So, to summarise, since John's last post has gotten buried in a lot of FUD
It looks like a password list has gotten out so NATS owners should contact TMM to see if their customer data has been compromised. OC3 (
[email protected]) have also said they can help people with this.
TMM have or are in the process of changing all TMM passwords throughout their client base.
TMM have now taken additional security measures by not storing all passes on their end to prevent this happening again.
TMM are adding additional security measures (1-way encrypted passes) in future NATS releases.
So, if I'm not mistaken, any current NATS owners should now be secured (or over the next day or two) from further compromise via this route.
But, in all, everyone, nomatter what software you use, should take database security very seriously and daily audit any accounts (ssh/mysql/web-based) that have privilege access.
Looks like this issue has come to resolution, so I'm off to enjoy my holidays
