Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:PrivacyBadger = ABP code & inferior vs. hos (Score 1) 75

Can PrivacyBadger do 16 things hosts do for speed, security, & reliability:

5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
8.) Protect vs. spam
12.) Keep you off dns request logs

From a HOSTS advocate:
Only if one has that address in their HOSTS file to begin with.

Can't post what I want: Filter error: Lameness filter encountered

but 6 days of phone calls up to 6 a day, then hijacked to a PS3 to face this
http://i60.tinypic.com/2iiip3r...

Still don't know if I should report it to the FCC as at face value it's a violation of the Net Neutrally act. - an ISP can't redirect for profit, thing is I use OpenDNS.

Yes system was check very thoroughly (autoruns) nothing on my end.

Submission + - This malware attack is personal yet has 6 days warning

Trax3001BBS writes: (lot of work, spaces stay, I use a text editor)

I started getting area code 888 calls since the start of the week, tracking it down found many with the same complaint. A few said it was charter and had no kind words their way. I saw the 888 calls a war dialer with a mission (looking for something specific, and feel verified in that thought as of today.



Numbers I have listed and I'm sure a bounty can be found for each with group bonuses, I figure they used war dialer type setup that just called non stop, if answered they hang up. They were searching for something and very much involved in the encounter.

two days ago 888 901-0293 |4 days ago 888 901-0293 X 6 | 5 day ago 888 901-0293 X 6 | 6 days ago 888 901-0293 X 5



I honestly feel I was being stalked for information well in advance to being attacked, seems like a lot of work for the outcome. I was intercepted on the way to powergrep.com (man in the middle?) assuming flash was involved I didn't click on anything just took snapshot and hit browser's quit button (top Right).



Have snapshot of encounter that uses Charter name as it's heavy. Pays to play games, Fraps is always waiting and ones reflexes tuned http://i60.tinypic.com/2iiip3r.jpg I spent a lot of time in the COMODO firewall/defense logs as I saw an alert; there was nothing there; then noticed it was Norton alert, I don't think I've run Norton since Win98.



Talk about being ready I was sniffing during this time with HTTPNetworkSniffer and smartsniff from http://www.nirsoft.net/, a bit of info and speculation on this, I see the attack coming from the ASUS DDNS (mine ASUS_RT-AC66U). Last night I noticed the USB was installed but inactive (the port shut down, and no indication of it in the setup)



My IP address just prior to this XX-XX-XXX-XXX.dhcp.mant.nc.charter.com I had just come back from GRC.com so verified IP address, while I meant to scan the ports listed in the logs at GRC.com I haven't yet.



The encounter

http://1765458528.rsc.cdn77.-added-org/index-QQ.html?isp=Charter+Communications&browser=Opera&browserversion=%7Bbrowserversion%7D&ip=%7Bip%7D&os=Windows&osversion=7&sxid=6h43cr0698j9



This is who they are https://www.robtex.com/en/advi...



Router log,

much of it not posted due to size but the USB web accessible pendrive saw a lot of action and config changes — (I'm sure it was disable at that time but can't call it).



Aug 12 01:46:35 kernel: usb 1-1.1: new low speed USB device using ehci_hcd and address 40

Aug 12 01:46:35 kernel: usb 1-1.1: device descriptor read/64, error -32

Aug 12 01:46:36 kernel: usb 1-1.1: device descriptor read/64, error -32

Aug 12 01:46:36 kernel: usb 1-1.1: new low speed USB device using ehci_hcd and address 41

Aug 12 01:46:36 kernel: usb 1-1.1: device descriptor read/64, error -32

Aug 12 01:46:36 kernel: usb 1-1.1: device descriptor read/64, error -32

Aug 12 01:46:36 kernel: usb 1-1.1: new low speed USB device using ehci_hcd and address 42

Aug 12 01:46:37 kernel: usb 1-1.1: device not accepting address 42, error -32

Aug 12 01:46:37 kernel: usb 1-1.1: new low speed USB device using ehci_hcd and address 43

Aug 12 01:46:37 kernel: usb 1-1.1: device not accepting address 43, error -32

Aug 12 01:46:37 kernel: hub 1-1:1.0: unable to enumerate USB device on port 1

Aug 12 01:46:45 WAN(0) Connection: Ethernet link down.

Aug 12 01:46:45 stop_nat_rules: apply the redirect_rules!

Aug 12 01:48:56 WAN(0) Connection: Ethernet link up.

Aug 12 01:48:56 rc_service: wanduck 254:notify_rc restart_wan_if 0

Aug 12 01:48:56 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:48:56 kernel: Attempt to kill tasklet from interrupt

Aug 12 01:48:56 kernel: br0: port 1(vlan1) entering disabled state

Aug 12 01:48:56 kernel: vlan1: dev_set_promiscuity(master, 1)

Aug 12 01:48:56 kernel: br0: port 1(vlan1) entering learning state

Aug 12 01:48:56 miniupnpd[1042]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address

Aug 12 01:48:56 miniupnpd[1042]: Failed to get IP for interface eth0

Aug 12 01:48:56 miniupnpd[1042]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping

Aug 12 01:48:56 kernel: br0: topology change detected, propagating

Aug 12 01:48:56 kernel: br0: port 1(vlan1) entering forwarding state

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.2#53 for domain local

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.1#53 for domain local

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.1#53

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.2#53

Aug 12 01:48:56 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.2#53 for domain local

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.1#53 for domain local

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.1#53

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.2#53

Aug 12 01:48:56 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:48:56 rc_service: udhcpc 3498:notify_rc start_firewall

Aug 12 01:48:56 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!

Aug 12 01:48:56 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.2#53 for domain local

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.1#53 for domain local

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.1#53

Aug 12 01:48:56 dnsmasq[276]: using nameserver 71.10.216.2#53

Aug 12 01:48:56 wan: finish adding multi routes

Aug 12 01:48:56 rc_service: udhcpc 3498:notify_rc stop_upnp

Aug 12 01:48:56 rc_service: waitting "start_firewall" via udhcpc ...

Aug 12 01:48:57 miniupnpd[1042]: shutting down MiniUPnPd

Aug 12 01:48:58 rc_service: udhcpc 3498:notify_rc start_upnp

Aug 12 01:48:58 miniupnpd[3540]: HTTP listening on port 33087

Aug 12 01:48:58 miniupnpd[3540]: Listening for NAT-PMP/PCP traffic on port 5351

Aug 12 01:48:59 ddns update: ez-ipupdate: starting...

Aug 12 01:49:00 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80.

Aug 12 01:49:00 dnsmasq-dhcp[276]: DHCPDISCOVER(br0) 48:5b:39:5d:0b:11

Aug 12 01:49:00 dnsmasq-dhcp[276]: DHCPOFFER(br0) 192.168.1.162 48:5b:39:5d:0b:11

Aug 12 01:49:00 dnsmasq-dhcp[276]: DHCPREQUEST(br0) 192.168.1.162 48:5b:39:5d:0b:11

Aug 12 01:49:00 dnsmasq-dhcp[276]: DHCPACK(br0) 192.168.1.162 48:5b:39:5d:0b:11 Deaf

Aug 12 01:49:00 ddns update: Asus update entry:: return: HTTP/1.1 200 OK^M Date: Wed, 12 Aug 2015 08:48:59 GMT^M Server: Apache/2.4.9 (Unix) PHP/5.5.14 OpenSSL/1.0.1h^M X-Powered-By: PHP/5.5.14^M Content-Length: 0^M Connection: close^M Content-Type: text/html^M ^M

Aug 12 01:49:00 ddns update: retval= 0, ddns_return_code (,200)

Aug 12 01:49:00 ddns update: asusddns_update: 0

Aug 12 01:49:00 ddns: ddns update ok

Aug 12 01:49:00 kernel: HTB: quantum of class 10002 is big. Consider r2q change.

Aug 12 01:49:00 kernel: HTB: quantum of class 10060 is big. Consider r2q change.

Aug 12 01:49:01 dhcp client: bound XX.XX.XXX.XXX via 71.15.168.1 during 23630 seconds.

Aug 12 01:49:02 WAN(0) Connection: Ethernet link up.

Aug 12 01:49:02 rc_service: wanduck 254:notify_rc restart_wan_if 0

Aug 12 01:49:02 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.2#53 for domain local

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.1#53 for domain local

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.1#53

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.2#53

Aug 12 01:49:02 miniupnpd[3540]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address

Aug 12 01:49:02 miniupnpd[3540]: Failed to get IP for interface eth0

Aug 12 01:49:02 miniupnpd[3540]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping

Aug 12 01:49:02 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.2#53 for domain local

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.1#53 for domain local

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.1#53

Aug 12 01:49:02 dnsmasq[276]: using nameserver 71.10.216.2#53

Aug 12 01:49:02 kernel: Attempt to kill tasklet from interrupt

Aug 12 01:49:02 kernel: br0: port 1(vlan1) entering disabled state

Aug 12 01:49:02 kernel: br0: port 1(vlan1) entering learning state

Aug 12 01:49:02 kernel: br0: topology change detected, propagating

Aug 12 01:49:02 kernel: br0: port 1(vlan1) entering forwarding state

Aug 12 01:49:03 dnsmasq-dhcp[276]: DHCPINFORM(br0) 192.168.1.162 48:5b:39:5d:0b:11

Aug 12 01:49:03 dnsmasq-dhcp[276]: DHCPACK(br0) 192.168.1.162 48:5b:39:5d:0b:11 Deaf

Aug 12 01:49:04 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:49:04 rc_service: udhcpc 3576:notify_rc start_firewall

Aug 12 01:49:04 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!

Aug 12 01:49:04 dnsmasq[276]: read /etc/hosts — 5 addresses

Aug 12 01:49:04 dnsmasq[276]: using nameserver 71.10.216.2#53 for domain local

Aug 12 01:49:04 dnsmasq[276]: using nameserver 71.10.216.1#53 for domain local

Aug 12 01:49:04 dnsmasq[276]: using nameserver 71.10.216.1#53

Aug 12 01:49:04 dnsmasq[276]: using nameserver 71.10.216.2#53

Aug 12 01:49:05 wan: finish adding multi routes

Aug 12 01:49:05 rc_service: udhcpc 3576:notify_rc stop_upnp

Aug 12 01:49:05 rc_service: waitting "start_firewall" via udhcpc ...

Aug 12 01:49:06 miniupnpd[3540]: shutting down MiniUPnPd

Aug 12 01:49:07 rc_service: udhcpc 3576:notify_rc start_upnp

Aug 12 01:49:07 miniupnpd[3616]: HTTP listening on port 58919

Aug 12 01:49:07 miniupnpd[3616]: Listening for NAT-PMP/PCP traffic on port 5351

Aug 12 01:49:08 ddns update: ez-ipupdate: starting...

Aug 12 01:49:08 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80.

Aug 12 01:49:09 ddns update: Asus update entry:: return: HTTP/1.1 200 OK^M Date: Wed,12Aug





I watched it last night as the sniffer (HTTPNetworkSniffer (http://www.nirsoft.net/)) showed a burst of activity that involved router config changes through *.xml files. With one router piggy backing the other, one can self justify just about anything.



A grab of what was happening

Host Name Method Content Type Response Code Response String Path Referer URL Content Encoding Transfer Encoding Content Length Connection Cache Control Last Modified Time Location Server Time Expiration Time Client Address Server Address Request Time Response Time User Agent

192.168.1.1 GET text/xml 200 Ok /cpu_ram_status.xml http://192.168.1.1/device-map/... http://192.168.1.1/cpu_ram_sta... 210 close no-cache 8/12/2015 12:31:58 AM 192.168.1.162:62827 192.168.1.1:80 00:09:04.559 0 ms Opera/9.80 (Windows NT 6.1; WOW64; U; en) Presto/2.10.289 Version/12.00



My setup is odd as my phone will only access the Netgear wifi, so a Netgear plugs into the back of my ASUS_RT-AC66U router, I've had the Netgear access the Internet recently as 10.0.0.1, that drew a lot of interest, unrooted cell phones can't be controlled when they want out. wifi > router > router > out. both Google (sb.l.google.com) and Microsoft (go.microsoft.com) were the first to arrive, followed by many of the Internet enforcement who camping my IP and pinged the whole time. I turn off the Netgear, planning another approach to the problem.



While the times are wrong, it's the span of time the attempted whatever was supposed to of happened took place. They didn't expect me, they were after my mom a city away or one like her.



Of two sniffers only HTTPNetworkSniffer functioned, smartsniffer seems to of quit trying since yesterday, it would of had many more details of the deed. Was it disabled, I don't know but it's been pretty unresponsive (haven't been able to configure it since yesterday)

sniffer log:

==================================================

Host Name : 192.168.1.1:58919

Method : GET

Content Type : text/xml; charset="utf-8"

Response Code : 200

Response String : OK

Path : /rootDesc.xml

Referer :

URL : http://192.168.1.1:58919/rootD...

Content Encoding :

Transfer Encoding :

Content Length : 2581

Connection : close

Cache Control :

Last Modified Time:

Location :

Server Time :

Expiration Time :

Client Address : 192.168.1.162:49375

Server Address : 192.168.1.1:58919

Request Time : 00:04:35.437

Response Time : 0 ms

User Agent : FDSSDP

==================================================



Host Name : 192.168.1.1:58919

Method : GET

Content Type : text/xml; charset="utf-8"

Response Code : 200

Response String : OK

Path : /rootDesc.xml

Referer :

URL : http://192.168.1.1:58919/rootD...

Content Encoding :

Transfer Encoding :

Content Length : 2581

Connection : close

Cache Control :

Last Modified Time:

Location :

Server Time :

Expiration Time :

Client Address : 192.168.1.162:49378

Server Address : 192.168.1.1:58919

Request Time : 00:04:46.928

Response Time : 0 ms

User Agent : FDSSDP

==================================================



router log of activity on port 58919

Aug 12 01:49:07 miniupnpd[3616]: HTTP listening on port 58919

Aug 12 01:49:07 miniupnpd[3616]: Listening for NAT-PMP/PCP traffic on port 5351

Aug 12 01:49:08 ddns update: ez-ipupdate: starting...

Aug 12 01:49:08 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80.

Aug 12 01:49:09 ddns update: Asus update entry:: return: HTTP/1.1 200 OK^M Date: Wed, 12 Aug



The above is about my USB device which can be accessed via DDNS if registered via ASUS. Which is odd if you don't register ASUS never includes you and it's still accessible via web, Odder, I don't care for cloud systems for the simple fact once registered ASUS has the contents of your USB drive.



Now is anybody going to show any concern or even interest in this? Pry not, I did call 911 as I wanted those 888 operators shot they did call a lot of times this last week, he sighed and refused and said unless there's a victim no crime, so I didn't mention the wallet I grabbed leaving. Haven't contacted charter yet but have been trying, I've done all the work for them, I've gotten around 9 Notice of Copyright Infringement's sent my way, so have a personal interest in this.



Cop did seem impressed that nothing had happened to me, no loss of any sort, saying if people fall for this they shouldn't be on the Internet my thoughts immediately went to many I know. Have IP address, time zone, and phone number I'm sorry I can't do better than that, now which AV company wanted that info before they acted?

Comment Re:Got an alert! My first one with PB, one years u (Score 1) 136

it's just http://testmy.net/ was Google yet they hid the fact, vs Flurry.com, it took some digging and many links from original ToS but you would find a Google ToS. A post reply was by one of the admins of how much they enjoyed working for Google, and I questioned the ToS; It was changed to a Google ToS; Changed now to: no clue (not read yet)

Read, it takes a link from "Third Parties & Use of Cookies" in the Privacy Policy to show it is a Google site http://www.google.com/policies...

Comment Got an alert! My first one with PB, one years use. (Score 1) 136

https://www.robtex.com/ clicking on a disqus.com icon you will be met with a requester to abort and reason: "Logging into Disqus can allow it to track you around the web". Answering no shows what u had to post was not that important.

My Post was to help, the IP address 72.21.91.29 shows over 100 pages containing malware (most I've seen) but it's a feed for the UseNet where Malware is expected and fairly obvious. Not a big deal.

I took a back door approach to get a disqus.com account (through robtex.com) I had no ToS (privacy policy) to read.

Post to Robtex.com can be posted without account, and how I will from now on.

Was kool though, sitting unobtrusively all this time in the menu bar, when it tosses up an alert you take notice. The reason for Privacy Badger showing a plus, sorry but many just say a bad site ahead awaits u.

That Disqus.com didn't make the HOSTS file? No clue, I dropped the ball.

I have checked https://www.robtex.com/ while I found no Google links before, nor mention of Google in the FAQ (no ToS), the site reeks of Google (very nice, good useful info). It's no big deal, it's just http://testmy.net/ was Google yet they hid the fact, vs Flurry.com, it took some digging and many links from original ToS but you would find a Google ToS. A post reply was by one of the admins of how much they enjoyed working for Google, and I questioned the ToS; It was changed to a Google ToS; Changed now to: no clue (not read yet) but just assume Google and do what you do - I leave Google alone but for advertising, and data collection other than what I know (my choice) is going to be Public domain (my searches for one).

FWIW https://disqus.com/ gives no alert.

Submission + - Australians forced to pay as latest encryption virus is 'unbreakable'->

An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus ..

The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam.

The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers.

Link to Original Source

Comment Re:Anyone thinking about health here? (Score 1) 43

Man I'd hate to be someone in the middle of that path without knowing it, perhaps where a fault or something ejects lots of these neutrinos upward through some guys bedroom where he sits idle for hours absorbing them.....

Now he's just been bombarded for days on end and starts developing weird symptoms without a clue why.

Seems like this should be regulated.

A friend showed me "his" computers where he worked as the computer tech. This WiFi and that WiFi. All I could say was do you know how many waves you have going on here; the people were seriously immersed in them.

Now were all in his office.

Comment First and formost you root it (Score 1) 133

Find a site that supports your device. You can get rooting information and the real answers your looking for, as CyanoGen isn't the only ROM out there; many are made by users who will access that site.

Once rooted (jail broken) you can add a HOSTS file, programs to change the permissions of a program (as any game is going to want your info and out), just a lot more freedom to do what you want.

Older Android devices you need to access your developers options, newer devices you need to get it to show by opening up the (about device) option and I forget just which one but by tapping 7 times on it will work, when you get close to 7 you will start getting warnings.

Comment Re:I thought we knew... (Score 3, Interesting) 43

Actually, oscillating neutrinos have been detected before. They just were from the sun, not human made.
https://en.wikipedia.org/wiki/...

IIRC it's how we detect a supernova before we see the fireball--the neutrinos are so small and move so fast that they make it out of the core of the exploding star a short time before the star actually explodes, giving us a chance to train an instrument or two on the star.

Astrophysicists in the room, feel free to correct me.

Yes, had detectors all set up waiting for a hit when super nova 1987 came our way, proof positive of neutrinos and their production. https://en.wikipedia.org/wiki/...

1987a was only seen in the Southern Hemisphere, was said the astronomer who saw it through telescope did a very odd thing, went outside to look at it :) .

Submission + - Firefox's Secret Requests 1

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS and no javascript needed. Try it for yourself. Disable CSS and javascript in Firefox and fire up iftop, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the "real link" before you clicked on it. Well no more. Just looking at it makes a 'secret request'.

Comment Re:Summary is kind of deceptive. (Score 1) 43

Actually, oscillating neutrinos have been detected before. They just were from the sun, not human made.
https://en.wikipedia.org/wiki/...

I was disappointed mass less neutrinos that oscillate, not so mass less. Now I'm reading almost mass less. This is an area one has to keep up with daily or be left behind.

What the gods would destroy they first submit to an IEEE standards committee.

Working...