http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false> >>>>>>>>>> https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false >>>>>>>>>> On Apr 10, 2016 6:21 PM, "That One Guy /sarcasm" < >>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Josh, >>>>>>>>>>> >>>>>>>>>>> Can you expand that? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> The following is the last communication, note this started as a >>>>>>>>>>> slowness complaint. >>>>>>>>>>> >>>>>>>>>>> Hi. I had a couple questions regarding the wireless router that >>>>>>>>>>> you provide with my service. Since I don't have access to the >>>>>>>>>>> device, could >>>>>>>>>>> you turn off broadcasting of the SSID please? The reason for this >>>>>>>>>>> request >>>>>>>>>>> due to a very damaging virus/malware that hit my home network >>>>>>>>>>> extremely >>>>>>>>>>> hard.gained access to my networks through the wireless connection >>>>>>>>>>> and my >>>>>>>>>>> phone, which then took out every thing else connected. The Wi-Fi >>>>>>>>>>> that >>>>>>>>>>> caused the issue ended up as "OPEN" and not longer secure. Since >>>>>>>>>>> there is >>>>>>>>>>> such massive distances between any of us our her I would only see >>>>>>>>>>> that >>>>>>>>>>> specific SSID on days when everthing allowed to to travel just a >>>>>>>>>>> litter bit >>>>>>>>>>> further. And when I did see it over the last 1.5 years, but it was >>>>>>>>>>> always >>>>>>>>>>> "Secured". Anyway... the story is much longer but A. can you hide >>>>>>>>>>> the SSID >>>>>>>>>>> and possibly change it to something else? This way I know it has a >>>>>>>>>>> little >>>>>>>>>>> extra protection. But please let me know the the SSID. Do you by >>>>>>>>>>> chance >>>>>>>>>>> know of an SSID near me of: ISPSTUFF360? It's Mac address is >>>>>>>>>>> 00:60:ld:f1:91:be. It came back as a Lucent Technologies device. >>>>>>>>>>> Also.. I >>>>>>>>>>> was not simply taken out of service by 1 "Open" device...I was >>>>>>>>>>> taken out by >>>>>>>>>>> 2 ! The second one that is also broadcasting as "Open is similar in >>>>>>>>>>> name. . >>>>>>>>>>> It\s SSID is ISPSTUFF1000. I have it's mac address somewhere in the >>>>>>>>>>> middle >>>>>>>>>>> of all this mess, but its the same I believe. It also resolved by >>>>>>>>>>> MAC >>>>>>>>>>> address to a Lucent Technologies Devic. From what discovered from >>>>>>>>>>> once I >>>>>>>>>>> had a change to finish up replacing the hard drive in my laptop, >>>>>>>>>>> ending up >>>>>>>>>>> with corruption in the bios as well, replacing a drive in my >>>>>>>>>>> Workstations >>>>>>>>>>> as it would not ever respond to restoration software. And so much >>>>>>>>>>> figging >>>>>>>>>>> time to install everything. I had to be safe and reset my phone, my >>>>>>>>>>> tablet >>>>>>>>>>> pc and and my FLAC file of over 119gb of my entire music >>>>>>>>>>> collection. Not >>>>>>>>>>> to. I still dont feel comfortable given how destructive it was. I >>>>>>>>>>> immediately had to spend our upon hour callng banks, and Website, >>>>>>>>>>> and >>>>>>>>>>> anyting that I accessed online to change my logins and passwords.. >>>>>>>>>>> It even >>>>>>>>>>> appears to have left it's mark on the Direct TV DVR as well. So I >>>>>>>>>>> have >>>>>>>>>>> already spent more $ than I had to spare but I most definately dont >>>>>>>>>>> trust >>>>>>>>>>> any of the devices anylonger. Especially since the 2 devices are >>>>>>>>>>> still >>>>>>>>>>> broadcasting as I send this. Kevin >>>>>>>>>>> >>>>>>>>>>> On Sun, Apr 10, 2016 at 3:59 PM, Josh Reynolds < >>>>>>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> FYI antimalware/antivirus and adblock are the newest attack >>>>>>>>>>>> vectors. :) >>>>>>>>>>>> >>>>>>>>>>>> Pretty easy way to get persistent malware on machines now. >>>>>>>>>>>> On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" < >>>>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Im a worst case scenario artist. My concern is the customer >>>>>>>>>>>>> will talk to our customer service, theyll tell him we will >>>>>>>>>>>>> replace his >>>>>>>>>>>>> router. He will bring it in, get a replacement. Its been >>>>>>>>>>>>> "infected" and >>>>>>>>>>>>> will hit our Achilles heel. Customer service will drop it in the >>>>>>>>>>>>> returns >>>>>>>>>>>>> bin. It will get taken abk and connected to the machine thats >>>>>>>>>>>>> used to dump >>>>>>>>>>>>> the file, it will "infect" that machine, that machine will infect >>>>>>>>>>>>> the >>>>>>>>>>>>> Customer service network. A tech will pick up the router and >>>>>>>>>>>>> install it at >>>>>>>>>>>>> another POP. infecting that POP. he will also bring his laptop >>>>>>>>>>>>> back and >>>>>>>>>>>>> connect it to my network. My machine has no real antimalware and >>>>>>>>>>>>> he will >>>>>>>>>>>>> infect it across that network. My machine has all the keys to the >>>>>>>>>>>>> castle. >>>>>>>>>>>>> >>>>>>>>>>>>> the reality is they guy probably had slow wifi in his detached >>>>>>>>>>>>> garage 1500 feet from his house, and his buddy mike said he must >>>>>>>>>>>>> be >>>>>>>>>>>>> infected with some really nasty virus because his portable >>>>>>>>>>>>> version of AVG >>>>>>>>>>>>> from 2010 cant find it so it must be direct from anonymous. >>>>>>>>>>>>> >>>>>>>>>>>>> On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds < >>>>>>>>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Cross platform malware is a Thing now, and has been for >>>>>>>>>>>>>> several years. It's fortunately not very prevalent yet. >>>>>>>>>>>>>> On Apr 10, 2016 3:36 PM, "Bill Prince" < >>>>>>>>>>>>>> <part15...@gmail.com>part15...@gmail.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I don't believe it. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> We have a friend that comes to some outrageous conclusions >>>>>>>>>>>>>>> with scant information, and practically zero technical >>>>>>>>>>>>>>> knowledge. Yet when >>>>>>>>>>>>>>> he explains something, he sounds perfectly reasonable with >>>>>>>>>>>>>>> impeccable >>>>>>>>>>>>>>> logic. It just never is. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> bp >>>>>>>>>>>>>>> <part15sbs{at}gmail{dot}com> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> So we have this customer who experienced a ferocious >>>>>>>>>>>>>>> malware, still waiting on more details from the customer, its >>>>>>>>>>>>>>> very >>>>>>>>>>>>>>> interesting because it crossed multiple platforms. multiple >>>>>>>>>>>>>>> cell phones, a >>>>>>>>>>>>>>> satellite DVR, a PC etc. Im not sure how he verified infection, >>>>>>>>>>>>>>> but he did >>>>>>>>>>>>>>> have to factory his phones, his PC he said required a hard drive >>>>>>>>>>>>>>> replacement (not sure what or who decided this) not sure how >>>>>>>>>>>>>>> the satellite >>>>>>>>>>>>>>> DVR was mitigated. He thinks it came from a Rise Broadband >>>>>>>>>>>>>>> (formerly >>>>>>>>>>>>>>> Prairie Inet ESSID (I doubt this, the ESSIDs prairie inet ran >>>>>>>>>>>>>>> were open, >>>>>>>>>>>>>>> with other security for the access) >>>>>>>>>>>>>>> With it being as cross platform as it was im wondering how i >>>>>>>>>>>>>>> would check the air router we provide to see if it got hit as >>>>>>>>>>>>>>> well. All we >>>>>>>>>>>>>>> do is a dump file on the current firmware that sets a password, >>>>>>>>>>>>>>> ensures 443 >>>>>>>>>>>>>>> is open, sets a DMZ to an IP out of the DHCP scope, and we >>>>>>>>>>>>>>> manually set the >>>>>>>>>>>>>>> ESSID with WPA2, the key being the MAC on the label ( it think >>>>>>>>>>>>>>> this is the >>>>>>>>>>>>>>> WLAN) (we disable snmp, telnet, but leave ssh open), we also >>>>>>>>>>>>>>> turn off CDP >>>>>>>>>>>>>>> and the ubnt discovery >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Im hoping he has some good info on what this actually was, >>>>>>>>>>>>>>> and its not just a case of his buddy jim telling him all this. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Anybody know of something in the wild capable of hitting all >>>>>>>>>>>>>>> these devices across a network (wired/wireless) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Im asking about the airrrouter in particular, considering if >>>>>>>>>>>>>>> it were impacted, that could be a mess at the POP since most >>>>>>>>>>>>>>> customer NAT >>>>>>>>>>>>>>> are in the same subnet, with duplicate configs >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> If you only see yourself as part of the team but you don't >>>>>>>>>>>>>>> see your team as part of yourself you have already failed as >>>>>>>>>>>>>>> part of the >>>>>>>>>>>>>>> team. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>>>> your team as part of yourself you have already failed as part of >>>>>>>>>>>>> the team. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>> your team as part of yourself you have already failed as part of >>>>>>>>>>> the team. >>>>>>>>>>> >>>>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>> team as part of yourself you have already failed as part of the team. >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>> >>> >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >