|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
I have no false impressions about software but I do expect that when I pay for a software such as NATS and the developers of the software are aware of an issue that they will make it a priority to investigate the issue and make their clients aware of it and what they intend to do about it. I'm sure you can understand how i don't feel like this is too much to ask for. This vulnerability specifically targetted the NATS staff admin account and no others, as far as i can tell, which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself. |
People, keep in mind that the only admin account that has been compromised is the TMM admin account. For god's sake, delete this account immediately.
This breach would also explain the multiple waves of compromised user passwords that we have seen. User passwords are easy to see in NATS, affiliate passwords are not. My members area security software has reported dozens of compromised passwords logging in within less than 5 minutes. This only happens when there is a compiled list of valid passwords, not from passwords obtained by brute force. After over 20 hours, I finally got a response to my trouble ticket: TMM (3:55 PM): I'm sorry and it look like I have to get you an full upgrade to have this new feature TMM (3:56 PM): and we are currently develope on better security system on NATS and there will be release on Monday hopfully TMM (3:58 PM): can we do the update on Monday instead? Dirty D (3:59 PM): Keep in mind we are one of the MANY programs that the TMM admin login was compromised. Before I get pissed off, let me get this straight and make sure I understand. #1. The IP Log feature won't work until the next release comes out... maybe monday #2. NATS will not log the admin login info to a log file and the ONLY way to get admin login information is for me to WRITE A SCRIPT to accept a POST with info from NATS using these undocumented variables xxxxxx , xxxxxxx, xxxxxxxx, xxxxxxxx, xxxxxxx #3. Nothing has been accomplished to resolve this Trouble Ticket TMM (4:05 PM): #1 yes, we are currently develope on the security script on will try to get relase as soon as possble. #2 Currently no, but I will add this to the feature request. #3 I'm sorry about this, we are wokring on the relase, and will let you know as soon as it is ready. TMM (4:11 PM): I'm sorry for any inconvenience that cause on this issue, please change the ssh password and disable the nats admin login, one of us will contact you as soon as the new release is ready. |
WTF? They outsourcing to Russian programmers or something?
Thats some serious broken english. And certainly not the brightest of decisions. |
Holy shit, this is huge
Imagine how much data was stolen through this NATS fuck up :eek2 |
Quote:
:Oh crap |
Quote:
|
Quote:
Real good choice you are taking there, ignoring not only the companies whom use your product, but also the affiliates whom promote those companies. So first we had pornograph fiasco and now this.. What was that old saying? Fool me once shame on me... Fool me twice??? |
Quote:
|
Quote:
|
this thread should be a sticky.:2 cents:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
heres a band aid solution for those who have dynamic ips and absolutely cant 'lock down' their admins to a specific ip... at least until the problem is resolved fully.
have your coder code up a small script: w w w . d o m a i n . c o m /somesecretfile.php?key=somesecretkey if the key is correct have it make the changes to allow the ip accessing the script to log into admin. should take him about 15 minutes to code. and security wise, even if someone found this file AND your key it wouldn't be a major compromise... all it would do is allow his ip to enter admin, nothing more... they would still need the password of course. ciao. |
Quote:
|
Quote:
|
Quote:
|
Here's the important question. Literally hundreds of people have evidence that they have had data stolen electronically.
When are the authorities contacted? When does the cyber crime unit step into this? If this is as big as it seems, action needs to be taken. There's no shortage of cash or backing to get this solved. |
Quote:
The Bro squad is on the way to spin it, and this chapter will be swept under the carpet just like all the other dirty secrets in online adult. Merry Xmas Chumps you all got robbed. |
This was definitely a breach on the NATS side as far as I can tell. All the programs I have talked to have had Fred's usernames be completely different from one another. This leads me to believe they kept a log/record of all user/passes on their side of things that got hacked/exploited/leaked/shared you take your pick of what happened.
If everyone getting exploited was being used by the same user/pass of an admin that would be one thing, but having them be so random and different from program to program shows quite clearly where the first issue started. We are lucky we host at swiftwill and have ip protection in place. Though Fred was able to login, we show zero evidence he was able to log into the actual admin since he was not allowed via ip protection. The only parts he was able to access was like an affiliate could, the ad tools and link codes. So for hosts like Swiftwill and others like it that demand IP protection on Nats, that is a positive. For others that don't require it, this is a major issue of all the data that could have been collected over the min 6 months this has been an issue based on the various evidence in this thread. |
Quote:
Move along novice. |
IP RESTRICTION...
But my IP address changes.... Bullshit. You make enough money to call your provider and request a PERMANENT one. But they don't provide one. What the fuck? Are you on Dialup because most Cable, DSL, Broadband providers WILL give you a permanent IP if you pay monthly for leasing. Usually $20. Consider it a cost of doing business and a tax write off. OK... But I AM ON DIALUP! So pay an admin here to setup a proxy on a dedicated server with a NON-ADULT hosting company picked at random. Have that proxy password protected. Case closed... The fact that a village idiot can get into this industry if he has $100,000 in inheritance money frightens me. It frightens me because when it comes to security you are all village idiots! Every last one of you! 90% of you have hackers on your boxes because they hacked your forum, your support system, your webcam software or by some other means. You don't know because all the hacker wants is your password DB and not the Emails. They trade those DB's like Pokemon cards. They give 1 account away to each person who asks for them on newsgroups and IRC channels. It NEVER trips your strongbox, pennywize, proxy pass, etc, because they give each requester a different account. So even if the real user and the fake one use it at the same time they fall with in the AOL threshold (5 IP's in 15 minutes). You all think.. Impossible because those previously mentioned programs shut this kinda shit down! No... They don't... Because each request gets a different account. This isn't password boards where 15,000 people get the same account. This is the designer version where everyone gets their own unique, free account. But bandwidth is so cheap I don't give a fuck!... I know.. But in one channel on the IRC alone you will have up to 1000 people receive a password in a day. You are pissing away $35,000 a day! Smaller programs a few thousand... Industry wide? About $800,000,000 a year is just pissed away... OK.. Back to your original programming where you just bury your heads in the sand. |
Quote:
Oh, and yes... you are the king. Whatever. I clicked your sig. |
Quote:
|
Quote:
http://www.alexa.com/data/details/tr...3y&size=Medium Saw it posted on another board. |
This was sent to me last night and I was asked to post it without naming the source. I have no time to investigate it as I'm off out after checking the site.
Please draw your own conclusions from it. Quote:
|
Quote:
You're on my do not argue list and I'm heading to sleep anyway. Think as you wish, you always do. |
Quote:
Guess some people do realise how it is, but those are the same people that have either worked in security, or have had their boxes used as toys by hackers and have been awaken by the sad truth that their box is banned by google, listed on every blacklist known to man for spamming, their members sending 100 complaints, their databases beeing erased and indexes overwritten by kids etc etc. Then they realise that if it's at the point that your database is erased, the person that erased is not the hacker, hacker got in a long time ago. It's now to the point that he sold the access to turkish or who knows wannabes. Still long till time comes when people here take security seriously since so few understand it. |
Just curious. Did you have the SAME user/pass for EVERY program?
I mean, that would be REALLY bad..... Also, if the 'hacker' had/had full admin access. He might have created a 2nd user with access to the affiliate info...Better check out ALL users with more access than a normal affiliate |
Quote:
i'm going to go dig back and see when this trend started, but i cant help but wonder if this is tied to when NATS and Segpay started their incestuous relationship, as i had never seen this kind if account compromising over the past 8 years, not so many simultaneously and then suddenly stoppping in a single wave. sounds way too close to what you describe above, *way* too close to me.. |
it is not only nats there are public dumps of generated passwords from other programs and systems also, adult security experts are step behind hackers :upsidedow
|
WOW this post got BIG fast.. Left it on Saturday on the first page, just read the rest now..
|
popular topic, what you want.
we want to switch, so now we this twicely.:) |
| All times are GMT -7. The time now is 09:31 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123