MikroTik RouterOS 0-Day: mikrotik0417.zip / vigor20180417.zip

Some notes on the MikroTik RouterOs 0-day exploit:

mikrotik0417.zip / vigor20180417.zip are the two payload files targeting Mikrotek routers.

They have been seen from the following domains:

Domains:

  1. 162.212.182[.]64
  2. march10dom3[.]com
  3. march10dom5[.]com
  4. march10dom6[.]com
  5. march10dom7[.]com
  6. march10dom8[.]com
  7. marchdom4[.]com
  8. utyrhgfhtujyhrgef[.]com
  9. shabihello[.]com

SHA256 of Payloads:

  • 11bb98f34193d058b349b4e1f927dc4f
  • f0ef1c888ed5f2f3f1c0c8e6f992749c
  • 115a2cd858eb76edc6f4f7897e9f569b
  • 18f64bdad09f4252121124499c4a713a

Possible WhoIs Record related to these domains:
[email protected]

{sip-server-ip-address}:9997-9998/SubscriberPortal/hotspotlogin

Rukus Captive Portal Login

https://{sip-server-ip-address}:9998/login
To:
https://{sip-server-ip-address}:9998/SubscriberPortal/hotspotlogin

The above urls are in the format of the Captive Portal Login for Rukus Session Initiation Protocol (SIP) / VOIP devices. You will need to replace {sip-server-ip-address} with the IP or host address of your SIP server. You may need to change https to http in order to reliably connect to the server, but this is not recommended (as it degrades the security of the connection between your login and the device).

You may be trying to login at 153-130:9997/SubscriberPortal/hotspotlogin

If you are having trouble logging in, please share your issues below!

perceptioninc.in Facebook Login Message Scam [304-725-4004, 300-847-6352]

Message from (304) 725-4004. “Message id 52933JN0gk. You have a message from (300) 847 6352: http://perceptioninc.in”

“You have a new message from (300) 847 6352” the scam message begins.

You don’t have a new message, but you have received a scam message.

Following the link to perceptioninc.in takes you to a clearly fraudulent facebook login page.

Notice the url is not facebook.com but perceptinc.in

Not only does this website steal your credentials, but it does so over an insecure connection. Anyone on your wifi network (or internet upstream provider) can potentially see what you submit to this form (but that’s the least of your worries after submitting the form)

Infrared Photobiomodulation Hat Prototype

Here’s an Adidas hat with 850nm and 950nm LEDs installed for photobiomodulation. The hat is a simple prototype using the components overviewed in this post. I have yet to add PWM (pulse width modulation) to the LED strips.

Inside the hat with the Infrared LEDs engaged
Backside of the hat wiring connects to a 12 volt adapter
Close-up View of the LED Array

Infrared SMD LED Strips (850nm & 940nm) [for photobiomodulation]

Here is my quick video review of a couple Infrared LED strips I purchased from Aliexpress. The goal is to turn these into 10 Hz & 40 Hz pulsing infrared strips for some sort of DIY photo-bio-modulation therapy or just science testing.

A few studies I find interesting include:

It seems with 10 Hz flashing [infrared] light, people may experience a relaxing, alpha wave inducing effect while with 40 Hz, a stimulating effect may be produced (increased Gamma waves).

The video was shot through a Google Pixel. I’ve also taken this photo to try and show you the infrared wavelengths. While trying to make the same video on my iPhone, the LEDs were completely dark (invisible to the camera sensor).

Looking at the two different strips with my eyeballs, the 850nm strip has a very subtle red glow to it while the 940nm strip is completely invisible to my human eyes — but I can tell it is on because it gets quite hot.

two infrared led strips glowing a light purple
940nm strip on the left, 850nm strip on the right

I’ll add another post once I have a control mechanism to properly adjust the pulse of these infrared leds.  All together I have about 2 meters of LEDs with a total energy output of around 20 watts (12 Volts @ 1.67 Amps)

 

Bank of America LoopPay – Mobile Payment Keychain

The LoopPay TPD is a token payment device key fob; it supports MST and NFC technologies for payment and is controlled by a companion app over a Bluetooth Low Energy connection.
LoopPay keychains are currently available for Bank of America customers in partnership with SamsungPay. The LoopPay device is compatible with iOS 10 and higher Apple devices as well as Android devices beyond version 5.0.

The loopPay fob device is made in collaboration with Bank of America, Samsung Pay, and looPay (recently BoA acquired)

The loopPay device is said to provide several features including:

  • Vault all your credentials (payment, loyalty, ID, passwords)
  • Checkout Fast: Tap & Pay in stores, auto-fill online
  • Secure one-time-use card data prevents theft & reuse
  • Suspend your cards in seconds if lost
  • Receive immediate transaction alerts
  • Ring and find your keys or your phone

These features essentially make this keychain an extension of your phone’s Google Pay with the added bonus of Tile’s find-your-phone and find-your-keys functionality, not to mention the loopPay device is actually rechargeable, unlike the disposable Tiles.

FCC ID: 2AIGR-SPTPD02
UPC: 851785005229

To get started, Install the LoopPay app from the iOS AppStore or Google Play, create an account, connect the LoopPay TPD with your phone, load your credit and debit cards and start making payment with your LoopPay TPD in the stores by holding your device close to the payment terminal reader and pressing the device button to make payment. Setup your device by navigating to looppay.com/setup

Bank of America, Hold against reader press button to pay. Designed in USA made in china. CE approved.
Bank of America loopPay Device Back, Model SPTPD02

Edimax EW-7811Un, EW-7611ULB, EW-7722UTn, EW-7811UTC, EW-7822ULC, EW7833UAC USB Wifi Drivers

You can find the driver for any of the Edimax USB Wifi Adapters (you probably ordered on Amazon) on my WiFi USB Driver page.

Applicable models:

  • EW-7811Un
  • EW-7611ULB,
  • EW-7722UTn
  • EW-7811UTC
  • EW-7822ULC
  • EW7833UAC

PIA VPN

Don’t want your upstream providers looking at all your traffic?

You should probably use a VPN