* Posts by psychonaut

613 posts • joined 11 Sep 2012

Page:

Carbonite online backup accounts under password reuse attack

psychonaut
Bronze badge

Re: Puzzling

agree. id also suspect that they know on average how many users log into the portal on any given timeframe. if there is a large spike, then they can be suspicious.

they are handling it really well. (ive got 200 odd customers on carbonite)

0
0

BOFH: Follow the paper trail

psychonaut
Bronze badge

Fucking Gigantic Mushrooms?

5
0

Fresh hell for TalkTalk customers: TeamView trap unleashed

psychonaut
Bronze badge

Re: Easy to fix...

easy fix - dont give people that you dont know information like your teamviewer id and password, particularly if they have just phoned you up out the blue and have an indian accent

0
0
psychonaut
Bronze badge

Re: Translation

additonal peices of information like the teamviewer id and password?

yes. exactly, so its just people being gullible.

someone random phones you up and you give them all your bank account details, passwords, date of birth and mothers maiden name. same thing.

this hasnt got anything to do with teamviewer. you may as well blame the telephone system for enabling the "hackers" to be able to phone them up or the internet for letting them be able to access their machines.

the claim in the article that the "hackers" remote controlled their pc without them telling them anything is bullshit

0
0
psychonaut
Bronze badge

Re: Translation

i still dont get why then the miscreants bothered to phone the customers, seeing as they could simply remote control their pc's anytime they liked

0
0
psychonaut
Bronze badge

Re: Teamviewer

talk talk definately DO NOT install tv on EVERY customers machine by default. this is bullshit.

they might use it for remote support if customer has a problem, so some of them might have it installed, im pretty sure they would use one time remote support though, rather than the hosted module or the full version.

this article makes no sense at all.

1
1
psychonaut
Bronze badge

Re: Fighting back

<install> -win10 /y

8
0
psychonaut
Bronze badge

Re: Translation

absolutely spot on

1
0
psychonaut
Bronze badge

i call bullshit

this doesnt make any sense.

1) if the miscreants ALREADY had your teamviewer id and passcode why would they bother to phone you up?

2) if TV has been breached (which i dont believe, more like crap passwords, reuse of passwords, 4 digit passcode enabled on TV instead of 10 digit) and they had access to your machine, why would they bother to phone you up?

if, on the other hand, they phoned you up and you are a gullible twat and gave them your temaviewer id and passcode, it all makes sense.

3
0

Developer waits two years for management to define project

psychonaut
Bronze badge

Re: project spec

the project spec usually included all the data we needed regarding fields, format etc....thats her job (well, supposedly, to be honest every time you got her as a PM there would be some kind of disaster)

0
0
psychonaut
Bronze badge

project spec

i got a spec from one of our more useless project managers at the software house i worked at. the project was to write a link between sage payroll and our HR system.

the project spec consisted of

"Write a payroll link between our system and Sage Payroll".

that was it. nothing about what fields, formats, types, who what where when wither whence.

3
1

Brexit threatens Cornish pasty's racial purity

psychonaut
Bronze badge

Re: hand Cheddaring

<finbar saunders>

You'd like to see me hand cheddaring and expanding??

</finbar saunders>

i think i like you already

0
0
psychonaut
Bronze badge

hand Cheddaring

<smirk>

its a EUphemism

7
0

Welcome to the jumbo: Axl Rose tries to take a bite out of 'Fat Axl' internet meme

psychonaut
Bronze badge

Re: this is exactly what i thought

nomity...one genuine compaq AT keyboard on its way. plenty of chow inside it too...

ac1 -

ac2 - yes, but to be fair i was so pissed by then that it didnt really matter. whats a little urine in your coke. its almost recycling at that stage

ac3 - nailed it. although he wasnt late at the freedy mercury tribute. or maybe he was, and they just slotted him in somewhere else. "slotting him in" anywhere now would be require quite a hard shove i think

0
0
psychonaut
Bronze badge

this is exactly what i thought

when the fat fucker kept us waiting for his "gnr tribute" band at Reading a few years ago. nearly 2 fucking hours he kept us waiting in a cold, wet field. needing a piss. alright, having to take a piss in the 2 litre coke bottle full of vodka and coke that you smuggled in. then throwing it at the fat bastard as "paradise city" was turned off mid flow because the fat cunt had overrun his time slot because he was too busy sleeping off the effects of lard-and-cocaine pie before the gig to actually get on stage in time. and they played lots of chinese democracy. an abomination i tell you!

or something.

actually, im not sure you cold sleep off lard-and-cocaine pie. maybe ive wronged him. ok, lard and lard pie. is that better? DO YOU FEEL SATED NOW AXL? jesus. eat a salad or something

18
4

Wi-Fi hack disables Mitsubishi Outlander's theft alarm – white hats

psychonaut
Bronze badge

Re: Why is having it restricted to local Wifi a huge disadvantage?

yeah, but you can do that with a timer and a thermostat. i could do that 20 years ago, i can do it now. heck, the controller in my old house is a 30 year old honeywell. it works just the same. it still works...no firmware upgrades or hacking attempts. it doesn't need to be interwebbed.

1
0
psychonaut
Bronze badge

Re: I run an Outlander PHEV

2 wifi ap's inside a car? how shit is each one???

0
0
psychonaut
Bronze badge

Re: Nope

had the accelerator cable on my westfield snap whilst doing an overtaking manouvre. admittedly, i'd build the fucking thing, so my fault...but i share your pain there

0
0
psychonaut
Bronze badge

Re: Nope

im asking. a dizzy? are you from the past?

0
0
psychonaut
Bronze badge

Re: A Mitsubishi Outlander has the strongest possible anti-theft safeguard

if you get the one with the electric heater, it eats all the battery all the time....the 3h i believe...

nearly bought a phev..did a lot of research. 4h doesnt have that heater problem, although the salesman didnt tell me that. quite liked it actually. and, contrary to previous posts, its pretty quick off the line (for a big heavy thing...i have a z4 and and an xtrail. its somewhere in between...more to the xtrail end of the spectrum admittedly). spacious, great if you are doing under 30 miles a day. you can get a recharge port installed for almost nothing due to grants (or you could) at your home. if you have solar panels as well, you are on a winner.

just didnt think it was quite the right time to invest in the tech...a few more years....

hopefully tesla will do a model t ford and blow the market to bits in the near future. one of my cousins has a tesla....wow, its a great piece of tech..amazing actually, but let he first adopters adopt..those with the very deep pockets....and things will change

0
0
psychonaut
Bronze badge

SSID: ThisisntJustAnyWifiAPThisIsaMarksandSpencersLovely84GhzWifiMadeFrom

VirginsTitsAndFlangeBatter

2
0
psychonaut
Bronze badge

Re: Why is having it restricted to local Wifi a huge disadvantage?

yeah, i thought that too. i mean, you are unlikely to need to unlock your car from, say, Brazil, if your car is in London

or change you r heating whilst you arent at home

or make a fucking piece of toast,

or turn off your refrigerator

or...OH FOR FUCKS SAKE JUST STOP THIS CRAZY SHIT YOU STUPID BASTARDS

6
0
psychonaut
Bronze badge

Re: Not Just Cars

" the first thing I am going to do with my car is pull the fuse that controls it. "

sometime in the <near future>

Dave to car: "Car, please tell me where the fuse is for board x19-486"

Car to dave: "Dave, the fuse is under the steering wheel"

Dave to car: "thats odd, the manual says its in the engine bay"

Car to dave: "no, it was moved on the last recall. wasnt secure enough."

Dave to car: "Ok"

Car to dave: - "yes thats right....get right in there under the wheel"

meanwhile, on the incar infotainment system...

...car os v2001...automode

....loading....DONE!

...lock doors.....DONE!

...engine start.....DONE!

.....reroute exhaust.......DONE!

....internal fans on full....DONE!

Car to Dave "im sorry, Dave, i cant allow that to happen....."

10
0

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash

psychonaut
Bronze badge

screenshot

is that one of those new samsung curved monitors?

3
0

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

psychonaut
Bronze badge

Re: Possible attack vector?

ive just discovered something else.

if you have a TV business account and you have your tv app logged in on your machine, you can click "open management console" on the app and it logs into the web management console without asking for further authentication.

in order to have this happen, you still have to pass authentication to be logged in on the app though. (and it does the 2fa on the app as well) however, the web management console enables you to be able to do all sorts of things that you cant do from the app.

an attacker would have to compromise your machine and youd have to have tv app logged in in order for this to happen though.

0
0
psychonaut
Bronze badge

Re: Possible attack vector?

but getting the id for a teamviewer client wouldnt give you any other info if you dont have an account, it would just be a number.

they obviously must have some ddns going on that relates tv id with the clients ip address, which updates periodically.

lets say you crack that, and know tv id and ip address. but if you got the ip address of a machine, it wouldnt tell you what email address that ip address was associated with (and even less so because nealry all consumer broadband is on wan dhcp anyway) , so a previously leaked set of credentials from linked in wouldnt help either.

as you said, they could just be trying a brute force on tv id against 4 digit passcodes. then you wouldnt need to crack anything, just use a teamviewer client and just keep trying tv id against a 4 digit passcode.

tv rate limits passwords guesses though, but i suspect with 1 billion (or 1 million? i cant remember) active tv id's you will get lucky if you keep trying.

however, if you

1) have a tv account

2)dont have 2fa enabled

3) you have reused a password / email combo from a cracked alternate source

4) you have easy access turned on

then they can get in.

0
0
psychonaut
Bronze badge

Re: Possible attack vector?

it depends. i have a business account, and the module i made for my customers to download has the random password set to be 10 digits i think, plus a bunch of other stuff..

ive never thought of trying to connect via ip address....i dont know how you would do this and im not sure if its true. i guess it has to use a port, but it works without any kind of firewall config, so how could that be doable if you are behind a firewall with NAT (which everyone is these days)?

i think you might mean via the teamviewer ID.

you can certainly connect to ANY teamviewr client via the teamviewer id and either the random password or a preset "personal" password. there has also been a new kind of access called "grant easy access" in my upgrade to TV11. i asked tv about this previously, and it seemed that you can connect without using either personal password or random password.i havent enabled it because i didnt like the sound of it.

you can prevent anyone else or specific teamviewer id's from connecting to your teamviewer id (if you have a TV account) by use of a white / blacklist of teamviewer ID or account email address

my customers have it set so that only my teamviewer ID can remote their machines, if you try form another TV id it refuses. (i have tested this)

however, if someone has managed to spoof the dns of the tv servers (im kinda making this up now as you can tell, but ....big ddos, take their dns offline, pop up your own server advertising itself as teamviewer, tv clients connect to this server instead of real one) and who knows what could happen. someone more qualified than me should answer this)

i know one thing, i have a link to my module hosted on tv's site so that customers can download it. it was unavailable (404 error) on wed / thu . this could simply be beacuse they were being ddos'd and the 2 customers who tried to download it couldnt get through, but it might also be because it didnt exist on the nefarious server.

thoughts?

2
0
psychonaut
Bronze badge

Re: secure teamviewer

its all speculation at the moment. i think maybe the 2fa accounts being hijacked is not true, but who knows.

tv rate limits guessing the password within about 5 attempts if you try to say randomly connect to a random tv ID. so i dont think its a brute force.

if their dns was compromised then all bets are off i suppose, but noone knows. it seems unlikely. but what do i know about that...

if they can circumvent the security in the tv client then also all bets are off.

im not trying to defend whats going on, just want to know the truth.

but if you havent secured it like i said, then what i said can only help....unless you just uninstall. but then you would just uninstall

0
0
psychonaut
Bronze badge

Re: secure teamviewer

thumb down...care to explain?

0
0
psychonaut
Bronze badge

secure teamviewer

enable 2fa on the web login.

then create a policy in teamviewer. add "whitlist/blacklist" then add your machine as the only one in the whitelist. apply policy to all pc's in your account.

this denies access to anyone except your machine that you remote IN from.

might not help if theres a man in the middle though...i dont know enough about that, but thats what ive done today.

you definately cant do this in v9 but in v11 you can. dont know about v10

1
1

Computerised stock management? Nah, let’s use walkie-talkies

psychonaut
Bronze badge

Re: Feet like flippers?

didnt read, but know it off by heart anyway....thumbs up

2
0
psychonaut
Bronze badge

Re: Do you have any tea?

"she's taken to carrying creamer with her"

is that euphemism for ....oh ,. never mind.

4
1

Lenovo cries 'dump our support app' after 'critical' hole found

psychonaut
Bronze badge

Re: Clean install Windows or Linux

you can use rweverything to get the win 8 key from the bios. probably works with 10 too.

0
0
psychonaut
Bronze badge

Re: Clean install Windows or Linux

just copy c:\windows\system32 , bung in a temp directory on a usb or whatever and point device manager "update driver" at it. that should get everything

1
0

Microsoft won't back down from Windows 10 nagware 'trick'

psychonaut
Bronze badge

Re: A big thank you to Microsoft.

yeah me too! but its still a fucking disaster

1
0
psychonaut
Bronze badge

the thing about 10 is...

its actually quite good. after you put classic shell on it and turn off the telemetry of course.

not that i run it, im 7 all the way till mid 2020. or until 10 gets fixed properly.

the stupid fucking thing about the "upgrade" process is that noone in their right mind would ever do an in place upgrade. well, i wouldnt. always, always rebuild from scratch.

i see a lot of borked 10 upgrades, but then thats part of my job.

when i have a win 7 licensed pc i always suggest going back to 7.

win 8 is rather a more difficult decision. noone wants 8 and ive never sold a system with it on, never will and i always discourage customers who need a reinstall to take 8 again. (exactly the same as vista). either pony up for a 7 license if they dont have downgrade right with 8 pro, or go to 10 (recently)

10 is better than 8 in many ways.

a fresh 10 install is often quite spritely, its a pretty quick OS, and it does make a lot of old harware run quick. but ive seen so many issues, with wifi in particular, on 10 that its just not ready yet.

"a clean 10 install is better than 8, but not as good as 7, a 10 in place upgrade is worse than both" is my mantra so far.

shame really, they really have fucked this up. i have discouraged my customers from doing the upgrade, pretty much as i would with any other new OS, wait...wait for others to find the problems, let it mature a bit, then go for it if you must. personally i like things to work and be stable, so im always behind the curve.

but the whole forced upgrade debacle is just mind numbingly stupid. i hate what they have done and continue to do.

i even blamed one of my customers the other day who said that win 10 had installed itself without their permission. i said, it cant have done, tyou have to say yes at some stage. they denied it. but it turns out that they werent lying, they "x"'s out of the upgrade window.

anyways....ive still got 7 for four years. lets see how MS do in the meantime, otherwise i might have to learn linux

0
1
psychonaut
Bronze badge

Re: I saw this yesterday

its one i wrote with another guy february time...still works...200 odd machines are innoculated against 10, and it hasnt been breached yet. i posted it lots of times previously.

0
0
psychonaut
Bronze badge

I saw this yesterday

Cheeky bastards. Also...i couldnt find the cancel button. Ended up running my script on it. Its fine now.

11
0

Politician claims porn tabs a malware experiment, then finds God

psychonaut
Bronze badge

He probably thought he was paraphrasing kanye west

0
0

Got $130,000 down the back of the sofa? Great. Grab an HP 3D printer

psychonaut
Bronze badge

Driver

Can you imagine how insanely huge and shit the driver for this thing is going to be?

1
0

Hacker sells Pornhub shell

psychonaut
Bronze badge

Who'd a thought it....someone doing penetration testing on pornhub

4
0

We're calling it: World hits peak Namey McNameface

This post has been deleted by a moderator

UC Davis chancellor suspended after headlines like this one undo $175,000 online name-scrubbing efforts

psychonaut
Bronze badge

Her name

Is it just me....all i can hear is cartman saying it. Kitteh!

3
0

UK web host 123-Reg goes TITSUP, customer servers evaporate

psychonaut
Bronze badge

Re: What are we risking?

you can have the "a" in "Fuck All"

1
0
psychonaut
Bronze badge

Re: So who should I host with?

i resell for these guys. they host my stuff and about 40 of my business customers too

shameless affiliate link below, you can go direct if you want, im sure you can work out the url, but Gods honest truth these guys are golden.

http://billing.host100.co.uk/billing/aff.php?aff=004

medium sized outfit, superb service, uk based datacentres, uk based support engineers - they all know what they are talking about, they look after the servers. call them up and you are right through to someone who knows what they are talking about, what you are talking about and how to fix the issue.

1
0

I am sending pouting selfies to a robot. Its AI is well buff

psychonaut
Bronze badge

you call your anus Shirley?

9
0
psychonaut
Bronze badge

Thor.....the one with the massive hammer in the pocket.....yeah baby!

3
0
psychonaut
Bronze badge

Re: You clean up nice!!

"Jesus, get a room!"

a chat room?

0
0

Flying Spaghetti Monster is not God, rules mortal judge

psychonaut
Bronze badge

Re: Pastafarianism is under attack!

marmite laser - is that a euphemism for a bottom seeking cock?

as in ...."mmm, come taste my meatilicous anal destroyer"

"no...let me use my marmite laser"

or something

1
7

Page:

Forums