AVN: NATS/TMM Breached for More Than a Year

I think the money trail has been exposed already.. Question is will people out who it is. Email lists are easy to pawn off as purchased from others too :/

I think TMM is on the hacker trail - but only being a week afterwards I haven't asked

The money trail has been exposed by webmasters teaming up and asking questions... that's beside the point.

Why are NATs not letting us know they are looking into things if they are ?

I dont have a horse in this but just from reading all of this your trying way too hard.

Wow, now im am complete. I feel so accomplished now. maybe we should all call minusonut a bro so maybe he will get off our industries nuts.

Not that it matters I will state again that I dont know one single person at nats other than when I need something done to my proggie. I do push quite a bit of traffic to all types of programs, and Im not talking the couple hundred clicks most of you part time affiliates push, and I know for a fact that most of the nats programs work a shit load better than some of the other garbage back ends some of these shady ass programs have. I work it from both ends so I know what proggies to stay away from because of their homemade backend. Nats is great software for sure. Atleast We know about what happened with nats and that its fixed. Im also sick of you bitches that call yourselfs adult webmasters trying to ruin a biz that in reality you are not even part of. Let me spell it out, if you have been in the biz more than a year and your not pushing atleast 10000 uniques a day somewhere, then you are NOT and adult webmaster and should keep your limited knowledge to yourselfs. You just sound like the idiots that you are.

No worries Tony, I'm done with these two tools. They read past the answers and modify their own questions for personal benefit.

How exactly would NATS follow the money trail? Wouldn't it take Webmasters to team up and expose it for them? And I know who they are, so what? NATS can't sue them.

NATS is looking into things, they have stated they are hunting down the hacker. Of course they can't comment more, I wouldn't either, nobody doing an investigation would.

Logic people, logic...

It´s not their job to provide security of their customers servers. But they - NATS - required a server access. So it´s their job to take care of it.

ORLy? which host would this be then???

Umm.. Well the old apache exploits/admin targets came in through VOIP IP exploits and not from the FL IP. So previous admin/attacks came through server level exploits first, once they had access they exploited the data the exact same way. This is why NATS made the admin/webmaster pw's one way, so they can't be pulled from the admin. A security step by NATS, mind blowing I know.

Hosts didn't know it was the same attacker each time doing the same thing in different ways. Not until recently at least and once people started posting on GFY, then people put two and two together, we saw it right here, live. Yes, I'm sure a couple of hosts knew something was going down, but they sure as hell didn't talk about it, fear, pfft..

If John ever threatened me for exposing an exploit I would have blasted his ass all of the boards. Anyone that wouldn't do the same is weak minded.

NATS has a ticket system. You have to post in for all support, ect. And icq history for those they talk to on ICQ. If all these clients really had these problems, threats, ect about the hacks/ips, exploits then why don't they just post the tickets? I'm sure people have tickets, I do, but they show NATS helping and not threating.

NATS isn't perfect, boy it's far from perfect. Clients already knew this - guess it was only time for Webmasters to find out. Support isn't the fastest, they don't always work on weekends, and you don't always get the right support person smart enough to help with your complex problem.

And since NATS doesn't monitor my NATS/server 24/7 - I take security into my own hands and my hosts, as it should be.

so you're saying this recently exposed hack was done by the same guy that did the previous exploit?

They better shut up about all this until they have concrete answer backed up
with facts and/or proof in a well written statement.....the guessing and
insinuations aren't doing any side good at this point.......well except for
entertainment of course........fuck it.....continue

I think it's the same group attacking us for the last 10 years. That damn voip exploit to connect and pull data works the same, but it's a different way of doing it. Either way the same method of getting the data was done and back then it didn't have to done through a nats admin account.

So other than the login ip - no I don't have any real proof it's the same people. Other than over the last several months. But my point was more than they attack us in several ways - but they always appear to get the data the same exact way once they are in.

Do you have something that points that it's more than one group/person?

Ok I'll bite this whole discussion about the hack, and how it was possible
to have happened....added with all the bullshit that every program could get
hacked just as the servers they're on.....that's all nice and dandy but it's
completely irrelevant to the argument........


Well ok....not completely it only serves the purpose to divert the negative
attention to a different subject in order to make it seem less bad as it already is.


So now you probably say.....well is that so? So what's the part then that DOES
matter about all this......

Brace yourselves here it comes.......The fact that it happened, TMM knowing
about it for a LONG time and didn't take proper action and informed their
clients about it.......making it appear...(I'll keep it polite tonight) that they
were trying to hide it hoping they'd be able to fix situation before it blew up
in their face like it did recently......

That's all.....continue the discussion please and show us what's your interest
in this by judging the arguments you come up with......

Sad as it is, if this didn't come out on the boards it wouldn't have been fixed. They didn't know wtf to look for. It blew up in their faces because they aren't security admins and the true fact that John's ego blocks his brain waves sometimes doesn't help.

But we all already know this.. We all know nats fucked up, no reason to bring up the dead horse another 1000000 times. The lesson to be learned, again... Is security is YOUR responsibility and not NATS.

And I thought we were talking about previous hacks/exploits with NATS?
Do you even use NATS?

I don't I had clients who did and got insulted by TMM on numerous occasions
when the issue was raised in a few occasions which all were done directly and
very politely to them and kept non public.

And not only insulted but badmouthed behind my back to clients......