Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVoIPMy Open VFX connection hacked!!!
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
scoopy

33 posts

Geek


  #601284 28-Mar-2012 13:55
Send private message

Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 



scoopy

33 posts

Geek


  #601285 28-Mar-2012 13:56
Send private message

I do use sipdroid on my android.  That would be the whole?

maverick
3594 posts

Uber Geek

Trusted
WorldxChange

  #601297 28-Mar-2012 14:12
Send private message

No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



scoopy

33 posts

Geek


  #601308 28-Mar-2012 14:21
Send private message

maverick: No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?


No.   All my email is instantly forwarded to my gmail account,  I've changed my gmail password (with was strong).  "Show an alert for unusual activity" on my gmail account is active and I haven't had any Alerts.  Past 10 IP traffic logs has been from my IP address.   

Skolink
1081 posts

Uber Geek


  #601374 28-Mar-2012 16:12
Send private message

scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.

scoopy

33 posts

Geek


  #601549 28-Mar-2012 20:40
Send private message

Skolink:
scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.


OK,
  • No viruses, 
  • no Malware running according to Malwarebytes (now monitoring on all the computers on the network).  
  • No suspicious behaviour alerts from Google.  
  • Have checked my Xnet email with my username and password.  It was never forwarded or sent anywhere.  
  • I've run anti virus software on my phone and tablet.  
Everything is clean!!!!

Is there any chance that the breach wasn't initiated at my end? 

maverick
3594 posts

Uber Geek

Trusted
WorldxChange

  #601660 29-Mar-2012 05:49
Send private message

We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
scoopy

33 posts

Geek


  #601682 29-Mar-2012 08:15
Send private message

maverick: We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.


If this is fraud should I be contacting the Police? 

maverick
3594 posts

Uber Geek

Trusted
WorldxChange

  #601683 29-Mar-2012 08:19
Send private message

That will be purely up to you, I doubt they will have the resources to investigate it though




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

scoopy

33 posts

Geek


  #601921 29-Mar-2012 13:59
Send private message

Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 

Cameronn
334 posts

Ultimate Geek

Trusted
WorldxChange

  #601923 29-Mar-2012 14:00
Send private message

After a little investigation it looks like the device being used may have been exploited. 

If anyone else out there is using a Yealink device I would recommend updating the firmware quick smart. 

http://www.gradwell.com/support/kb/article.php?id=371 - link to security concerns. 







Cameronn
334 posts

Ultimate Geek

Trusted
WorldxChange

  #601924 29-Mar-2012 14:00
Send private message

scoopy: Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 


You beat me to it :)  







Ragnor
8220 posts

Uber Geek

Trusted

  #601953 29-Mar-2012 14:57
Send private message

Good to get peace of mind on how the account got compromised!

scoopy

33 posts

Geek


  #601954 29-Mar-2012 14:59
Send private message

Ragnor: Good to get peace of mind on how the account got compromised!


Aaaaahhhh Yeeesssss!!!!

Not much sleep last night! 

gchiu
1211 posts

Uber Geek

Trusted
DR

  #602628 30-Mar-2012 17:00
Send private message

Perhaps a mod can change the title of this thread to "Yealink exploit cost me $400" or something ?

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright