:thumbsup

Spot on. Its wise to keep notes on that as well.

But I think as affiliates we also should be concerned about the breach of our personal data. No one knows just how much information was lost from the customers side of things, but we do know that NATS stores all of our affiliate data to include bank routing and SSNs/TPIDs and we do know that the perps would have had access to that. Did they get it? Again, no one knows.

TMM is not being cooperative, they are not addressing their customers saying thats on the advice of counsel, but they are giving statements to the media. Most lawyers I know would not give advice to avoid your customers but talk to the media, they'd say take care of your customers but be careful, or they'd say don't talk to anyone at all. So the "on the advice of our counsel" line is simply another way of saying "no comment", and no comment as we all know is used to avoid questions we don't want to answer because an honest answer would make us look bad somehow.

To be honest I do not know this person. I really don't care to know him.

I am curious why you are arguing with a person you deem mentally incompetent? That is not logical, nor is it productive.

Again, I say are you guys arguing for the sake of hearing your jaws work or your fingers type or is there some pathology involved?

I would certainly hope people could separate news from the bearer. AVN has my vote of confidence in this matter at least in so far as being legally and factually correct in quoting the statements they did.

I don't feel that arguing with a person you deem unstable is going to change that person's mind or their actions.
There is personal and there is business. So which is it?

Very true. NATS has the ability to work with a program's own billing setup. Not everyone uses 3rd party billing for everything. Just to keep everyone informed. :2 cents:

--edit
cchash?

umm, programs that use the nats that have their own merchant accounts can access their credit card data through their admin. they have a "true cascade function" where the consumer doesnt have to enter their credit card data in after the firs time

you think nats was cISP compliant?




http://kb.getnats.com/idx/15/148/Bil...r_gateway.html

NATS supports this feature with CC and ACH gateways. This article explains how to use this feature.

Specific variables for Credit Card sales:

enddate_month - CC expiration date, month
enddate_year - CC expiration date, year (XXXX format)
cc - CC Card Number, no dashes
cvv - CC CVV2 code

you won't find me arguing with him. if you want to believe anything that minusonebit says that is up to you. have fun ya moose knuckle :1orglaugh

there is not the slightest shred of evidence to suggest affiliate data was leaked. non.nada.NOTHING but heh don't let that stop you when you are getting 'mad views' :(

you are just a frustrated little faggot keith :1orglaugh

This doesn't store the credit card information. It's on a secure join form which posts the data to say netbilling for approval. Netbilling then sends back a postback like a 3rd party processor, without the cc info.

if you set the nats up as your credit card gateway, you should be able to search in the nats by using the credit card number. correct me if im wrong

I just checked 2 programs using Netbilling, both Member Admins. Neither have credit card search forms. I checked phpmyadmin on one, and no field in the database for cv2, exp date or cc#.

Even the KB says it posts to the processor and you get a reply back if it is approved or declined. That's what it's for.

if nats doesnt come near cc info and that is the case, then thanks for pointing it out and i apoligize to nats for my suspicions

50..avn articles about nats

No worries, it's okay to be suspicious when it comes to cc info :)


Overall this article is lame, not news, and anyone that thinks they will exit nats and find the golden path of perfection isn't getting on cloud9, they rolled up and smoked cloud9.

Any program that drops nats to open a new program/backend will be exploited/hacked within 6 months. Anyone that doesn't agree with that shouldn't open a program.

I agree there. It's better to keep moving forward and deal with each problem as it rolls out. I have only seen people who don't actually run programs coming up with all the scenarios that they think are how it works.
Guys...if NATS was really the horror story that you portray we would all drop them and either build our own or go back to single processing. Who knows? Maybe we'll all jump to CC Bill's new backend anyway. :)
Bottom line is...you just keep going forward. It seems like there is a lot of negativity here but no real productivity. I've been posting on this thread in between adding galleries to my tgps. I hope everybody else (except minusonebit of course since he isn't really in this business) is just posting here to take small breaks from what we all really do: Make money and kick ass. :thumbsup

no way programs are going to drop nats. Atleast with nats the cats out of the bag and we have locked shit down. It is not as easy as you think for an older program to just up and change back ends. It would be biz suicide. How many affiliates would they lose? Much more than you know. I prefer promoting nats programs because they always convert and are much less likely to waste your traffic then some guy who has his finger on the shave button of his homemade back end.

I would say at this point it might very well be a question of "how many affiliates would they gain". :2 cents:

See thats the thing that doesn't make sense to me.

Fact: we know it was a password list that was obtained from TMM some kind of way, either a server hack, someone leaked the info, etc... some kind of way their admin account info for every client was released.

They say they noticed "this" problem months ago but thought it was isolated and they thought they fixed it.

Question: If you noticed that a few clients were having someone accessing their servers using your NATS admin account info, why the hell didn't you check all of your client's servers that you have access to.

Most likely answer: John probably blammed each of the people affected months ago and passed it off as their servers were hacked. I would bet he didn't think the problem was on his end so he didn't bother to take a couple mins to randomly start logging into clients servers to see if NATS admin accounts were accessing those servers 10x a day. He said this much in the first couple threads posted here a couple weeks ago. he siad the most likely answer was that the clients server was hacked.

If i am wrong please explain to me what I am missing here.

Do you understand what goes on in this business at all? Really understand I mean? Not this fake nats hack drama shit.. clearly not.

If you think opening your own software provides a golden path, then you are mistaken due to a lack of experience. If you think it will make you more secure, you again would be incorrect. Software does not make you secure.

The only problem around here is people like you putting your trust into software. Your security is YOUR responsibility, period! Every backend has been hit in some way, if you don't get that then I'm sorry.

I'm defending logic, not NATS.

TheDoc is as biased as they come. He does work for Nats, do you think he is going to do anything less than defend them. He has been biased from day one and has posted in just about every thread thrying to down play things, say only emails were taken, he said all people using nats was fine now (all clear) even microsoft has problems, everyone gets hacked, your info is already out there so why worry about it, etc etc etc etc.

i think i will pass on posting that thanks

lol good god man, too bad nats didnt tell you first..
you obviously know very little about servers, if your database is slow then your sites contacting it are also slow..



wow something even an imbecile could do . but nats somehow couldn't :(
yes actually i did , you made a false statement exaggerating what was said in the article, i pointed you straight , now you are bitching about it.

nope , do you own a vanilla ice album ?
speculating about what ? i have been inside nats sponsors as an admin yes , so i know what can be done.
don't know what could be worse than someone that could take all your credit card signups until you noticed.. thats about as bad as it gets.

but hey dont trust me , let me run a javascript on your signup page and find out.

thats just your opinion i suppose , i have been here since the internet started and i would rate it as pretty deep, and we wont know how deep until each and every sponsor has been hand checked or upgrades

then how in the world would you say a price structure of emails in the article was wrong if you have never bought them.

thus the large elaborate hack to steal emails was worthless :Oh crap
people buy and sell emails, really ? omg i didnt know that ..

and this would be coming from your experience in never buying an email list ever.. ok then.. :1orglaugh

you have been reading those "1 million emails for $10" spams again havent you. LOL




lol i dont want to buy yours you already admitted you got hacked so yours are now worthless.


obviously, because you fail to realise thats about what they cost
so you make up an exaggerated story and a fake promise to sell your emails

:1orglaugh:1orglaugh

ok then. lol


people get broken into every day , but if your house was broken into because someone hacked your alarm companies passwords and they knew about it but didnt notify you , perhaps its time to find a new alarm company ? just a thought.

Now i'm certainly not advising sponsors to drop nats , do what you think is best , but if you dont factor trust into the equation you are asking for trouble..
:2 cents:

thats exactly what happened. a couple people mentioned reporting to nats and being told it was their password not nats , only to get rehacked several more times.

I don't understand this.

They were "aware of the problem a few months ago". Wasn't "the problem" that someone get access to the master list of NATS admin account info for each client's server ????

So the must have thought that someone got access to a couple different client's NATS admin login. So they "fixed" the problem by deleting that account?

Is it me or does all of this sound like bullshit? unless there was a different problem happening "in the past" then it has to be the current problem which was a list of NATS admin accounts that got released.

Why didn't they check their other clients accounts? If what i said above is the case, why didn't they just for 1 second entertain the idea that maybe something was breached on their end and it wasn't each client independently that was the fault or source of the problem. Why not just take 5 mins and randomly check a few other clients and see if the problem was happening to anyone else ?

I don't get it?

They were confident they had fixed the

Damn Smokey...I didn't realize how fucking stupid I am. And how smart you are. Who are you again? And what do you run? And what site were you the admin for NATS with? I'm not asking that in a mean spirit. But since you know so much more about the internet than I do, I just wanted to know who I'm talking to.
You can offer your opinions all day long. Show me how successful you are by identifying yourself so I can know how much weight your opinions hold.
I have told you what the reality is. You can continue to make conjectures 'til the cows come home and it doesn't mean anything my friend.
I see things differently if you don't mind. I see the whole situation as me being responsible for myself. I don't need NATS to tell me that my shit is being broken into. And that's exactly what I did. Yes, we asked questions when we saw strange things.
But I didn't expect some third party rental software to give me answers. And sure enough they didn't. So stupid ol' me, who obviously doesn't know shit...well we took care of it ourselves. It was pretty simple to take a look in mysql and see what was happening and handle it.
It's nice to know what happened after the fact. And I'm very interested in finding out when everything washes out. In the meantime I'm just gonna keep making money. I could give two shits if it's with NATS or some other backend.
Now please, let's stop quoting each other. You are obviously some old school guy...maybe one of a handful who have been around longer than me, and you are toying with me with your vast knowledge. I surrender.
I would just like to say...unless somebody has a positive direction to go in then it's all just negative.
My solution is FIX THE PROBLEM. Then direct your energies back to making money. And people should do whatever they think will make them the most money.
If nobody wants to promote NATS sites. More power to you. If you're scared that some hacker is going to steal your info...I don't blame you one bit. If you think there is a better backend that can not be hacked and/or would alert you much faster so you don't have to worry about your own security, then please only promote the sites that use that backend.
Everybody has their own preferences and their own ideas on how to make money.
And again, I don't know who you are. Smokey The Bear? Okay, you're either a cop or a spokesman for firefighters! LOL! I'm just kidding with you.
But my name is Robbie. My nickname is "Robbie". I was born "Robbie"
No smoke and mirrors here. Just me explaining how I see this whole thing.
If you think this is a big deal...then more power to you.
I don't. Maybe I somehow got "lucky" and just happened to know a few things that went down over the years that you weren't privy to somehow. Who knows? Who cares?
Let's all make some money and feed our families. This "crisis" is past for the moment. Maybe tomorrow somebody will hack it again. How can any of us know? Maybe tomorrow somebody will hack a major bank again.
Can't predict the future. But I can deal with it when it comes along.
I wish everyone else lots of fortune in 2008 and keep a positive, productive attitude and be prosperous.
Later guys...

That's funny, best out of context text ever!

I have had to keep posting, if you guys were to keep going so much bad and wrong info would have been posted by now. My god, so much wrong info has already been posted that I have had to prove was wrong, like this cc info - it still isn't dead, should be now though.

And us program owners have known this forever man, you guys think it's a huge conspiracy of sorts. Please, program owners are just happy it's fixed so they can be the only ones spamming the members. Their friends are buying the lists and they don't care, don't you guys get it at all?

And my data, was secure, like lots of nats programs we had proper protection in place. So I think you guys attacking NATS in general hurts my program and other protected programs.

So yeah, I will continue to post as long as you guys continue to post wrong information or people ask questions.

None of this means that the hacker did not install something else on the server to store the cc info elsewhere until they were collected, nor does it mean that the data was not compromised as a direct result of the NATS breach. No one knows partly because TMM is not being forthcoming with detailed info. So far, all we have out of them is denials as to what supposedly did not happen, what did not get breached and who did not do whatever. They have apparently now had almost a years and a half (18 mos = 1.5 years) to investigate the matter and they still claim to not know what the deal was or exactly how it happened.

This whole "Oh, the CC data is safe, but everything else on the servers is toast!" is just bullshit. Its like this constant splitting of hairs that - "Oh, it wasn't NATS that was breached, it was a server in TMM's office that got breached. Stop pissing on NATS, M1B, you asshole!" At the end of the day, it does not matter whether it was John's server, is blackberry, his laptop or his cordless phone that was incompetently managed, nor does it matter what order the devices were compromised in. At the end of the day, the result is still the same. Data lost and people got fucked.

Man, this as any other NATS thread has so much spin to it that my head is all dizzy just reading some of the responses of the usual suspects...

Slowly that rug is growing to a size that someone might actually stumble / fall.

Now THAT is what I'm talking about! fuckingfuck...you are the man! None of this pussy ass whining shit for you! :thumbsup

NObody ever had access to a server and this is impossible through the admin.

No, we are able to exactly see what they are getting.

I said before this isn't new, nats has been the target of several exploits. I'm sure those exploits is what lead to the first nats pw leaks, duh.. Then NATS getting hit 2 times didn't help either.

You are correct and NATS got hacked and they did the legally correct thing and let all Clients know. We can only hope he learned from the lesson, just like 100's of owners learned that security is your responsibility.

I know from each hack/exploit that I have had from the 10+ years in this business I learned and improved each time. Live and learn.

When NATS was sold to the industry, it was pitched as tool to keep the program owners honest by stopping shaving. TMM worked very hard to spin this on the boards and pretty soon affiliates started demanding NATS-based programs. The idea was that John's software, which could not be touched by the programs - would be unshaveable. Thats all good and well and had it actually functioned that way, it would have been a good thing for the industry. But these kind of things never work out this way.

Anyone who has taken college level (for that matter, probably high school level as well) courses in government, public service, democracy, world history and the like knows that concentration of power is a dangerous thing. We saw this in Nazi Germany, here in our own country and just about everywhere else throughout the world. The thing is that TMM was saying to affiliates: "Hey, trust US. We have YOUR best interests at heart. We wont let you bring in an independent third party to audit our code to prove this, but we do. You don't wanna get shaved, do you? What? You still don't believe us? You good for nothing board whore, if you publish that, We're, gonna sue you for libel!" and this has worked for a long time for TMM. They have made a good run of scaring their critics into silence and programs into using them. And this concentration of power led to the ultimate in lax, completely incompetent security: a list of passwords sitting on somebody's server.

Given the choice between NATS incompetently managing my personal data and the possibility that a dishonest sponsor *may* shave sales, at the end of the day I'll take the possibility of shaved sales. Its a small price to pay. First off, most program owners are honest, most of them are very generous with their affiliates and most of them would not consider - so its not even a really large risk. Second, dishonest people always get caught at their games eventually. iBill's greed eventually caught up to them. John's incompetence and/or crookedness has caught up to him. If you believe the story that PornGraph was actually sold before the trojans went on, then you can see it caught up with the new owners as PG is no more. Finally, program owners who fuck their affiliates through shaving probably fuck their employees, contractors, business partners and talent as well. By proxy, this means they likely already have a bad reputation and everyone knows who to stay away from anyway.

that had abolutely nothing to do with what I posted. I never made 1 false accusation. Yes Doc we get it, everyone's personal info is all ready all of the net, all programs get hacked, the people only took emails and didn't touch anything else, and all nats servers are completly ok now. I don't even know why anyone should have posted about this Nats issue in the first place, after all it happens to all companies. :upsidedow

So what is it you do, provide rss feeds or something like that for nats ?

I wonder how much NATS is paying their lawyers to read GFY print outs?

No, I don't provide rss feeds for TMM, I created my own NATS plugin that attaches to NATS, rebuilds your hosted galleries, allows for auto updates, and much more. NATS doesn't support it or sell it, they complete with me on rss dish.

I have it for MPA3 too, if that was your point.

It's fine that it hit the boards, it's good that it was corrected. The problem is it has been corrected, it's not a problem now, but you guys just won't drop it and keep dragging it through the mud.

Of course you don't care, you don't own a program.

And he is correct and Webmasters still have that trust.

You are being a little single minded.. Think of it like this. If I posted my ProgramA was breached and your data 'could' have been post, I won't lose any webmasters, even after it's posted on GFY. However, if someone posted a shaver script with screenshots in my program, I would lose most of my Webmasters and Clients.

Huge difference in trust with these things, I think people trust the program for data security, not the software.


You would think that.. You really would, but honestly people got fucked by Ibill for like 2 years afterwards. People don't care, don't listen, it's all about the greenbacks. And some of the biggest programs are scamming freaks but are loved by Webmasters.

It's a crazy business.

I'd worry more about the number of trees that are dying to print out GFY. Hell, I have already gone through a set of toner and six reams of paper on this mess.

there you go exaggerating again , i never claimed you were stupid nor that i was smart.
if you asked me politely and it had anything to do with the conversation then i might tell you, but seeing as how it doesnt have a single thing to do with this thread i won't..

alot of questions. what do any of these questions have to do with the facts as i have laid them out.
then don't ask in such a rude fashion :2 cents:



your words not mine..
my name is above each post.
the difference is my opinion is based on facts that any nats employee can verify.

i could give a fuck less if you don't believe facts

that a server going down 15 times in a day is "bringing a server to its knees" ?

That you think running a nats database on a slow server would have no effect on the functionality of your sites as long as they are on a sep server ?

that you don't understand how someone having the master nats password list is a serious breach ?





anyone can simply verify my facts with nats or anyone with experience in the nats admin

i dont mind if you see things incorrectly :winkwink:

and most everyone else feels differently :winkwink:

answers about why they lost the master password list used to view all your nats info

:Oh crap i sure hope any affiliates arent reading that ..

i had a porn site before the internet started :)

[QUOTE=Robbie;13595389]
My solution is FIX THE PROBLEM.
[/quoter]

we are on the same path , just my idea of fixing is to make sure you have isolated the problem first

:thumbsup:thumbsup

Smokey there was no "Master Nats password list" There was ONE LOGIN that they used to do maintenance on everybodies NATS setup. And since you are a former NATS employee I have no idea why I am having to explain this...especially since it's already been said 1,000 times in other posts.
Having a single user/pass for them to log in and do upgrades etc. wasn't such a great idea.
A worse idea was all of us who didn't delete that user in the beginning, before anything happened. Leaving it on there is totally optional. And a LOT of program owners did NOT leave that on there and were NOT hacked. A lot were. We were one of the ones who were slack. Not the stupid NATS program. They had a flaw...we didn't protect ourselves by realizing it...
But again...YOU ARE INCORRECT....THERE WAS NO MASTER PASSWORD LIST. Every post you make like that shows your true knowledge of this particular situation. Damn...

:1orglaugh:1orglaugh:1orglaugh:1orglaugh:1orglaugh