Stevie
-
Posts
68 -
Joined
-
Last visited
Posts posted by Stevie
-
-
I don't know if this is a thing that would be answered but I'll ask anyway.
Attempting to learn a bit of Wireshark and got me thinking about online games. Not using wireshark for hacking them but to see the data they send back for various areas.
For example back in the day with Star Wars Galaxies and now World Of War Craft. The auction houses, would this data, as it's sent back to the client (me) be encrypted? I'm curious as I'm currently playing and enjoying Elite Dangerous. Playing it in the Solo Mode but got me curious if you could see the Commodities Market being sent to your client. If you, could you not take the date to put in a spreadsheet instead of having to note it down for every star port you visit? I've tried to run Wireshark but don't really know what to look for. I do, however, think i see where the data comes in but it does look like it's encrypted, I guess they don't want people taking that data to make an app for it.
Interesting.
-
Ahhh Archive.org the home of The Computer Chronicles a MUST watch.
-
Not sure of the address would need to check at work. Most of the security flaws their end are fixed but as I've mentioned to them my knowledge is VERY basic. If I could do what I did, someone else with more knowledge will wreck their setup, it's still not perfect.
All client machines are Windows 7. What I don't understand is why, when that message happens to that user, it then works fine when Fiddler is running.
It all works now so I can't recreate the problem. Appeared to stop working when the firewall rule was put in, despite it working when there was no rule for me and the other user.
-
Yes, it's my domain. But trying to import it locally on my PC it never seemed to work properly. I haven't found many guides for it so wondering if it's not possible.
-
Yes you can download it. I've had a Wordpress setup before locally but then have never managed to get the setup that was live on the net, working locally. I can't seem to find a way to import it. Everything just seems to break.
-
Currently I still think it's GoGlobal's end, despite them denying it because I'm home tonight and it briefly did it to me and I KNOW my firewall has no block on.
The setup seems a bit of a mess as is. The software is really old so needs stupid access rights to sensitive areas. Once you've connect and the app is running it's a easy to break out of the app and now be on the VM. Worst still, you can freely traverse the directories like C:\windows\system32, run cmd unchallenged and even run RDP unchallenged. Gets even worse; the machine has Internet access for some reason. So you can freely download apps and run them, such as the IP scanner I downloaded and ran to show them all the IPs viewable on that subnet. Pointed out all these flaws to them and all they did was make all the folders on C hidden. Means nothing when you can freely run explorer and then tell it to show hidden folders.
Before anyone asks, I do have permission. When we tested part of the app before it crash and loaded IE and we broke out that way. Since pointing that bug out they've asked me to test some more; I don't even work for them, I should be charging a fee :)
-
If that makes sense? I've been looking for guides but can only find old ones that don't explain what I need. I need, well would like as it's just a hobby, an offline version of Wordpress on my PC so I can import my current wordpress site that is online. It's had an old no longer supported theme on it for a couple of years now and I want to change it. But when I preview other themes most of them break the layout. So would like to create an offline version to play with various themes.
Having just typed this I wonder if I could just do it on another part of my website, so it's an online copy and then just play around with the copy. Hmmm.
-
Ask what, specifically, they changed on the firewall. Sounds weird.
From what I can remember, it was a week or two ago, simply just allowed the IP address for UKFast's host through the wall, nothing more.
EDIT-I'll try to remember to ask on Monday to double check.
-
Call me an idiot, but might it be that you're only allowed a certain number of users on the target machine, and the session is still considered active?
It's not a stupid comment but nope, that's not the issue. There are only 6 users of the software. The security on the VM is shockingly bad but that's another story.
What we don't understand is they keep claiming it's a firewall issue our end, but it can't be as it works for me and another user on the same PC. Move PCs and for us it doesn't work. However, 3rd line made a change on the firewall for that address and the issue went away. Suggesting it was a firewall issue. But how can it be, when it worked fine for me and the other user; neither of us have special firewall permissions. And if it was the firewall how comes it didn't work for User 1 but then when Fiddler was run it then did connect and work.
Very odd.
-
We have moved a piece of 3rd party software to a cloud based solution. The department that uses it was using it installed locally for awhile but it is really old software, still using FoxPro. Anyway, they said they now have a cloud solution (the same old software just run on a VM managed by an external host).
They use GraphOn's Go-Global and UKFast (I won't mention reviews :) or what their support is like :) )
Anyway. So we have an address for the package. When you visit it, if Go-Global isn't installed then it requests to. Once that's installed the remote application now loads.
We had one user where it refused to connect and would come back with "failed to connect to "THE ADDRESS" on port #443" from Go-Global.
They suggested this was a firewall issue but it can't have been because when I logged on it connected fine. "I'm an domain admin" I thought, but it can't be that as it was my normal account. "I have more rights through the proxy than the average user" I thought, so I got another user with the same rights as (lets call them "user 1") to logon to "user 1's" PC. User 2 logs on and it works fine for them so it proves it can't be the firewall or the proxy otherwise it shouldn't work for "user 2".
I then logon to another PC (remember, it worked for me on user 1's PC) but it refused to work on the other PC. I was getting the same "failed to connect to "THE ADDRESS" on port #443". Moved back to User 1's PC and it worked fine for me.
Now comes the weird bit, if I run Fiddler on User 1s PC while User 1 is logged in, it connects fine. Turn Fiddler off and we get the "failed to connect to "THE ADDRESS" on port #443" message again.
Any ideas what Fiddler would be doing to make the connection work? I thought Fiddler just just chained to a proxy and nothing else, so why would it make a connection just fine with Fiddler running but not when Fiddler isn't running?
-
To ask the question is to answer it. Their site doesn't even have a cert. At all.
Like you suggest, if they can't be arsed to secure their customer login you better prepare to also not be very impressed with the rest of their offering.
I really like how on their pricing page they say their offering starts at $200 with an ominous asterisk behind it which doesn't get defined anywhere on the page...
I think they may have updated that as there is mention of the * at the bottom of the page. They've also fixed the login page now. They replied to my YouTube video with "Please do not hesitate in contacting us" yet never bothered to reply to my original contact.
I certainly wouldn't purchase any service off them.
-
Am I imagining it or is this site offering Open Data Apps or services yet not even bothering to secure their login page?
http://workspace.junar.com/signin/
It was brought to my attention as it was mentioned at work as they are looking for Open Data sources or providers.
Question then is, how are they storing their customer user database?
I've contacted them about the login page. No doubt I'll get ignored, like Twitter ignored me when I pointed out their flaw years back when changing passwords, it would sometimes send you to a http page instead of https.
-
There is also questions on the legality of the scanners. As scanning a site without the owners permissions is technically illegal. However as it's for good intentions, the law isn't being enforced.
-
Sorry for late reply.
I was just checking the security of our new one, not to bypass it, just thought it might not be so secure as they claimed.
It's a proxy that is cloud based. You login to Windows and the proxy is set with a .pac file from the proxy host company. This is a web link. Once that pac file is downloaded if has the rules in it that states what you have and don't have access to. If you don't get the pac file, you can't access the internet.
-
This is what was in the hotfix notes:
Issue Addressed:
When a lot of (more than 70) MFPs are registered to a single manager,
sometimes the manager hangs and the MFPs can’t connect to perform a new workflow.
Solution:
Cost Recovery was modified to include lock timers so it will
abandon dead connections instead of waiting for them infinitely.
This hotfix is intended for users running eCopy ShareScan 5.1, Build 5.1.20419.0Seems to have fixed our issue but we only have 18 devices, not 70 :)
-
Appears it has. Their hotfix has fixed the issue.
-
Thanks for reply. I need to read the manual I think cause it appears the link in IE is just to a file on their server. Sends back the filters, then you access the internet. So as far as I know, no data goes to their servers.
-
This is going to sound like a noob question but I'll ask anyway.
I know if you have an internal proxy you go from your PC, to the proxy to the Internet. Normally the proxy is on the DMZ for security and you're trusting no one on the internal network is sniffing the traffic. But if so, you can clearly see it.
However, if you have a cloud based proxy, surely all traffic to said proxy should be going over some form of secure connection correct? Not plain old http? Because if it's going over plain old http then surely someone could sniff the traffic to the proxy?
Or am I wrong?
Websense cloud solution.
-
Sorry haven't replied, been too busy. We ended up not following up with the WIFI Shark traces as now Nuance appeared to have semi admitted they think their new hotfix will fix the issue. Whether it does we shall see.
-
Still broken.
-
Looking through the Wireshark trace and googling TCP reset and how to filter it, I came back with the following and the following is when Sharescan had followen over and I was restarting the Sharescan Manager.
All the MFDs are on the 10.97.7 range, the Sharescan server is the 10.97.3.96 IP
Don't know if this is all the MFDs suddenly sending TCP reset packets to the server.
-
I think you are on the right track. IP display filters for Wireshark:
"ip.dst == x.x.x.x" (Match destination IP)
"ip.src == x.x.x.x" (Match source IP)
"ip.addr == x.x.x.x" (Match either)
I believe you can also specify networks (e.g. "ip.addr == 10.10.0.0/16").
Incidentally, your problem sounds like it could be something like the NICs going into sleep mode or some such? Might be worth looking for an option along those lines in the MFD settings. I'd probably be asking Ricoh support before spending my time sniffing packets, because this may be something easy to fix they see all the time.
Good luck!
Thanks for info.
Well this is where it gets interesting :) because we have spoken to Ricoh and they don't know why it's happening. Nuance own Equitrac printing and Sharescan, so it's Nuances software on the MFDs. Ricoh keep saying they can't get engineers to us in the time we need them, so I'm trying to learn what I need to do, so instead of wasting time waiting for them, look at stuff myself.
So far I've learnt a lot from the last Ricoh software engineer that comes to install all the software. I now know how to install equitrac and sharescan to a new, fresh MFD that has come in and doesn't have it installed. I can then add it to the print queue, convert it to a equitrac port so the print goes via equitrac. Then add the MFD to sharescan so they can scan.
Your suggestion sounds like something they'd mentioned. Because they noticed all the times were out on the MFDs and weren't set properly (I never did this, the original Ricoh engineers did this when they were originally setup the MFDs) because the hardware engineers just install them and make sure they print, they don't seem to do anything with the management of them via their web consoles.
So I set all the timers as requested on all the MFDs (they were going to send one of the software engineers to do it, but that was pointless, it's a simple change I knew how to do and wasn't going to wait for them to arrive). They've checked and confirmed the settings are OK but still, the MFDs will suddenly all drop connection to the Sharescan server.
It's odd.
-
Just having a thought, I'm assuming I just run wireshark on the server then filter out the IPs of the MFDs that talk to it. I'll have a look tomorrow.
-
Having real issues with Ricoh's Sharescan (well it's Nuance's officially but Ricoh use it on their MFDs). Have about 14 MFDs all working fine with PCC (follow me printing) but Sharescan works for about 30-40mins, then randomly they all lose connection to Sharescan which runs on a server. The server appears fine, everything else on the network appears fine. If you then restart ShareScan Manager it pings all the MFDs and they all start to talk to the server again.
I want to take one MFD and do a wireshark trace on it. Not sure where to start though.
Not using wireshark much, how do I take a trace from the MFD to the server, so when they lose connection I can see what is going on?
Wireshark and online game data
in Gaming
Posted
With Elite Dangerous specifically the financials are only fictional and there is no monthly fee or anything like that. But I just had another thought, because their Commodities Market is actually influenced by other player trades then yes, you're probably right, it is encrypted. As real money is involved in WoW that would certainly be encrypted.