Author Topic: Ice TV hacked?  (Read 7671 times)

Offline futzle

  • IceTV Beta
  • Senior Member
  • *
  • Posts: 136
    • View Profile
Re: Ice TV hacked?
« Reply #15 on: September 13, 2012, 08:17:59 PM »
I've been getting fake Facebook updates (I'm not on Facebook) to the IceTV address that I supplied only to IceTV (interactive and the forum) since July.  The username is 13 characters long and contains a hyphen.  Really, that's not guessable. If spammers were guessing users at my domain I'd be seeing a lot more other spam to the same domain, and the IceTV address accounts for about a tenth of the spam at my domain, which is a pretty high proportion for a 13-character username guessed randomly.

Interesting that these all started at about the same time.  That's not consistent with an exploit that attacks individuals, such as a JavaScript virus scraping history.  I'd also be seeing spam to some of the other four or five dozen custom email addresses that I've logged in with (Amazon, PayPal, Google, little tiny stores you've never heard of), and I'm not.

I'll change my IceTV username to something totally random.  Luke, how many bits of entropy would convince you that a future breach is legitimate?

What I'd like to know is: what else was on that server?  Real names? Billing addresses?  Whether you think you've been hacked or not, how much could an intruder have learned?

Edit: I suppose I'm saying that lobbing accusation-hand-grenades at 50 feet about each others' respective computer hygiene isn't productive.  The addresses are out there, one way or another, and hence are scorched earth.  What I'd like to do is cooperate with IceTV and create an experiment that can help to identify the weak spot, whosever it is.  Take as many variables out of the equation.  With any luck, this experiment will never produce results, and I don't ever get further spam.  But if I do get spam again, at least it will provide useful data.
« Last Edit: September 14, 2012, 07:26:50 AM by futzle »

lukem

  • Guest
Re: Ice TV hacked?
« Reply #16 on: September 14, 2012, 11:24:15 AM »
futzle, I like your last edit, and we're happy to assist in anyway. PM what you have in mind.

http://en.wikipedia.org/wiki/Password_strength contains useful information to answer your question on entropy.


Offline prl

  • Guru
  • *****
  • Posts: 3350
    • View Profile
Re: Ice TV hacked?
« Reply #17 on: September 14, 2012, 12:30:52 PM »
One way to generate strong pseudo-random strings is to take some longish piece of text, preferably not from a book or similar, and run it through a strong cryptographic hash like MD5. Use the hexadecimal result as your random string. Truncate it or add characters as necessary to make it valid for the given purpose.

The MD5 hash for the above text (with a terminating newline), for example, is cf22e290808a0b13f4ea508bc275ce13.
Peter
Beyonwiz T4 in-use
Beyonwiz T2, T3 & T4 for testing

Offline peterdeg

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Ice TV hacked?
« Reply #18 on: October 25, 2012, 12:37:14 PM »
I've been getting fake Facebook updates (I'm not on Facebook) to the IceTV address that I supplied only to IceTV (interactive and the forum) since July.  The username is 13 characters long and contains a hyphen.  Really, that's not guessable

Have to jump in here. The spammers aren't 'guessing', they're using botnets to generate email addresses using random names/letters/numbers/characters.
100,000 infected machines (a small botnet) generating 10 emails a second is a lot of emails per day (1,440,000,000). The vast majority of those are junk. A small proportion end up as valid and in all probability, that's what you're seeing.

Real world example. One spam forwarded to me recently (I'm in the IT security investigations group in a large IT company) was addressed to this list of email addresses:
jonathan_stern@___.com jonbrown@___.com jonesseanj@___.com jovannybisel@___.com jreqbhrpsz@___.com jstern@___.com justin_hildebrandt@___.com karen_taylor@___.com karlicoyan@___.com katbrown@___.com katieg@___.com kaylahbadman@___.com kentbekent@___.com

Four of those are legitimate and the legitimate ones aren't the ones you'd expect!
So personally, I don't believe there has been any compromise of IceTV.

Offline futzle

  • IceTV Beta
  • Senior Member
  • *
  • Posts: 136
    • View Profile
Re: Ice TV hacked?
« Reply #19 on: October 27, 2012, 10:37:37 PM »
The spammers aren't 'guessing', they're using botnets to generate email addresses [...] A small proportion end up as valid and in all probability, that's what you're seeing.

I failed to mention (sorry) that I own my own domain, and I have a catchall account that collects all email sent to futzle.com, even for nonexistent mailboxes.  From the perspective of a spammer, all messages sent to futzle.com are valid.  Try it, make up a username and send me an email.  I'll let you know what I get.

That's what I based my assertion that the ones sent to my IceTV-registered address were arriving out of all proportion to its guessability.

I'd buy your argument if I was using GMail or something, yes.

Edit, obTopic: I haven't received a new spam at that address for a number of weeks now.  That's the usual pattern.
« Last Edit: October 27, 2012, 10:39:38 PM by futzle »


Share via facebook Share via twitter

xx
Bering Sea Gold: Under the Ice

Started by aeb001 on IceTV EPG Content

3 Replies
77 Views
Last post August 20, 2020, 02:27:52 PM
by Jennifer
xx
epg content missing for Adelaide SBS VICELAND HD

Started by chopper on IceTV EPG Content

3 Replies
101 Views
Last post August 04, 2020, 04:54:56 PM
by chopper
xx
Maltese News on SBS VICELAND - Sunday broadcast

Started by facciol on IceTV EPG Content

4 Replies
169 Views
Last post July 22, 2020, 05:07:17 PM
by facciol
clip
This show recorded successfully on device Beyonwiz U4 ... NO it hasn't

Started by BazzaG on General Discussions

11 Replies
542 Views
Last post June 29, 2020, 04:33:11 PM
by IanL-S