Jump to content

exploited

Active Members
  • Posts

    14
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

exploited's Achievements

Newbie

Newbie (1/14)

  1. Ahhh, this is good information and makes great sense. I suppose my attackers in the past were using key loggers AND maybe xss at times. I just purchased 10 of these keys and feel that they were a wise buy. Even though they offer another layer of security, they also make logging in with two factor authentication much easier. Thanks for the reply.
  2. Hi all, My question is about the Yubikey and cross site scripting. Will it stop an attacker from hijacking a session? Thanks in advance, Exploited
  3. I am not John Gotti, nor do I see the correlation. How narrow minded of you to think this way. Especially after the short conversation we had. I would think that you would understand that a relationship would need to be formed before disclosing information about the business. Being in business within a "niche market" does not mean shady business. You should take some time out to understand others perspectives before forming an opinion like that. The business I am in does in fact help people.
  4. That is not true. Just because I was not willing to tell you the type of business I am in after exchanging only a few private messages doesn't mean my business is shady, or that I've made enemies, and I don't appreciate you trying to hijack the thread with this type of nonsense. I run a legitimate business. I pay my taxes, have a business bank account, and run a professional organization.
  5. You are an interesting person and this post makes a lot of sense. Although, it is not really helpful, as I needed someone to contact me privately to discuss what was needed. I do think you are a bit of a blow hole, and that you didn't thoroughly read my postings as questions were asked that were already answered. However, I did notice that your postings became much more elaborate as I pointed these issues out. Which only tells me that you're trying to protect your reputation in these forums. Nevertheless, this posting is actually off topic and a slight reiteration of what I've been asking for with your twist on words. Thanks for the replies, I appreciate them and learned a little. You are a real HOOT, sir or ma'am!
  6. Thanks for the link, but I know how to search google. My attorney is an expert in the field. However, with you being as sharp as you seem, you'd know that tracing this kind of thing back to the perp is nearly impossible. (this was stated in a previous post). Retribution? Take the attackers to court? No, not interested. What interests me is closing the holes so that I can keep them out. I'd like to know how to safely and securely do emails. It's not as big a deal as you are thinking. Have you priced "forensics expert companies"? They are not cheap, it is 15,000.00 to get them started, and that won't get the entire job done. The money being made is good, but I'd hate to keep spending it on this. I don't mind paying but I was looking for a smaller time expert as the companies want an arm and a leg to deal with the issues.
  7. Look, I don't mind answering questions. In fact, I'd appreciate any help from anyone that is capable. However, this question only tells me that you've not read this thread, but this is clearly not a case where I don't like to hear the truth. It is a case of you "acting like you're reading the posts", but are not. Who them is, is answered in my second post. Nevertheless, I appreciate the time you took to send this message. I was hoping I'd find a professional here, not just a hobbyist. I will look elsewhere if nobody else replies but I do not have time for this kind of nonsense from you. FYI: I have all of the backups from every format I've ever done. I have replaced telephones, but not changed numbers as they are important to the business.
  8. I'm sorry but I find this reply absurd. I did not come to this forum for legal advice. I came to this forum looking for a penetration tester. If you take the time out to read my postings you will see that I have contacted the authorities. It might also be beneficial to know that I do have an attorney. It has cost a lot of money. Nothing has completely stopped them as of yet.
  9. I'm glad you said "most" professionals have ethics, because not all of them do, obviously. Oh, and as far as I know--once a trusted app password has been used it cannot be used on another device. So, I'm not sure that is the answer. Also, I did explain that I took wifi out of the equation, so wps couldn't be the problem. I also explained that I have been using mostly apple in my business. There were few times that I used a windows machine. Mainly to change the ip on my cable modem by changing the mac address for my router during one of my many formattings of my systems, and the windows machine that I did use was cleanly formatted as well. You must keep in mind that I am not a security professional, and catching me and getting me stuck in the snare was not all that difficult. What is difficult is getting out of the snare. For a while I did have my computers on wifi, and was answering emails on my computers, and had java installed. I had found key loggers calling home using little snitch, noticed my flash plugin being downgraded, remote login being turned on, remote management being turned on, os x's firewall being turned off. It wasn't until I started doing my emails on my iphone that I noticed the described delay in receiving emails, and the computer problems stopped after a change in my ip and formatting of my computers and switching to a wired only router. I am not here posting this question because I am just paranoid. I am paranoid with good reason and asking for genuine help. I understand that you say you don't think these guys are that good but when I was talking with the culprit and the friend status changed from friend to enemy I was told that they are professionals and that this could go on for years (and I didn't believe him when he told me). Yet, I have had my work undone and thrown away for a long time now and I'm tired of it. Which is why I've reached out in a forum like this. I really need help in a more concrete form. Someone whom is willing to get "paranoid" with me so that I can find some assurance that I'm doing everything I can and is needed to keep these guys out.
  10. I never said they were bugging one guy just for the thrill, and one of his "guys" does work for a security firm. They are clearly professionals and there is a personal vendetta and money at stake. I have called the authorities and reported them. These things are very hard to prove, and with them being as good as they have been I can only imagine how hard it would be to trace it back to them. Nevertheless, could you please explain why you suggest to stop using the trusted app passwords and only login with 2 factor auth? I only ask for my own personal knowledge. I appreciate the advice whole heartedly. I have a few friends but they are very busy people and I don't like to bother them too much with this stuff, but they have helped alot along the way and I'm sure they'd like the "why" question answered when I tell them what the suggestion was. Keep in mind that this suggestion of yours is going to complicate my life a bit. I will have to switch from using an iphone to using an ipad or laptop with 3g service to answer emails. I won't be so readily available without a device I can fit in my pocket and carry around. I've gotten pretty good at using siri to get the typing done. Sure, an ipad has dictation but it is not small enough to carry in my pocket and using the web browser to answer emails with an iphone is not easy--nearly impossible in my opinion. Especially when you consider the amount of emails I do on a daily basis. I'm in no way complaining. I will do what I have to do. I just like to know why you suggest this and how it will help if you don't mind. Also, thanks for the tip on the scanner. Although, I do not believe they are currently in my computers at the moment. I very carefully removed all of the wireless cards within them and have cleanly formatted my machines. I've also changed the ip address on my business network prior too doing the format, and since I haven't been answering emails on the computers I can't imagine how they'd find their way in. I only use the computers for developing and building my websites and software. I will however, do the scan anyway just to be sure. Thanks a bunch.
  11. No offense taken. However, I've had no choice but to become "uber paranoid". They've been in my systems for a long time and I've lost a lot of hard work. It has been costly and time consuming to deal with and is ongoing. Some of these guys do it for the thrill, and he is one of them. However, there is also money and personal vendetta involved. So, he has put that much effort into "getting into my systems". I'd appreciate help if anyone here can actually provide it.
  12. They have for sure been in my computers. I can tell when they are in by checking the sharing preferences within the System Preferences pane. The remote login, AND the remote management gets turned on and greyed out so that I cannot turn it off. To answer your question directly--I am not currently running my mail server from home. There was a time that I had a mac mini collocated and I ran my mail server from it. However, it was hacked into by these sucka's and I had to switch. The mail is currently being hosted at google for apps. I use two step verification AND application specific passwords. I have remote images turned off within my iPhone, so I know that is not how they are doing it. Why do I suspect they are in the iPhone? Well, I believe they have my serial number/imei number. I was thinking it was probably a clone of my iphone. However, I also get this suspicion due to the way the iphone checks for mail. I get two things that happen when I hit refresh from within the mail app--at the bottom of the screen it shows checking, and then updated, but the spinning wheel at the top of the screen keeps going for a while and I don't actually get my emails until after the spinning wheel stops spinning. but this delay is only prevalent when I haven't revoked the application specific password for a while and issued a new one. After a new password is provisioned, the issue goes away (for a little while). I also get a bunch of emails after the password is revoked that are obvious to me not real clients. But I cannot be sure so I have to reply. Maybe sniffing the password over 3g? These guys do have money for equipment.
  13. I run a website that makes money from answering emails. A person I know does the same thing and does not want me in business. They have been in all of my computer systems for over 2 years now and I am not sure how they are doing it. I have figured out some of the ways they have been getting in, but not all of them. I have caught them outside of my house a few times after reloading my systems. I have had to remove wifi and bluetooth cards from my systems (mainly apple). I am now doing all of my emails on my iphone but believe they are in it as well, and I am not sure how they are doing it to be honest. Please feel free to ask questions and I'll do the best I can to answer them. UPDATE I have wifi in my house--but I do not have any of my computer systems on that network. In fact, I have a separate internet connection altogether for the systems in my house that I use for business and it is on a wired only router. Also, I do not allow my iphone on ANY wifi network. It is 3G/4G only.
  14. Hello, I need a consultation from a security expert and am willing to pay. I don't want to bother anyone on the team if they do not have time for something like this but the consult is much needed. Is there anyone on the team that can either help me directly, or, maybe point me to a good person for a consult? It would be much appreciated. Thanks in advance, Exploited
×
×
  • Create New...