Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Wiggly Wayne DDS
Sep 11, 2010





every so often that campaign will message me from a compromised account and i'll tease a bit more of their background out. they're not reselling accounts and only want single specifically valuable trading items

they don't focus based off of inventory though and it's entirely a manual effort. the person chatting passes compromised accounts to someone else to sift for valuables

they recently changed their domain and backend but that was after months of the same plan. the script hasn't changed and still gets low hanging fruit through perseverance

naturally even this brings a more stable income than local jobs, and they view it as just entertainment products so no moral issues

Adbot
ADBOT LOVES YOU

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Wiggly Wayne DDS posted:

every so often that campaign will message me from a compromised account and i'll tease a bit more of their background out. they're not reselling accounts and only want single specifically valuable trading items

they don't focus based off of inventory though and it's entirely a manual effort. the person chatting passes compromised accounts to someone else to sift for valuables

they recently changed their domain and backend but that was after months of the same plan. the script hasn't changed and still gets low hanging fruit through perseverance

naturally even this brings a more stable income than local jobs, and they view it as just entertainment products so no moral issues

If I remembered the account that messaged me, I would go and report it, but it was a distant acquaintance and they make sure to block everyone after they're done running the script or deviate from it, so I can't pull them up again. Hopefully someone else on their friends list alerts them.

The psychology of phishers/scammers is interesting; I watch a lot of scambaiting videos on YouTube and occasionally the uploader will get through to the scammer at the end of the saga and confront them about what they're doing. Indeed, most of them believe themselves morally sound; after all, why would you keep doing it day after day if it didn't rest easy on your conscience? It's good to hear that they're focused on items and not going to try and resell my email on the darkweb or something (joke would be on them, it doesn't exist anymore), or try to lock me out/compromise related accounts, but obviously I'm not going to take any chances!

e: I also hope this inspires some of you to go on a password updating/MFA enabling spree like I did when I posted about my friend's Twitter account being mysteriously compromised a while back. Bought me some peace of mind!

Cup Runneth Over fucked around with this message at 22:57 on Apr 1, 2021

Internet Explorer
Jun 1, 2005


Oven Wrangler

Sure, but just to be clear to the casual reader, this isn't prevented by a strong password or MFA.

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Internet Explorer posted:

Sure, but just to be clear to the casual reader, this isn't prevented by a strong password or MFA.

Of course, since I had both. But having Steam Guard on certainly limited the changes an attacker could make to my account, and having a password manager means my passwords are unique, so one being stolen won't allow the attacker to compromise other accounts, and I only have to change 1 if it's compromised.

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!


Pillbug

Cup Runneth Over posted:

Of course, since I had both. But having Steam Guard on certainly limited the changes an attacker could make to my account, and having a password manager means my passwords are unique, so one being stolen won't allow the attacker to compromise other accounts, and I only have to change 1 if it's compromised.

MFA all the things.

Volmarias
Dec 31, 2002


Internet Explorer posted:

Bravo on you for sharing.

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA


BlankSystemDaemon posted:

Mikrotik is supposedly the other option.
I bought a five-port switch with four 10G SFP+ cages and one 1GbE port, and aside from missing documentation about baudrate for serial connection via uplcom(4) and no mention of (10k) jumboframes being the default on all ports, it seems fine once I switched it to SwOS.

Mikrotik is surprisingly good if you want to use a late 90s config management tool (winbox.exe) to manage your internet poo poo, and don't mind some Slavic jank that seems to ooze through in strange areas (several routing engines being single threaded, on a 16+ core machine).

Config it right, lock down all the config ports and turn off all services you don't actively use, and subscribe to the 'Uhhhhhh, we, perhaps, maybe, might have hosed up' mailer. I've had my cloud core router thing for 4? years and aside from periodically updating it, I've had exactly zero issues with it.

Their wireless stuff is less slick than the Ubiquiti stuff, but once you get it set up, the stuff lasts for years, but setting them up can be annoying. And if Mikrotik gets hellowned, just reset your mikrotik owners forums password, and possibly roll back a dodgy update to a previous version.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

someone tried to phish my steam account with this visible in the bottom of the login page




also, iirc steam does actually send you the location on new access? you get sent to a link where it shows yours and theirs

KozmoNaut
Apr 23, 2008

Happiness is a warm
Turbo Plasma Rifle


Methylethylaldehyde posted:

Mikrotik is surprisingly good if you want to use a late 90s config management tool (winbox.exe) to manage your internet poo poo, and don't mind some Slavic jank that seems to ooze through in strange areas (several routing engines being single threaded, on a 16+ core machine).

The 90s/early 2000s feel of the config tools and web interfaces is something I find almost endearing, in a "yeah, we don't spend much time on polish, but our gear can do so much neat stuff!" way.

Wifi channels? No, have a list of frequencies, including a bunch that don't adhere to the standards (eg. 5MHz spacing instead of 20MHz), better know what you're doing!

I still haven't figured out how to make DHCP traverse to a client behind an AP in client mode, but that is kind of hacky setup in the first place, I really should just pull some cat6.

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Biowarfare posted:

someone tried to phish my steam account with this visible in the bottom of the login page




also, iirc steam does actually send you the location on new access? you get sent to a link where it shows yours and theirs

Nah, didn't even receive an email telling me I'd logged in from a new location.

BelDin
Jan 29, 2001


KozmoNaut posted:

The 90s/early 2000s feel of the config tools and web interfaces is something I find almost endearing, in a "yeah, we don't spend much time on polish, but our gear can do so much neat stuff!" way.

Wifi channels? No, have a list of frequencies, including a bunch that don't adhere to the standards (eg. 5MHz spacing instead of 20MHz), better know what you're doing!

I still haven't figured out how to make DHCP traverse to a client behind an AP in client mode, but that is kind of hacky setup in the first place, I really should just pull some cat6.

My first purchase was a 16 port SFP+ switch to replace my Nexus 5548 in the homelab, and my ears have never been happier!

Definitely took some learning how to make things work properly in Mikrotik land, but solid hardware. Software web interface definitely looked identical to a Geocities page.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Methylethylaldehyde posted:

Mikrotik is surprisingly good if you want to use a late 90s config management tool (winbox.exe) to manage your internet poo poo, and don't mind some Slavic jank that seems to ooze through in strange areas (several routing engines being single threaded, on a 16+ core machine).

Config it right, lock down all the config ports and turn off all services you don't actively use, and subscribe to the 'Uhhhhhh, we, perhaps, maybe, might have hosed up' mailer. I've had my cloud core router thing for 4? years and aside from periodically updating it, I've had exactly zero issues with it.

Their wireless stuff is less slick than the Ubiquiti stuff, but once you get it set up, the stuff lasts for years, but setting them up can be annoying. And if Mikrotik gets hellowned, just reset your mikrotik owners forums password, and possibly roll back a dodgy update to a previous version.
I'm using it in switch mode and the only configuration I've done to it was via a serial connection, so it's entirely what I need it to be

EVIL Gibson
Mar 23, 2001

Internet of Things is just someone else's computer that people can't help attaching cameras and door locks to!


Switchblade Switcharoo

KozmoNaut posted:

The 90s/early 2000s feel of the config tools and web interfaces is something I find almost endearing, in a "yeah, we don't spend much time on polish, but our gear can do so much neat stuff!" way.

Wifi channels? No, have a list of frequencies, including a bunch that don't adhere to the standards (eg. 5MHz spacing instead of 20MHz), better know what you're doing!

I still haven't figured out how to make DHCP traverse to a client behind an AP in client mode, but that is kind of hacky setup in the first place, I really should just pull some cat6.

Remember appreciating the hell out of open source when you flashed your router with something like WRT54G and get a soooooo many more options and a UI that felt so good.

Network security is still kind of a black magic to me.

"You mean there are things in windows networks that *give* you password hashes?!?".

I recently set up my Valheim server on a new subnet on its own vlan id. Spent a day and a half figuring out how to come out of the old subnet to the server subnet, but only in that direction (no server creating connections my client) to play on the server and it demonstrated to me I will never be a network admin/security guy.

Before I figured it out, I had to VPN out and come back in on the afraid.org dyndns my external ip is connected to which I am now realizing is very problematic and another big headache.

KozmoNaut
Apr 23, 2008

Happiness is a warm
Turbo Plasma Rifle


EVIL Gibson posted:

Remember appreciating the hell out of open source when you flashed your router with something like WRT54G and get a soooooo many more options and a UI that felt so good.

My WRT54G running DD-WRT and later Tomato certainly did pull its weight in my old dorm room, lots of fun tweaking around to avoid issues with the ~25 other networks I could detect, all of them 2.4GHz of course, none of us were fancy enough for 802.11a.

I had an old Alphaserver 1000A running NetBSD as a file server and to SSH into, when I got bored in class. 400MHz 64-bit CPU, something like 640MB RAM, a 5x36GB RAID5 for files and 2x18 RAID1 for system, using pilfered disks from an old decommisioned DEC SAN setup.

Man that thing was noisy as hell in a dorm room.

Albinator
Mar 31, 2010



Cup Runneth Over posted:

If I remembered the account that messaged me, I would go and report it, but it was a distant acquaintance and they make sure to block everyone after they're done running the script or deviate from it, so I can't pull them up again. Hopefully someone else on their friends list alerts them.

The psychology of phishers/scammers is interesting; I watch a lot of scambaiting videos on YouTube and occasionally the uploader will get through to the scammer at the end of the saga and confront them about what they're doing. Indeed, most of them believe themselves morally sound; after all, why would you keep doing it day after day if it didn't rest easy on your conscience? It's good to hear that they're focused on items and not going to try and resell my email on the darkweb or something (joke would be on them, it doesn't exist anymore), or try to lock me out/compromise related accounts, but obviously I'm not going to take any chances!

e: I also hope this inspires some of you to go on a password updating/MFA enabling spree like I did when I posted about my friend's Twitter account being mysteriously compromised a while back. Bought me some peace of mind!

Awareness is of course important too - we've been laughing at dumb goons getting caught by this over in the Steam thread for months now

e: glad nothing of value was lost because you had defense in depth, but of course the true defense is to not have any friends

Albinator fucked around with this message at 01:40 on Apr 4, 2021

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Albinator posted:

but of course the true defense is to not have any friends

Truer words were never spoken

Volmarias
Dec 31, 2002


The best defense is to have nothing to defend. Delete your accounts, encase your computer in concrete, and drop it in the sea as you sail away to your new life.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.



Volmarias posted:

The best defense is to have nothing to defend. Delete your accounts, encase your computer in concrete, and drop it in the sea as you sail away to your new life.

And the next day it'll be revealed that concrete has been vulnerable to an aggregate overflow attack since the incorporation of volcanic ash in version 4.6 in 31 BC.

Volmarias
Dec 31, 2002


My threat model does not include octopi

Arivia
Mar 17, 2011
BUT DID ANY OF YOU STOP FOR ONE SECOND TO CONSIDER HOW THIS EFFECTS ME PERSONALLY?! NO YOU DID NOT BECAUSE I AM STUPID AND UNIMPORTANT! GOOD JOB! KEEP IT UP!

Seriously though. Ignore me. For your health.

Volmarias posted:

My threat model does not include octopi

I have a vagina and live on the same planet as Japan, so mine does.

SMEGMA_MAIL
May 4, 2018


THUNDERDOME LOSER 2021





Arivia posted:

I have a vagina and live on the same planet as Japan, so mine does.

Absurd Alhazred
Mar 27, 2010

I'm the babyliberal, gotta love me!


So your phone number(s) are probably out there.

https://twitter.com/mikko/status/1378694432652939264

Martytoof
Feb 25, 2003







Yeah my buddy just confirmed my phone info is in the leak. Feels bad man.

droll
Jan 9, 2020


Deleted my Facebook about 10 months ago, I'm not showing up in have I been pwned for Facebook. So the data appears to be fairly recent.

Subjunctive
Sep 12, 2006

sparkle and shine



No, the data is from 2019, but not every account got hit by the phone number association attack.

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Never had a Facebook.

Volmarias
Dec 31, 2002


Arivia posted:

I have a vagina and live on the same planet as Japan, so mine does.

Better encase it with concrete then

SMEGMA_MAIL
May 4, 2018


THUNDERDOME LOSER 2021





Huh, I'm not in it. Lucky me. Guess it's time to delete my facebook, don't think I've used it for a couple years now.

RFC2324
Jun 7, 2012

http 418



how are you checking phone numbers?

BaseballPCHiker
Jan 16, 2006



RFC2324 posted:

how are you checking phone numbers?

Would be curious to know as well. I saw one shady site that claimed to be checking numbers but that was it - https://www.thenewseachday.com/facebook-phone-numbers-us

Have I been pwned has added the breach to their database as well - https://haveibeenpwned.com/PwnedWebsites#Facebook but im not sure if they're just checking emails associated with the breach or letting you search for numbers.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

BaseballPCHiker posted:

Would be curious to know as well. I saw one shady site that claimed to be checking numbers but that was it - https://www.thenewseachday.com/facebook-phone-numbers-us

Have I been pwned has added the breach to their database as well - https://haveibeenpwned.com/PwnedWebsites#Facebook but im not sure if they're just checking emails associated with the breach or letting you search for numbers.

Troy has been discussing on Twitter whether or not to add the phone numbers, donít think heís decided yet.

RFC2324
Jun 7, 2012

http 418



BaseballPCHiker posted:

Would be curious to know as well. I saw one shady site that claimed to be checking numbers but that was it - https://www.thenewseachday.com/facebook-phone-numbers-us

Have I been pwned has added the breach to their database as well - https://haveibeenpwned.com/PwnedWebsites#Facebook but im not sure if they're just checking emails associated with the breach or letting you search for numbers.

You can currently only check by email, as of late last night. Mine didn't show up as having been pwned by facebook(always fun running an email thats been active for 20 years through that database)

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Cup Runneth Over posted:

Never had a Facebook.
No, but Facebook have a profile for you anyhow.
Every one of the "share" buttons you see on every page can be used to build a pretty comprehensive shadow profile on anyone on the internet, and they're incredibly hard to block.

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





BlankSystemDaemon posted:

No, but Facebook have a profile for you anyhow.
Every one of the "share" buttons you see on every page can be used to build a pretty comprehensive shadow profile on anyone on the internet, and they're incredibly hard to block.

Well, don't know how hard they are exactly, but I've been using EasyPrivacy's uBlock list for years, among others.

The Iron Rose
May 12, 2012

Cat Army


Cup Runneth Over posted:

Well, don't know how hard they are exactly, but I've been using EasyPrivacy's uBlock list for years, among others.

Lol well this definitely wonít do it

RFC2324
Jun 7, 2012

http 418



thats the old busted compromised ublock, isn't it?

BaseballPCHiker
Jan 16, 2006



BlankSystemDaemon posted:

No, but Facebook have a profile for you anyhow.
Every one of the "share" buttons you see on every page can be used to build a pretty comprehensive shadow profile on anyone on the internet, and they're incredibly hard to block.

The EFF has a privacy badger plugin for Firefox that will accomplish this.

evil_bunnY
Apr 2, 2003



Cup Runneth Over posted:

Never had a Facebook.
That's cool but unless you have no friends with your number in their phone directory that's not much of a difference.

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





RFC2324 posted:

thats the old busted compromised ublock, isn't it?

Nah I use Origin

The Iron Rose posted:

Lol well this definitely won’t do it

I'm not quite enough of a hermit to install NoScript

evil_bunnY posted:

That's cool but unless you have no friends

Where do you think we are

Adbot
ADBOT LOVES YOU

RFC2324
Jun 7, 2012

http 418



BaseballPCHiker posted:

The EFF has a privacy badger plugin for Firefox that will accomplish this.

there is also a plugin that automagically containerizes facebook, called Facebook Container, using Firefoxes built in containers.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply