security tokens?

so, if i'm playin' for the "other team" and not gay, logic would dictate that ace is............well, you know.

maybe he leaves it logged on, and he's actually 3000 different people....

We just moved to a new server. I am not sure if that has anything to do with it. I haven't had this happen to me yet. If it keeps occuring let me know.Also, what made it occur (pm, uploading.. etc).
Breasts,
Sarge

It has nothing to do with the new server.

- This is usually a style/template error.
- It's likely there is something missing somewhere in one of the files.
- Another assumption is the style version perhaps does not match the vbulletin version.
- One of the mods installed could be causing a conflict

Robert McMillan – Thu Jan 27, 4:40 am ET

The U.S. government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them.

Over the past 18 months, security consultancy Mandiant has come across several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. In a report set to be released Thursday, Mandiant calls this technique a "smart card proxy."

The attack works in several steps. First, the criminals hack their way onto a PC. Often they'll do this by sending a specially crafted e-mail message to someone at the network they're trying to break into. The message will include an malicious attachment that, when opened, gives the hacker a foothold in the network.

After identifying the computers that have card readers, the bad guys install keystroke logging software on those computers to steal the password that is typically used in concert with the smart card.

Then they wait.

When the victim inserts the smart card into the hacked PC, the criminals then try to log into the server or network that requires the smart card for authentication. When the server asks for a digital token from the smart card, the bad guys simply redirect that request to the hacked system, and return it with the token and the previously stolen password.

This is similar to the techniques criminals have been using for several years now to get around the extra authentication technologies used in online banking.

Mandiant is the kind of company that businesses and government agencies call to clean up the mess after they've been hacked. It has done investigations at about 120 organizations overt the past year and a half. Most of them get hacked via a targeted e-mail. But in many cases, they were actually hacked years earlier, but never managed to remove the malicious software from their network, according to the report.

Companies or government agencies that assume that they are secure just because they use smart cards to authenticate, could be in for a nasty surprise some day, said Rob Lee, a director with Mandiant. "Everything is circumventable in the end," he said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Quite interesting. But, that has nothing to do with the issue.

What I don't follow in this instance Bob is the gray screen warnings that come up, indicating the browser can not contact the server. This lists the usual reasons (server busy, failed internet connection, ect.) and remains static for several minutes. Finally, the site will appear, but you can not post or read pages and it promptly vanishes again.

Perhaps the warning page is the only thing FF can apply, much like those old "We are experiencing technical difficulties" signs that tv stations used to employ when someone tripped over an electrical cord, sending the entire station off the air in the seventies. In ever inventive South Florida, these usually consisted of a picture of a pelican sitting on a stump accompanied by an instrumental version of the Beatles "And I Love Her".

Yes, but it was never happening until we switched servers.
I did check the "check vbulletin file versions" to see if any files did not match with our current version, but it came up clean.
It's kind of hard for me to pinpoint until i get a clear picture of when this happens (what page, when doing what).
I "Think" it might be the chat feature. That was the last mod installed.

Breasts,

Maybe,
Nonetheless, taking for granted that AD is not running a persona on throw-away-computers,
his system (including the fact he is the "tech" of the system) could be a gateway to a backdoor (to anywhere).
I venture to say that his ports are not monitored.

Who monitors yours?

As I stated earlier I have a picked up a sniffer, therefore I would venture to say that that would be one systems monitoring my ports.

The rest of the post is not a reply to Chef:


As mentioned earlier:
I also reported the sniffer to GBI, FBI, T-moblie security, and of course myself.
It was noted that I was using 55+ Gs with no video or audio usage.
The IP 64.19.142.12 is where the sniffer appears to be deriving from at my end.
I do not have access to other investigations derived from the first file opened.
I have not bothered much forensically evaluating this computer. I maintain a separate computer that is a closed system. If I need a very secure communication. I select random computers. Generally, I do not care if one voyeurs me.
Nonetheless, the information I said I was going to write, so the sniffer can be sniffed.



Sampled image that displays the redirect

Information:
64.19.142.12
#
# Query terms are ambiguous. The query is assumed to be:
# "n 64.19.142.12"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http //whois.arin.net/rest/nets;q=64.19.142.12?showDetails=true&showARIN=false
#

Monmouth Internet Corp MONMOUTH-BLK2 (NET-64-19-128-0-1) 64.19.128.0 - 64.19.191.255
Flash Networks MNTH-682 (NET-64-19-142-0-1) 64.19.142.0 - 64.19.142.31

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
#


raceroute to 64.19.142.12 (64.19.142.12), 30 hops max, 60 byte packets
1 * * *
2 hos-tr2.juniper1.rz10.hetzner.de 213.239.224.33 de 0.325 ms 0.330 ms 0.327 ms
3 hos-bb1.juniper1.ffm.hetzner.de 213.239.240.224 de 4.969 ms 4.924 ms 4.927 ms
4 * * *
5 vlan69.csw1.Frankfurt1.Level3.net 4.68.23.62 us 17.900 ms
vlan99.csw4.Frankfurt1.Level3.net 4.68.23.254 us 17.328 ms
vlan79.csw2.Frankfurt1.Level3.net 4.68.23.126 us 13.993 ms
6 ae-62-62.ebr2.Frankfurt1.Level3.net 4.69.140.17 us 5.821 ms
ae-82-82.ebr2.Frankfurt1.Level3.net 4.69.140.25 us 5.656 ms
ae-62-62.ebr2.Frankfurt1.Level3.net 4.69.140.17 us 5.821 ms
7 ae-41-41.ebr2.Washington1.Level3.net 4.69.137.50 us 93.583 ms
ae-44-44.ebr2.Washington1.Level3.net 4.69.137.62 us 93.530 ms
ae-43-43.ebr2.Washington1.Level3.net 4.69.137.58 us 94.676 ms
8 ae-4-4.ebr2.Newark1.Level3.net 4.69.132.102 us 107.037 ms 103.512 ms 103.496 ms
9 ae-21-52.car1.Newark1.Level3.net 4.68.99.37 us 99.987 ms 98.391 ms 99.994 ms
10 MONMOUTH-IN.car1.Newark1.Level3.net 4.79.188.58 us 104.042 ms 103.708 ms 102.653 ms
11 mt-bergen-edge4.monmouth.com 209.191.13.218 us 102.771 ms 101.083 ms 100.751 ms
12 * * *
13 * * *
14 * * *
No reply for 3 hops. Assuming we reached firewall.






Monmouth Internet Corp
PO Box 234
Lincroft, NJ 07738
US
domains [at] monmouth.com



Whois
Who is monmouth.com? Whois lookup at GoDaddy.


About
Copyright by Monmouth Internet Corp. © 2003 -All Rights Reserved ... By subscribing to and using Monmouth Internet Services you agree to the Monmouth Internet Terms of Service . About Monmouth Internet




Registrant:
Monmouth Internet Corporation
10 Drs James Parker Blvd
Suite 110
Red Bank, NJ 07701
US

Domain Name: MONMOUTH.COM



Administrative Contact, Technical Contact:
Monmouth Internet Corporation domains-manager@MONMOUTH.COM
10 Drs James Parker Blvd
Suite 110
Red Bank, NJ 07701
US
732-704-1000

Record expires on 07-Apr-2011.
Record created on 06-Apr-1995.
Database last updated on 29-Jan-2011 13:21:52 EST.

Domain servers in listed order:

DNS1.MONMOUTH.COM 209.191.0.1
ADMIN.MONMOUTH.COM 209.191.0.2
DNS2.MONMOUTH.COM 209.191.0.2

Registry Status: clientTransferProhibited
See Underlying Registry Data


Domain Name: MONMOUTH.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: ADMIN.MONMOUTH.COM
Name Server: DNS1.MONMOUTH.COM
Name Server: DNS2.MONMOUTH.COM
Status: clientTransferProhibited
Updated Date: 25-feb-2009
Creation Date: 06-apr-1995
Expiration Date: 07-apr-2011

>>> Last update of whois database: Sat, 29 Jan 2011 18:34:28 UTC <<<



Monmouth Telephone & Telegraph
This place is permanently closed. Not true?

10 Drs James Parker Blvd # 110, Red Bank, NJ 07701-1500
« Back to overview

Reviews by Google usersBeen here? Sign in to rate
1 - 3 of 3

PBX GUY ‎ - Dec 26, 2010
A customer of ours lost over $2500 in revenue over a 2 day period due to services dropping. A few weeks later our customers phone system was hacked and Monmouth Telecom wanted our customer to pay over $20000 in charges. We never had any issues with any previous providers. Worst company to deal with. Not secure or reliable in any way.

3 out of 6 people found this review helpful. Was this review helpful? Yes - No - Flag as inappropriate

Monmouth Telecom hates black people ‎ - Dec 8, 2010
Monmouth Telecom hates black people.

5 out of 8 people found this review helpful. Was this review helpful? Yes - No - Flag as inappropriate

Rasheed ‎ - Nov 17, 2010
Awful services. They baited us with cheaper rates, only to find out they are only reselling Verizon services and using inferior, cheaper circuits is why they keep going down and costing us money. There is no guaranteed up time here. Also, 5mb of email?? What a joke. If you care about your business, don't do it! Use a reputable company instead.
4 out of 6 people found this review helpful. Was this review helpful? Yes - No - Flag as inappropriate

Photos & Videos From a Google User

The sniffer idea seems interesting. Currently, I'm only using a process explorer, so I might look into this. Thanks for the heads-up.

I honestly do not know the answer to your question it's never happened to me personally at this site.

I just know the cause is the reason(s) I listed in my earlier post.

By the way, this (security token missing) can occur when one uses a proxy.

Scroll down the page. Someone else has been having similar issues.