Author Topic: Test Equipment Anonymous (TEA) group therapy thread  (Read 2278010 times)

FransW, ArthurDent, Specmaster and 13 Guests are viewing this topic.

Offline Zucca

  • Supporter
  • ****
  • Posts: 2319
  • Country: it
  • EE meid in Itali
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43125 on: November 20, 2019, 03:07:33 pm »
So that means paypal and ebay!!!

doing it right now.
Later I will check aliexpress for the two step thing.
Can't know what you don't love. St. Augustine
Can't love what you don't know. Zucca
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 8197
  • Country: 00
  • Display aficionado
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43126 on: November 20, 2019, 03:20:17 pm »
Yep, just set up both eBay and PayPal on the 2 step system now lets see the little bastards try it on  >:D >:D What I'd like to know is how the fuck did they get my eBay password though  :-//
You likely had a common or predictable password or reused a password for multiple services.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 3884
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43127 on: November 20, 2019, 03:38:58 pm »
Cerebus has a little script that will generate a random email address, installs an alias for it and a note of what it was generated for on his mail server and spits out a random password. Cerebus then just cuts and pastes the email address and password into whatever site needed a new credential and leaves the rest to Cerebus' password manager. Thus no two sites share credentials and when the inevitable spam arrives, Cerebus knows who leaked his details, often before the news gets out publicly that such-and-such a site has been hacked and leaked n million credentials into the wild.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline mnementh

  • Super Contributor
  • ***
  • Posts: 5694
  • Country: ca
  • *Escaping The Suck*
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43128 on: November 20, 2019, 03:41:32 pm »
Tesla would be proud.  :P :-DD

Actually Edison should be the proud one, he was the one that said DC is the way to go.

McBryce.

Yea, you're right. Tesla did originally work for Edison but when he asked Edison for payment for services Edison refused. So he quit and went to work for Westinghouse.

Interesting tidbit: Up until very recently there were several elevators in lower Manhattan that still had DC motors driving them.

Another tidbit: The power company that serves the NYC metro area is called "Consolidated Edison" or "Con Ed" for short.

Technology has improved, and we can now do HVDC with some reasonable measure of efficiency that was not even thinkable in Edison's time; Tesla understood this on a fundamental level, while Edison still thought it was possible to make DC transmission work at storage-battery voltages if he could just find the right conductor.  |O

mnem
Of course this view of history is colored by my own opinion... take with a grain of salt big enough to pickle a dragon. ;)

He probably had the right conductor, it just wasn't at the correct temperature (about -273°C) to do what he wanted it to do :)

McBryce.

Yebbutt... even if he had that, a conductor capable of handling that kind of current would need to be somewhere between 0.5 & 1.0m in diameter. EVEN at near-zero. Even superconducting elements have a limit to how much current they can handle; you have to have a certain amount of mass to be able to excite a certain number of electrons. Edison wanted enough to push trains... as in dozens at once... across the state of New Jersey. THAT is the scale he wanted to operate on.

mnem
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 10486
  • Country: gb
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43129 on: November 20, 2019, 03:50:32 pm »
Good good. 2FA is still good because it kills keyloggers dead as you need a physical device external to the machine (phone / TOTP key etc). My father-in-law had his Halifax account emptied after someone keylogged his login details.

There have been successful attacks on bank accounts "protected" by using a phone as 2FA :(

Once they have your banking login/password, the mechanism is:
  • your mobile phone number, stored/leaked from some other site, becomes known to the malefactors
  • the malefactors contact the phone company and move the phone number to a SIM in their phone. SOP for the mobilr phone company, of course
  • all 2FA stuff now goes to them

The only defense against that which I can see is to have a second mobile phone used only for banking.

Bit of a pain if you then need to carry two phones around, and you need to remember to use that phone occasionally to stop the number being recycled.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline mnementh

  • Super Contributor
  • ***
  • Posts: 5694
  • Country: ca
  • *Escaping The Suck*
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43130 on: November 20, 2019, 03:51:06 pm »
Check your eBay accounts for signs of hacking, woke this morning to discover a string of emails from eBay informing me that I had successfully added 2 stage verification to my account at 03:01 precisely, strange because I was in bed asleep then, and then proceeded to add 4 exercise bikes all priced in Euro's, yeah right, they can feck right off.

Onto eBay chat and all sorted, account re secured and bogus items removed from my listings, thanks eBay for a quick resolution.  :phew:

Was it an issue with the two stage verification or lack of? I haven't 'upgraded' mine as two stage logins on Ali Express are already giving me the sh1T's

Same here... I've actually got a bit of a PTSD reaction after multiple arguments with that BS system. |O bad enough that when I think about shopping there for something I know I should be able to get cheap, half the time I say "Fukkitt!!!" and just order off Amazon. :P

Of course, same has been true of fleaBay & Bang-em-good for a while now... I have several thousand BG affiliate points I haven't spent because every time I find something I actually WANT, it isn't eligible because it's on some fucking promotion or other. ::)

mnem
Sometimes you have to just chuck it in the Fukkitt Bucket and get on with your life.
 

Offline Zucca

  • Supporter
  • ****
  • Posts: 2319
  • Country: it
  • EE meid in Itali
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43131 on: November 20, 2019, 03:51:35 pm »
Cerebus has a little script that will generate a random email address, installs an alias for it and a note of what it was generated for on his mail server and spits out a random password. Cerebus then just cuts and pastes the email address and password into whatever site needed a new credential and leaves the rest to Cerebus' password manager. Thus no two sites share credentials and when the inevitable spam arrives, Cerebus knows who leaked his details, often before the news gets out publicly that such-and-such a site has been hacked and leaked n million credentials into the wild.

I do the same, but manually. How do you automatically generate an alias? BTW Don't you have a max number of alias for your domain?

I am worried to hit the max alias number limit one day.
Can't know what you don't love. St. Augustine
Can't love what you don't know. Zucca
 

Offline mnementh

  • Super Contributor
  • ***
  • Posts: 5694
  • Country: ca
  • *Escaping The Suck*
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43132 on: November 20, 2019, 03:58:36 pm »
   Pommie stirring TEA defenses ENGAGED  >:D Cute little one and I will migrate it tomorrow to the garden.

So what... waiting for the collar and leash to come from Amazon...? :-DD

mnem
Pervy little spider-petter. >:D
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 12588
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43133 on: November 20, 2019, 03:59:21 pm »
That spider is why they invented fire
 
The following users thanked this post: Carl_Smith, med6753, Neomys Sapiens, Kosmic, 0culus

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 10486
  • Country: gb
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43134 on: November 20, 2019, 04:00:45 pm »
Cerebus has a little script that will generate a random email address, installs an alias for it and a note of what it was generated for on his mail server and spits out a random password. Cerebus then just cuts and pastes the email address and password into whatever site needed a new credential and leaves the rest to Cerebus' password manager. Thus no two sites share credentials and when the inevitable spam arrives, Cerebus knows who leaked his details, often before the news gets out publicly that such-and-such a site has been hacked and leaked n million credentials into the wild.

Another technique is based on gmail's interpretation of what's in front of the "@". foo@gmail.com is exactly the same as foo+eevblog@gmail.com, since anything after the "+" is ignored. I've caught one company out that way. Plus "." is ignored so foo@gmail.com and f.o.o@gmail.com are the same account.

The downside, which I'm currently experiencing with the IET, is organisations that don't allow a "+" in the address you give them to use to contact you.

For reference, all these are valid email addresses:
    Ælfred+þor@gmail.com
    Abc\@def@example.com
    Fred\ Bloggs@example.com
    Joe.\\Blow@example.com
    "Abc@def"@example.com
    "Fred Bloggs"@example.com
    customer/department=shipping@example.com
    $A12345@example.com
    !def!xyz%abc@example.com
     _somename@example.com
« Last Edit: November 20, 2019, 04:04:15 pm by tggzzz »
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 12588
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43135 on: November 20, 2019, 04:21:46 pm »
Ahh yes the wanton disrespect of RFC email addresses across the internet buggers that up. I do a Cerebus and I’ve got an email alias for each account I create. It’s all in keepass so I don’t give a crap :). I use the last 8 characters from a GUID for each one. Not automated as it wasn’t worth it.

Still trying to not buy an IC-7300. Come on people you are enablers. Do your jobs!
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 3884
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43136 on: November 20, 2019, 04:24:58 pm »
The flip side to that scheme is that it's relatively easy to guess what the 'add part' is and so if a malicious party has obtained a legitimate 'base part' it's trivial for them to automate trying alternative 'add parts' on the most lucrative targets to find a valid combination by brute force. The random user part is impractical to brute force (the scheme I use has ~ 44 bits of entropy) but requires you to have access to a mail server where you can add as many user parts as you like to an email domain without (significant) additional costs to oneself.

Although all the above is true, I don't regard it as a significant weakness in your scheme. I tend myself to regard the random email address as 'security by obscurity' and really use it for the purposes of 'traitor tracing'. It's having a unique, random password per site that gives me some comfort. As you say, broken implementations that don't follow RFC822 et seq are the pain point for your scheme, and they are, from experience, so common that it's a serious drawback.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 12588
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43137 on: November 20, 2019, 04:37:58 pm »
Yes. The reason it never works is almost always some numpty copied a regular expression off stack overflow that worked on the two email addresses they tried it on. That’s literally it. It’s pretty easy to write a simple recursive descent parser that pukes on an unexpected token  :-//. It’s actually fun doing that.

I’m only interested in traitor tracing as you so elegantly put it.
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 10486
  • Country: gb
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43138 on: November 20, 2019, 04:47:27 pm »
The flip side to that scheme is that it's relatively easy to guess what the 'add part' is and so if a malicious party has obtained a legitimate 'base part' it's trivial for them to automate trying alternative 'add parts' on the most lucrative targets to find a valid combination by brute force. The random user part is impractical to brute force (the scheme I use has ~ 44 bits of entropy) but requires you to have access to a mail server where you can add as many user parts as you like to an email domain without (significant) additional costs to oneself.

Although all the above is true, I don't regard it as a significant weakness in your scheme. I tend myself to regard the random email address as 'security by obscurity' and really use it for the purposes of 'traitor tracing'. It's having a unique, random password per site that gives me some comfort. As you say, broken implementations that don't follow RFC822 et seq are the pain point for your scheme, and they are, from experience, so common that it's a serious drawback.

All valid.

The objective is to nail the leak, no more.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 3884
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43139 on: November 20, 2019, 04:50:08 pm »
The reason it never works is almost always some numpty copied a regular expression off stack overflow that worked on the two email addresses they tried it on. That’s literally it.

They probably couldn't figure out how to use '+' as a token instead of as an operator.  >:D
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 12588
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43140 on: November 20, 2019, 05:10:52 pm »
They probably couldn't figure out how to use '+' as a token instead of as an operator.  >:D

Cruel but funny  :-DD
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 10486
  • Country: gb
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43141 on: November 20, 2019, 05:33:01 pm »
The reason it never works is almost always some numpty copied a regular expression off stack overflow that worked on the two email addresses they tried it on. That’s literally it.

They probably couldn't figure out how to use '+' as a token instead of as an operator.  >:D

I have a low opinion of stackoverflow, except for "which button do I press to mangle the wurzel" questions. And the answers usually have all the depth of ctrl-A ctrl-C ctrl-V.

Hence it would surprise me if they understood the concepts of "operator" and "token".
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline Martin.M

  • Frequent Contributor
  • **
  • Posts: 808
  • Country: de
  • in Tek we trust
    • vintage Tek collection
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43142 on: November 20, 2019, 05:38:52 pm »




 
The following users thanked this post: Cubdriver, med6753, mnementh, bd139, factory, Kosmic

Online med6753

  • Super Contributor
  • ***
  • Posts: 4763
  • Country: us
  • Tek nut
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43143 on: November 20, 2019, 05:46:49 pm »
Very clean inside.  :-+
An old gray beard with an attitude.
 

Offline Martin.M

  • Frequent Contributor
  • **
  • Posts: 808
  • Country: de
  • in Tek we trust
    • vintage Tek collection
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43144 on: November 20, 2019, 05:50:30 pm »
I have washed it with windows cleaning fluid  :)
the both bulbs are interesting
« Last Edit: November 20, 2019, 05:52:43 pm by Martin.M »
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 16742
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43145 on: November 20, 2019, 06:20:34 pm »
the both bulbs are interesting
Indeed, additional winter lab heating.  :)
Avid Rabid Hobbyist
 

Online xrunner

  • Super Contributor
  • ***
  • Posts: 4454
  • Country: us
  • hp>Agilent>Keysight>?
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43146 on: November 20, 2019, 06:24:51 pm »
I have washed it with windows cleaning fluid  :)
the both bulbs are interesting

Found this -

I am a Test Equipment Addict (TEA) - by virtue of this forum signature, I have now faced my addiction
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 4207
  • Country: nl
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43147 on: November 20, 2019, 06:33:14 pm »
the both bulbs are interesting
Indeed, additional winter lab heating.  :)

Watch out with those black metal tubes, it could be the anode (Yes, personal experience  :( )
Keyboard error: Press F1 to continue.
 

Offline Martin.M

  • Frequent Contributor
  • **
  • Posts: 808
  • Country: de
  • in Tek we trust
    • vintage Tek collection
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43148 on: November 20, 2019, 06:50:03 pm »
 :popcorn:


 
The following users thanked this post: Zucca, med6753, bd139, factory, Kosmic

Offline Zucca

  • Supporter
  • ****
  • Posts: 2319
  • Country: it
  • EE meid in Itali
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #43149 on: November 20, 2019, 08:05:33 pm »
Martin.M I admire when you start a project you seem to close it in a short time.
I have tons of projects open and I do not know when I will end them...  :horse:

Thanks for posting here, amazing!
Can't know what you don't love. St. Augustine
Can't love what you don't know. Zucca
 
The following users thanked this post: Monittosan


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf