AVN: NATS/TMM Breached for More Than a Year
 

NATS Security Problem May Not Be New
Program owners say they began noticing the problem at least a year ago.

By Kathee Brewer
Posted: 3:49 PM PST Jan 02, 2008

FREEHOLD, N.J. - Too Much Media maintains that unauthorized access to clients' installations of its NATS back-end management system only occurred recently and was not widespread, but some affiliate-program owners say the apparent security hole in the software has existed for at least a year.

One program owner who asked not to be identified because he feared retaliation from TMM said he discovered evidence about 18 months ago of possible unauthorized access using an administrative-level password belonging to TMM.

Another said his network of Web servers developed severe performance issues "over a year ago." He said investigation by his hosting company revealed repeated access attempts by someone using a NATS admin-level username and password.

More: http://www.avn.com/index.cfm?objectI...BC11AD4365D248

wowwowowow

:smiling_b

interesting

"When everything hit the boards, we went back to check [our server logs] and found the same admin account trying to access our servers every hour," he said Friday. "The IP [address] block was the same one that was blocked over a year ago, so [the person using the account] couldn't get in. It is slowing down the servers a little bit, but they're not actually getting in."

That is a quote from the story... So supposedly some big site had their servers brought down to their knees by ONE IP address attempting to log in and fail? Does anybody ever proof read or use common sense with these stories? This is almost as factual as a Bill OReilly story.

they did notice it ages ago , they neglected to investigate further when they obviously should have.

did they understand this was a system wide breach ? perhaps not .

should they have ? yes.

SEE SIG







.

Nor am I. I guess maybe I was a little too quick to jump on them on this. But they still remained silent a little too long, I think.

Was your moms nick, MinusOneTit?

Did your older sibling keep getting the remaining tit and piss you off eternally?

kudos to avn for showing some balls.

That's what they get for hosting their site over a dialup connection.

hmm i didnt read that it took the server " to it's knees"

infact doesnt it say "it is slowing the servers down a little" ?

either way , its certainly possible for one ip to cause big enough problems to notice, especially if they are using the nats admin panel with one of nats passwords

Hey wait a minute....what's wrong with that? :1orglaugh:1orglaugh

indeed:2 cents:

Here it is for ya, near the beginning of the story:
Another said his network of Web servers developed severe performance issues "over a year ago." He said investigation by his hosting company revealed repeated access attempts by someone using a NATS admin-level username and password.
"The servers were going down like 10-15 times a day," he said. "Our hosting company stabilized them and secured them by blocking IP addresses, unnecessary requests, et cetera. They said it had been hacked [by someone] in the main office."

good article..

Wow, sounds like a real clusterfuck

how can someone trying to log in slow a server down? Unless it's attempted multiple times a minute from several IPs, I can't imagine it would have any effect on a server no matter how crappy the server is. The only thing that might have effected the server is if he did get in and was dumping the database.

There. I just tried logging in with the wrong user/pass on my NATS admin, and server load didn't go up at all.. LOL

You obviously don't read well, do you? They said that by blocking the IP of the attacker, it was slowing the servers down a bit. Which it would, if you have 100s of 1000s of hits on a major box and you are running each of those against a blacklist, it will cause some overhead to be consumed doing that.

No, they said it took their servers down 10 to 15 times a day! LOL! And it was someone hacking from the "Main Office" Whatever the fuck that means. :1orglaugh

Please don't try to talk about things you don't understand.

i fail to see anything about bringing the server "to its knees" perhaps my old eyes decieve me :winkwink:

invisible ink ?

severe performance issues does NOT equal bringing a server to its knees. if a site is up and able to be knocked off that would lead me to believe it certainly wasn't "on its knees"

and like i said regardless it is certainly possible for one ip to cause "severe performance issues" so the point is kinda moot right ?

Here you go: "The servers were going down like 10-15 times a day"

"The servers were going down like 10-15 times a day," he said. "Our hosting company stabilized them and secured them by blocking IP addresses, unnecessary requests, et cetera. They said it had been hacked [by someone] in the main office."

i think you just answered your own question :thumbsup

Educate me...how does ONE IP attempting to log in and failing bring servers down 10 to 15 times a day. I honestly don't know how that would work.

well first you would have to learn to read properly.:winkwink:

they didnt block the user until AFTER they had the performance issues

""The servers were going down like 10-15 times a day," he said. "Our hosting company stabilized them and secured them by blocking IP addresses"

once the user was blocked the server stabilized.

the user did not "fail" to get in , they got in and were dumping databases causing the server to stall, they got busted got blocked , the server returned to normal other than failed requests , nats was notified .

i fucking hate stories where they dont name anyone who is making the allegations. All this program owner says this and that but never say who they are. It sounds contrived to me.

Damn Smokey...don't be haterizing on me. :1orglaugh
I read the story. I think it's been embellished to make it sound good. That's all. If you read it and believe it word for word...that's cool. Bottom line is NATS got screwed with. All our members got spammed with emails. Fucking sucks. Life goes on. Fixed it and keep making money. :)
Are you guys cool with the "On the black market, email addresses can be sold for 20 cents to several dollars each." line too?
I think that almost any webmaster who owns an affiliate program can tell you the TRUE price of email addresses...yes, even member site data bases. That shit gets traded around all the time in case y'all didn't know that.
Hell, I use Spam Arrest to keep my email free of spam...and yet when I was on the phone with a very prominent internet company that we all know and love and was telling the owner to make sure to verify himself because I used Spam Arrest...he laughed and told me that they had offered their entire data base to him the week before for a few hundred bucks! In other words his emails would go right through the system without being stopped! Hell, even I was shocked at that! LOL!
What I'm trying to say is that this "news" story is severely exaggerated in some of the things it is saying. I hate when people do that, because in my mind it takes away the credibility of a story that is important.

Is minusoneclue really gay?

Oh my God!

then thats what you should have said, if you make innacurate statements like a person with admin access to nats couldn't cause the server sever load problems then i have to set you straight.

thats your bottom line , mine is not only did you get hacked which is understandable but you also failed to properly investigate or notify and still choose to smooth this over instead of fixing things.

I keep hearing "no credit card info was stolen " , unless nats has manually scanned every program for individual hacks that resulted from their OWN password list being stolen, then they shouldnt be saying that.. it is very possible a sponsor has had credit card info stolen.

that sounds about right

although the bottom figure is a bit unrealistic, a fresh unspammed credit card in hand customer email is gold.
i think if you are trading your "prime cut" emails you are silly and devaluing your own product.:Oh crap

REAL sponsors trade their no-rebills , no cc list they dont trade their fresh credit card in hand members list.


i think YOU severely exaggerated what was said. first you claimed they said the server was "brought to its knees" when this was never mentioned instead they said the server had sever performance issues . thats what is called an exaggeration. then you questioned that one person could cause severe performance issues using an administration password , its clear they can.

Are you really arguing for the sake of it?

Nats is struggling to survive and may not make it, especially with the backlash developing in spite of their best efforts. Perhaps you can start an argument over that.

The program owners with an investment are naturally struggling to find justifications in keeping the software and are more inclined towards belief.... Maybe that too is something to argue about.

They have much to lose and gain in this and their defenses and arguing are expected, though maybe not entirely logical.

From the affiliate level we don't actually have much to gain or lose except to take notes as to who is alert and who is burying their heads in the sand.

So why all the argument over tiny points when the main issue is clear and incontrovertible?

you tell me :1orglaugh

let me explain it to you. keith kimmel is a sick man. his own parents refer to his 'psychiatric condition. one day he is going to 'destroy the adult industry' the next day he is posting his twistys stats. keith is also a criminal and a wannabe terrorist. i am just searching for the thread where he brags about considering 'shooting up a mall'

bump the threads in my sig so we make sure no one ever takes this lunatic seriously

Smokey...how do I go into Nats and bring my server down? We had the exact same thing happen to us. We noticed it immediately. Not because our servers were slowed down...Good God man! Our NATS database has it's own server. There ain't nothing it can do to slow our sites down!
We noticed somebody in there and took our own steps to fix it. Quick and simple my friend. You didn't "set me straight" on anything.
Do you own a program and it's running NATS? Or are you just speculating my friend? I'm not trying to be disrespectful...it's just that I've seen much worse things happen before. If this were an earthquake it wouldn't even register on the Richter scale compared to some of the shit that has happened over the years.
And by the way...I NEVER said I have ever sold or bought a single email address. Contrary to what some may think...I personally don't see any value in them. Don't do email campaigns and never will. I HATE fucking spam.
What I said is...emails are bought and sold everyday. And people who are really in the biz know that. It's always been so. And HELL NO they don't cost no 20 cents a piece! More like 20 cents per THOUSAND.
And members area email addresses? Golden? If you think so. Hell, maybe I will sell mine after all. How about that 20 cents each deal? That's a lot cheaper than that dollar quote in that story! Come on man! I'm gonna make you rich! I've got thousands and thousand of members emails! Just think of all the money you'll make!
By the way, I'm just kidding. I would never sell those email addresses anyway. I'm just trying to show you that there is exaggeration in that story. And no, I'm not the one exaggerating. I'm the guy quoting the story and questioning it.
And Chimera1 you said: "The program owners with an investment are naturally struggling to find justifications in keeping the software and are more inclined towards belief.... Maybe that too is something to argue about.

They have much to lose and gain in this and their defenses and arguing are expected, though maybe not entirely logical."
Gain? Lose? This doesn't change anything for a program owner. You fix the problem. What else do you do? Everybody and anybody and anything can and will be hacked.
I'm not gonna cry and go home. I just had the most profitable month in my life in Dec. Now Jan. is starting off even bigger than Dec started.
I'm looking full speed ahead baby! :) And if some asshole hacks NATS again...We'll all fix it again. Same as any other backend.
One real good thing came out of this. It showed everyone that we all need to be more diligent and not depend on a rented software to do our work for us in protecting our shit. There's the silver lining. A lot of us didn't really give much thought to that before. Now we've turned our attention to it. And that's a good thing right?

:thumbsup

Spot on. Its wise to keep notes on that as well.

But I think as affiliates we also should be concerned about the breach of our personal data. No one knows just how much information was lost from the customers side of things, but we do know that NATS stores all of our affiliate data to include bank routing and SSNs/TPIDs and we do know that the perps would have had access to that. Did they get it? Again, no one knows.

TMM is not being cooperative, they are not addressing their customers saying thats on the advice of counsel, but they are giving statements to the media. Most lawyers I know would not give advice to avoid your customers but talk to the media, they'd say take care of your customers but be careful, or they'd say don't talk to anyone at all. So the "on the advice of our counsel" line is simply another way of saying "no comment", and no comment as we all know is used to avoid questions we don't want to answer because an honest answer would make us look bad somehow.

To be honest I do not know this person. I really don't care to know him.

I am curious why you are arguing with a person you deem mentally incompetent? That is not logical, nor is it productive.

Again, I say are you guys arguing for the sake of hearing your jaws work or your fingers type or is there some pathology involved?

I would certainly hope people could separate news from the bearer. AVN has my vote of confidence in this matter at least in so far as being legally and factually correct in quoting the statements they did.

I don't feel that arguing with a person you deem unstable is going to change that person's mind or their actions.
There is personal and there is business. So which is it?

Very true. NATS has the ability to work with a program's own billing setup. Not everyone uses 3rd party billing for everything. Just to keep everyone informed. :2 cents:

--edit
cchash?

umm, programs that use the nats that have their own merchant accounts can access their credit card data through their admin. they have a "true cascade function" where the consumer doesnt have to enter their credit card data in after the firs time

you think nats was cISP compliant?




http://kb.getnats.com/idx/15/148/Bil...r_gateway.html

NATS supports this feature with CC and ACH gateways. This article explains how to use this feature.

Specific variables for Credit Card sales:

enddate_month - CC expiration date, month
enddate_year - CC expiration date, year (XXXX format)
cc - CC Card Number, no dashes
cvv - CC CVV2 code

you won't find me arguing with him. if you want to believe anything that minusonebit says that is up to you. have fun ya moose knuckle :1orglaugh

there is not the slightest shred of evidence to suggest affiliate data was leaked. non.nada.NOTHING but heh don't let that stop you when you are getting 'mad views' :(

you are just a frustrated little faggot keith :1orglaugh

This doesn't store the credit card information. It's on a secure join form which posts the data to say netbilling for approval. Netbilling then sends back a postback like a 3rd party processor, without the cc info.

if you set the nats up as your credit card gateway, you should be able to search in the nats by using the credit card number. correct me if im wrong

I just checked 2 programs using Netbilling, both Member Admins. Neither have credit card search forms. I checked phpmyadmin on one, and no field in the database for cv2, exp date or cc#.

Even the KB says it posts to the processor and you get a reply back if it is approved or declined. That's what it's for.