could someone write a text explaining the NATS issue correctly
 

experiment guys we need your help to explain to the world whats is really happening with NATS (maybe a stick it post with a regular guy keeping us informed on the story))
so we could spread it to digg, slashdot etc..

which issue is right and which is wrong..
what's really happening whats is real and what's false
because i have to admit they're a lot of thread on the subject and i don't understand all the issue ..
what's should i do as an affiliated? i've sign up with like 100 programs using NATS should i reset all these account? please tell me no:Oh crap

thank you for reading
sorry for my bad english:(

Somebody stole email addresses using a nats admin password that was obtained illegally via methods unknown & then spammed those emails.

then GFY will exposed to the mainstream so we should have a sticky on the subject no?

the issue is on slashdot newsletter (just receive the mail)

Slashdot Daily Newsletter

In this issue:
* Only 2 in 500 College Students Believe in IP
* Google Reader Begins Sharing Private Data
* Netgear Introduces Linux-Based NAS Devices
* FSFE Supports Microsoft Antitrust Investigation
* Thousands of Adult Website Accounts Compromised
* The Economist's Technology Predictions For 2008
* Airlines Plan To Filter, Censor In-Flight Internet Access
* 'Mind Doping' Becoming More Common
* Apple and Google Are Telecom's Newest Stars
* Anti-Virus Bug Briefly Identified Windows Explorer as Malware
* How To Tell If It's Really Titanium
* Capitol Hill Quiet on Tech
* Heathkit Reincarnates the Hero Robot
* USPTO Reaffirms 1-Click Claims 'Old And Obvious'
* The LCD Panel vs. The Crossbow
* Robots To Control Oil Drilling Platforms

Lets not invite digg users to GFY. You think this place is full of jerkoffs now, just wait and see what will happen if those dickheads show up. Let a site like AVN deal with it.

To answer your question, the guys who wrote nats had a default account set up so they could log in to provide support. That account was compromised so anyone who didn't disable that account was at risk.

Why would you want it getting out more than it already is? Come on, think of the negative effects.

Yeah, and slashdot's source contains alot of misinformation that is very deceptive & misleading.

Nats had their admin password list hacked.

Using these password , thieves used software to monitor sponsors emails by logging in as a nats admin and retrieving data.

Most attempts appear only to be related to email harvesting.

Credit card information pertaining to signups are not stored nor displayed for admins very easily , so while it is unlikely it's possible they could have access to such information as affiliate data ( emails , encrypted password, ss#'s etc )

Nats has been aware of this situation for quite some time but "perhaps" overlooked the seriousness of the breach ( in my opinion due to pure negligence, as many many webmasters have mentioned it time and time again. i.e. spam after using nats sponsors ) furthermore nats employees appeared to many to be more interested in silencing the truth rather than fix the problem .

In hindsight , no software is perfect , but there are many methods of fixing problems, #1 is listening to your customers in an open fashion .

I thought nats guys did a great job in apologizing and setting the record straight even if it meant opeing them up to legal problems. I sure hope this is an isolated incident and not something more serious like a managed breach.

Here is the story in summary.

Once there was some shitty software with a big hole.

Then some people stole LOTS people's information using that hole.

Then some people claimed the company who produced the software actually knew it and they are involved in collection of all this data.

Then someone informed mainstream/tech blogs about this.

Then people accused each other about everything.

Then some Bros appeared and created threads to protect one side.

--------------------

This is where we are now. It is also told that probably these news will be on newspapers soon.

do you authorize me to copy this response to social bookmark network?
to keep people informed and give them the real info?

No dude. LOTS Of information was NOT stolen.

thank you for all these great info and keep the drama away;)

Hi Bro...

well i cant stop you and i wouldnt sue you if you did , but i feel a bit funny having it on non-adult news type sites , personally i wouldnt , if i was writing it for surfers i would word it differently, it was written more for affiliates/programs. but its up to you..

i'll try a rewrite for "surfers"


Cliffnotes.

Nats - TMM a leading billing/affiliate program for adult websites had their admistration password list hacked. Using these passwords allowed hackers to login to and perform duties as an admistrator on many adult websites who run the nats software. Hackers then wrote software to login to the breached websites and obtain certain information. Most of these attempts appear to be to retrieve emails of customers, which were then used or sold to email spammers. Although there is no initial evidence that any private data such as credit card information of subscribers was retrieved , it is clear to many that some information such as emails of the programs sub-contractors/affiliates was comprimised. The leading consesus would be if you bought porn from an adult website , you probably don't have anything to worry about other than a few more emails in your inbox, if you sell porn , the verdict is still out.



thats all mainstream needs to know , the disclosure to affiliates that was the biggest problem for many should prob be left in the industry to discuss

You cant read?

Dude are you fucking stupid. It is impossible for them to get cc info as the billers keep all that info. Now we have another liar to add to the list.

i guess that all depends on what you consider "lots"

is millions of emails "lots" ?

i would consider millions of anything lots :)

I think some of the issues are being glossed over because nats still hasnt disclosed it to us.

when i first noticed a problem with nats and spam it wasnt from signing up as a surfer it was from signing up as an affiliate so i think the theory that only the surfers emails and data was stolen is false. I am pretty sure that affiliate data was stolen, this was likely done quickly , its likely not as easy to spot for sponsors because the hackers used software to repeatdely monitor a sponsors "surfer signups" , for affiliates there wouldnt be a need to check multiple times daily it would throw off too many red flags..

i dont think this was done by someone with no knowledge of the software , it was either an ex-nats employee , someone with the source code or at the very least a sponsor who bought nats ( just my theory/opinion based on what little evidence has been released )

did you even read what i wrote or what ? i didn't say cc info was stolen , infact i said "no initial evidence" that it was stolen , how do you turn that into the opposite thing ?

p.s. never say impossible

if anyone wants to know how real a possibilty someone could obtain cc info from this , its very simple if you have been inside nats.

edit the templates place a hidden script on the signup page , this redirects certain ip blocks to a fake mockup of the billers signup page , cc card are stolen and stored , voila.. would take all of 20 minutes to do .

doesnt need cc info to be stored by nats or the sponsor encrypted or unencrypted.

thats why i said NO INITIAL EVIDENCE , i.e. i have seen nothing to suggest the above scenario took place , but its WELL within the hackers power and a VERY REAL and possible scenario.

before you call someone a liar , do your homework. I have.

Its called implication. :2 cents:

Yep, sure could. I already did that. Hope it helps.

Smokey seems to have nailed it. Except for the "hacked" part.

No one knows the list was hacked and if it was hacked it was not once. It appears it was hacked on a constant basis. No proof it was hacked or was not hacked has been seen.

This is from John's post and I apologise if I got it wrong.

The problem came to light a few months ago.
He thought he had fixed it.
He notified at risk clients.
The system existed for the client to lock down his data on NATS.

This is what others have said.

When told about the problem of spam John blamed the clients system. It has been claimed he threatened legal action to stop people spreading "mis information". He did not take legal action.

As soon as it hit here some sponsors were able to identify the problem, find the IP address logging in, when it logged in and how it logged in. It was not hard to find and it seems they blocked it. No explanation has come from TMM of why TMM failed to do this.

To my knowledge, none of his clients have come forward to say TMM notified or warned them of the problem. Before the news hit the boards.

To my knowledge, no email was sent to insist clients use the system already in place to further protect their data.

To my knowledge, the safer system was not put up as the default set up.

As I said the above may not be 100% because I missed something on the boards.

its an implication that someone says "no initial evidence " ? go reread what you quoted and be a man and apolgize.:2 cents: as far as i see it you are the one who lied and you were the one who implied i said cc info was stolen , when i never said that and the quote you quoted infact stated the EXACT OPPOSITE to what you implicated.



go ahead and ask a nats rep about my statement above..
or ask ANY program owner who has used nats interface if its true or not.

I wont hold it against you if you aplogize as everyone makes mistakes, it takes a bigger man to say " hey you know what i read your statement wrong and infact what you said was 100% truthfull and can be verified by ANY sponsor who uses nats "

ok, leaving aside the idea that the affiliate's email was stolen:
now NATS users (sponsors) need to disable this "nats admin" access in order to close the security hole ? and that's is regarding this issue ? after that the affiliate's data is (relatively) safe ?

heck no i would suggest a security audit..

disabling admin access is the first step , if you dont do a security audit theres any number of places someone could have inserted something i would think .. nats would be the only person who can answer that question for sure but if an admin or someone using an admin account messed with the nats templates theres any number of places nefarious things could have been placed.

OK, lets everybody get thier stories straight.... we need to tell/spin ONE LIE here... the same spin/lie... each and every time someone asks us what the deal is...

LOL, this so-called industry is fucking pathetic. You people dont even have enough sense to go and make up the lie/spin somewhere out of public sight.

Smokey, for your CC theory to work in NATS you could only change the post url in the join form. Everything else is to wrapped around nats and would break something big enough you would notice. If we can toss out theories, then a iframe exploit in smarty could do the same thing.

NATS doesn't store, record, pass through, or even see/touch/smell any credit card data.



Paul Markham, your yap doesn't stop does it? You have asked these same questions with a different twist 30 times now, and each time they have been answered for you.

a) Admins are able to see what is being pulled from the databases on connections. No deep cover up here.

b) The problem a few months ago was "DIFFERENT" but yes, it was unknowingly related. I'm not sure why that is hard for you to understand or get.

c) Since they didn't know the extent of the problem at that time they only notified clients with the current related problem and not the unknown one.

d) Clients are told about the IP lock feature and admin accounts during setup. It's the first thing in the config admin of nats. And it "CAN NOT" be forced on by NATS since NATS can be locked fully out of the system, just by turning the account off. (FYI, most clients used it)

e) I think John threated to send a C&D, that isn't the same thing as legal action. Unless he recently said something different, the last I saw it was a C&D threat.


Minusonebit posts/article is filled with easily provable lies and slander.

squirm all you want. There was implication in your statement and you should be punished.

for what its worth, due to the fact that nats uses smarty, its possible that this person used nats to create smarty pages or placed code into pre-existing smarty templates that would allow them back into the systems even if the passwords were changed. furthermore if the person doing this used smarty templates for hacking its possible he created methods to view, dump, email, etc. entire databases. so its possible more information then JUST what is shown in the admin side of things is at risk. depending on what ALL a program keeps on their nats server this person could have escalated things up from there to... well the sky is the limit.

its really a shitty situation, however we were not effected as we have had IP protections in place for many many months. this is a security feature in nats very few companies use but it HAS been in the software for years(to the best of my knowledge) and requires an admin to have a proper user/pass and be logging in from a specific IP. to blame nats entirely is silly, as the precautions to prevent these matters were in place for a very long time.

course the person doing it, from my reading on the matter was using the same netblock to login to the compromised systems more then once daily. which IMHO would mean this person was NOT overly sophisticated and probably didn't hack up templates and leave stuff on systems like some people might have.

The executive summary:

If our data is in a NATS system we're possibly fucked.

lol fuck off ya moron , you made a bold faced lie because you hadnt read what you quoted. now you are too pussy to own up to your mistake. even after i schooled you on how easy it would be.

anyone who thinks "no evidence" means "yes" is a fucking moron. and you are obviously a pussy and a moron because you won't admit you were lying.

and thats not enough ?

seems like losing your master password list would be noticed as well , or an admin logging onto multiple sponsors hundreds of times per day for weeks :)


and yet using the method i mentioned above, its very possible for a hacker to inject code using the nats admin password that would steal credit card numbers.

my point is exactly how i stated it above. There is NO indication any credit card information was compromised .

In order to RULE out this , every nats sponsor should have a security audit done. i would feel unsafe with the statement that "no credit card information was compromised" because it just hasn't been established yet.

Personally if i was nats i would pay to have each of their clients security audited so they CAN say that no credit card info was compromised, until then its just a guess ( and not very wise one either i would think )

Thanks but I wanted John to anwer it. However.

So when they investigated this they saw what was being pulled, could they see how the user was getting in and the IP address?

Seems to me it was the same problem, this investigation was not good enough. The posters on GFY found it fast enough.

Did they notify people they thought "at risk" or people who had already told them about the problem? We have yet to see anyone step forward and say "TMM alerted me to this without me asking them about it."

I would say they should of found the problem and TOLD their clients how it was to proceed. Then changed the safer method to the default. By not doing so they left the door open.

Do you think sending a C&D to people you know are telling the truth is right? Or maybe he did not know they were telling the truth that his program was compromised.

You see the problem goes a bit deeper than you think. In my opinion. Either TMM were not able to find the problem that others found in minutes or they did not want to.

will you shut the fuck up already !?

this guy is just unbelievable .....