security tokens?
Collapse
X
-
Another one of those classic genius posts, sure to generate responses. You log on the next day to see what your witty gem has produced to find no one gets it and 2 knotheads want to stick their dicks in it... Well played, sir!! -
Comment
-
We just moved to a new server. I am not sure if that has anything to do with it. I haven't had this happen to me yet. If it keeps occuring let me know.Also, what made it occur (pm, uploading.. etc).
Breasts,
SargeComment
-
- This is usually a style/template error.
- It's likely there is something missing somewhere in one of the files.
- Another assumption is the style version perhaps does not match the vbulletin version.
- One of the mods installed could be causing a conflictTalk Classic Rock - The Official Message Board For Classic Rock -- Now on XenForo!Comment
-
When the server asks for a digital token from the smart card, the bad guys simply redirect that request to the hacked system, and return it with the token and the previously stolen password.
Robert McMillan – Thu Jan 27, 4:40 am ET
The U.S. government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them.
Over the past 18 months, security consultancy Mandiant has come across several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. In a report set to be released Thursday, Mandiant calls this technique a "smart card proxy."
The attack works in several steps. First, the criminals hack their way onto a PC. Often they'll do this by sending a specially crafted e-mail message to someone at the network they're trying to break into. The message will include an malicious attachment that, when opened, gives the hacker a foothold in the network.
After identifying the computers that have card readers, the bad guys install keystroke logging software on those computers to steal the password that is typically used in concert with the smart card.
Then they wait.
When the victim inserts the smart card into the hacked PC, the criminals then try to log into the server or network that requires the smart card for authentication. When the server asks for a digital token from the smart card, the bad guys simply redirect that request to the hacked system, and return it with the token and the previously stolen password.
This is similar to the techniques criminals have been using for several years now to get around the extra authentication technologies used in online banking.
Mandiant is the kind of company that businesses and government agencies call to clean up the mess after they've been hacked. It has done investigations at about 120 organizations overt the past year and a half. Most of them get hacked via a targeted e-mail. But in many cases, they were actually hacked years earlier, but never managed to remove the malicious software from their network, according to the report.
Companies or government agencies that assume that they are secure just because they use smart cards to authenticate, could be in for a nasty surprise some day, said Rob Lee, a director with Mandiant. "Everything is circumventable in the end," he said.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com"I have heard there are troubles of more than one kind. - Some come from ahead and some come from behind. - But I've bought a big bat. I'm all ready you see. - Now my troubles are going to have troubles with me!" ~ Dr. SeusssigpicComment
-
Quite interesting. But, that has nothing to do with the issue.Talk Classic Rock - The Official Message Board For Classic Rock -- Now on XenForo!Comment
-
It has nothing to do with the new server.
- This is usually a style/template error.
- It's likely there is something missing somewhere in one of the files.
- Another assumption is the style version perhaps does not match the vbulletin version.
- One of the mods installed could be causing a conflict
Perhaps the warning page is the only thing FF can apply, much like those old "We are experiencing technical difficulties" signs that tv stations used to employ when someone tripped over an electrical cord, sending the entire station off the air in the seventies. In ever inventive South Florida, these usually consisted of a picture of a pelican sitting on a stump accompanied by an instrumental version of the Beatles "And I Love Her".
“The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.”― Stephen HawkingComment
-
Yes, but it was never happening until we switched servers.
I did check the "check vbulletin file versions" to see if any files did not match with our current version, but it came up clean.
It's kind of hard for me to pinpoint until i get a clear picture of when this happens (what page, when doing what).
I "Think" it might be the chat feature. That was the last mod installed.
Breasts,Comment
-
Maybe,
Nonetheless, taking for granted that AD is not running a persona on throw-away-computers,
his system (including the fact he is the "tech" of the system) could be a gateway to a backdoor (to anywhere).
I venture to say that his ports are not monitored."I have heard there are troubles of more than one kind. - Some come from ahead and some come from behind. - But I've bought a big bat. I'm all ready you see. - Now my troubles are going to have troubles with me!" ~ Dr. SeusssigpicComment
-
“The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.”― Stephen HawkingComment
-
As I stated earlier I have a picked up a sniffer, therefore I would venture to say that that would be one systems monitoring my ports.
The rest of the post is not a reply to Chef:
As mentioned earlier:
I also reported the sniffer to GBI, FBI, T-moblie security, and of course myself.
It was noted that I was using 55+ Gs with no video or audio usage.
The IP 64.19.142.12 is where the sniffer appears to be deriving from at my end.
I do not have access to other investigations derived from the first file opened.
I have not bothered much forensically evaluating this computer. I maintain a separate computer that is a closed system. If I need a very secure communication. I select random computers. Generally, I do not care if one voyeurs me.
Nonetheless, the information I said I was going to write, so the sniffer can be sniffed.
Sampled image that displays the redirect
Information:
64.19.142.12
#
# Query terms are ambiguous. The query is assumed to be:
# "n 64.19.142.12"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http //whois.arin.net/rest/nets;q=64.19.142.12?showDetails=true&showARIN=false
#
Monmouth Internet Corp MONMOUTH-BLK2 (NET-64-19-128-0-1) 64.19.128.0 - 64.19.191.255
Flash Networks MNTH-682 (NET-64-19-142-0-1) 64.19.142.0 - 64.19.142.31
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
#
raceroute to 64.19.142.12 (64.19.142.12), 30 hops max, 60 byte packets
1 * * *
2 hos-tr2.juniper1.rz10.hetzner.de 213.239.224.33 de 0.325 ms 0.330 ms 0.327 ms
3 hos-bb1.juniper1.ffm.hetzner.de 213.239.240.224 de 4.969 ms 4.924 ms 4.927 ms
4 * * *
5 vlan69.csw1.Frankfurt1.Level3.net 4.68.23.62 us 17.900 ms
vlan99.csw4.Frankfurt1.Level3.net 4.68.23.254 us 17.328 ms
vlan79.csw2.Frankfurt1.Level3.net 4.68.23.126 us 13.993 ms
6 ae-62-62.ebr2.Frankfurt1.Level3.net 4.69.140.17 us 5.821 ms
ae-82-82.ebr2.Frankfurt1.Level3.net 4.69.140.25 us 5.656 ms
ae-62-62.ebr2.Frankfurt1.Level3.net 4.69.140.17 us 5.821 ms
7 ae-41-41.ebr2.Washington1.Level3.net 4.69.137.50 us 93.583 ms
ae-44-44.ebr2.Washington1.Level3.net 4.69.137.62 us 93.530 ms
ae-43-43.ebr2.Washington1.Level3.net 4.69.137.58 us 94.676 ms
8 ae-4-4.ebr2.Newark1.Level3.net 4.69.132.102 us 107.037 ms 103.512 ms 103.496 ms
9 ae-21-52.car1.Newark1.Level3.net 4.68.99.37 us 99.987 ms 98.391 ms 99.994 ms
10 MONMOUTH-IN.car1.Newark1.Level3.net 4.79.188.58 us 104.042 ms 103.708 ms 102.653 ms
11 mt-bergen-edge4.monmouth.com 209.191.13.218 us 102.771 ms 101.083 ms 100.751 ms
12 * * *
13 * * *
14 * * *
No reply for 3 hops. Assuming we reached firewall.
Monmouth Internet Corp
PO Box 234
Lincroft, NJ 07738
US
domains [at] monmouth.com
Whois
Who is monmouth.com? Whois lookup at GoDaddy.
About
Copyright by Monmouth Internet Corp. © 2003 -All Rights Reserved ... By subscribing to and using Monmouth Internet Services you agree to the Monmouth Internet Terms of Service . About Monmouth Internet
Registrant:
Monmouth Internet Corporation
10 Drs James Parker Blvd
Suite 110
Red Bank, NJ 07701
US
Domain Name: MONMOUTH.COM
Administrative Contact, Technical Contact:
Monmouth Internet Corporation domains-manager@MONMOUTH.COM
10 Drs James Parker Blvd
Suite 110
Red Bank, NJ 07701
US
732-704-1000
Record expires on 07-Apr-2011.
Record created on 06-Apr-1995.
Database last updated on 29-Jan-2011 13:21:52 EST.
Domain servers in listed order:
DNS1.MONMOUTH.COM 209.191.0.1
ADMIN.MONMOUTH.COM 209.191.0.2
DNS2.MONMOUTH.COM 209.191.0.2
Registry Status: clientTransferProhibited
See Underlying Registry Data
Domain Name: MONMOUTH.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: ADMIN.MONMOUTH.COM
Name Server: DNS1.MONMOUTH.COM
Name Server: DNS2.MONMOUTH.COM
Status: clientTransferProhibited
Updated Date: 25-feb-2009
Creation Date: 06-apr-1995
Expiration Date: 07-apr-2011
>>> Last update of whois database: Sat, 29 Jan 2011 18:34:28 UTC <<<
Monmouth Telephone & Telegraph
This place is permanently closed. Not true?
10 Drs James Parker Blvd # 110, Red Bank, NJ 07701-1500
« Back to overview
Reviews by Google usersBeen here? Sign in to rate
1 - 3 of 3
PBX GUY - Dec 26, 2010
A customer of ours lost over $2500 in revenue over a 2 day period due to services dropping. A few weeks later our customers phone system was hacked and Monmouth Telecom wanted our customer to pay over $20000 in charges. We never had any issues with any previous providers. Worst company to deal with. Not secure or reliable in any way.
3 out of 6 people found this review helpful. Was this review helpful? Yes - No - Flag as inappropriate
Monmouth Telecom hates black people - Dec 8, 2010
Monmouth Telecom hates black people.
5 out of 8 people found this review helpful. Was this review helpful? Yes - No - Flag as inappropriate
Rasheed - Nov 17, 2010
Awful services. They baited us with cheaper rates, only to find out they are only reselling Verizon services and using inferior, cheaper circuits is why they keep going down and costing us money. There is no guaranteed up time here. Also, 5mb of email?? What a joke. If you care about your business, don't do it! Use a reputable company instead.
4 out of 6 people found this review helpful. Was this review helpful? Yes - No - Flag as inappropriate
Photos & Videos From a Google User
"I have heard there are troubles of more than one kind. - Some come from ahead and some come from behind. - But I've bought a big bat. I'm all ready you see. - Now my troubles are going to have troubles with me!" ~ Dr. SeusssigpicComment
-
“The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.”― Stephen HawkingComment
-
What I don't follow in this instance Bob is the gray screen warnings that come up, indicating the browser can not contact the server. This lists the usual reasons (server busy, failed internet connection, ect.) and remains static for several minutes. Finally, the site will appear, but you can not post or read pages and it promptly vanishes again.
I just know the cause is the reason(s) I listed in my earlier post.Talk Classic Rock - The Official Message Board For Classic Rock -- Now on XenForo!Comment
-
By the way, this (security token missing) can occur when one uses a proxy.Talk Classic Rock - The Official Message Board For Classic Rock -- Now on XenForo!Comment
Comment