For one, I'm talking about adult. The scope of the article is in adult, afterall. For two, Paypal is a processor. They retain data, but the sites that use them as a processor DO NOT. Johnny Geocities never gets passed the CC info on who donated to his blog, no matter how insecure his security is.
So unless you've verified that no credit card information is ever stored on the server in any way, you can't say that no credit card numbers have been stolen. It isn't stored. Again, think of paypal: do they pass the CC information back to the page selling something? Hell no. It's exactly the same situation here.
You would, but you'd be wrong. In all examples I can think of, and definitely in the question of this software, the CC processing is passed to a processing company. I can't think of any sites off the top of my head that don't pass the person to the 3rd party page for processing.
Really? Not even when the user signs up for the account and enters the credit card number?
Now, I've never actually bought porn before, but assuming that porn sites work like every other ecommerce site in existance, the credit card number is most certainly entered into a form that's sent to the web server of the porn site. And if the web site has been compromised by a shell account that has premissions to modify the website software (like, say, it has been), then the credit card numbers of anyone who has signed up since the breach are likely to have been stolen. It actually doesn't work like that. NATS, the software in question here, acts as a gateway to the payment processor. CC information is never entered or passed through NATs. It's just the same as when you make a purchase on a website through paypal. No CC information information is ever given to the site, all they receive is a postback. That's exactly the situation here, CC data is stored on the processing servers, and is completely distinct from this mess.
It was reported that CC data was stolen, or may have been but this is entirely untrue as you can see above.
You gave a privileged SSH account to a third party, what did you expect?! No, I didn't. The accounts were NOT ssh accounts, they were logins to Web UI systems.
Seems? So even you admit you don't actually know whether credit card numbers were stolen. I do. CC numbers are not stored on this system [I sound like a broken record]. When I say 'seems', I mean that the hacker did not try to take any other information, such as affiliate information, statistics information, or anything else stored in NATS, the software in question.
I'll bet you some were stolen. Any account opened since the breach or that used a recurring payment scheme should check to make sure their credit card wasn't stolen. Rubbish. This information is not stored in the software or on any of the servers. You can 'bet' all you want. I'll take you on that wager, because you're posting and not knowing what you're talking about.
When you provide proof to everyone here that credit cards were stolen, I'll beleive you. As already posted, CC information IS NOT AVAILABLE to the owners of the processing accounts, in an entirely different system. It is completely impossble that CC information was taken. I could post you my Epoch [Credit card processor] credentials here, and you'd never be able to pull out credit card info on my customers.
I value privacy Again, this is total horseshit. This guy a few months ago posted 300 usernames and passwords to webmaster accounts, causing many to lose thousands of data from this information. You can lie and spin it as much as you want, but the evidence is in the posts and your actions. You have already admitted in this thead that 'you don't care' about others and the consequences of your actions - and your continued posts where you change your 'facts' are just a further indiction of your unreliability.
Prove to me - independently of TMM's press statements - that said was safe From all the logs and data I have seen, and trust me, I have seen more than most people in the industry, the users had access to NATS as admins. Admins cannot pull out biller data, that isn't presented.
Furthermore even if they had, if you were a real webmaster, you'd know: you can login to any biller and cannot see credit card information - CREDIT CARD INFORMATION WAS NOT STOLEN.
Finally taking the tack that 'all information is compromised unless proven otherwise' is complete rubbish. That's as far-reaching as saying: assume your online banking is compromised because they don;'t email you daily saying it's not.
The summary is as it was: NATs was breached, and the issue was handled very poorly. You, however, have posted lies, and FUD, once again, to try to engorge your ego. Your posts are full of lies and FUD, it's just that simple - and anyone w/ 5 mins can follow the links in this discussion and see the same.
Your post is a scary reflection of presumably intelligent people who actually believe this FUD. #1 - If you consider porn and sex filth, that's a problem in itself. #2 - Making a blanket statement that the adult industry is reponsible for your spam is about as intelligent as blaming yourself for stock spam.
You've made a lot of assumptions, most of them wrong
#1 - CC data wasnt stolen #2 - NATS does NOT process credit cards. It simply coordinates transactions, just like when you buy something from a site via paypal - the transaction is done at paypal, the yes/no result is shipped back to NATS. #3 - Don't assume because it's the 'porn industry' that it's seedy and business ethics are out of the window. There are a lot of large companies with a lot of money invested, and the security of their clients makes sense. Why would you want to rip off or mal-treat your clients? There are definitely arseholes in the industry, just as there are everywhere, for example, the post of this article [he released 300 webmaster usernames / passwords to the world, resulting in huge financial thefts. #4 - There are multiple industry options: MPA, Epoch, CCBill, etc. NATS has a large market share because the software is good, primarily because it was the first piece of software that had 'no shave' option, ie, the software couldnt steal sales.
Like it's been said already, this issue was a clusterfuck, and handled badly by TMM, but there is so much misinformation, especially about te threat of stolen CCs and slamming the industry, that I'm compelled to say something.
No credit card information was stolen. It's impossible. CC information does not, repeat, does not [read: is illegal to keep] on the servers of sites. It is maintained by the billers and processors, who thankfully, have better security.
The threat of stolen CC info is FUD by the poster.
Let me be the first to actually point out the key factors in the situation. I work in adult, and have worked with this CMS very closely for the last 2 years. I'm not on anyone's side, but unfortunately this problem has been surrounded by a lot of misinformation.
No credit card information was stolen. Website owners seldom [read: never] have access to this data, it's kept by the credit card processors
The information that WAS compromised was member information, primarily email addresses, for use in spamming. It 'makes sense' - a list of verified buyers is like the 'holy grail' for spammers.
The hackers used a list of admin accounts to poll everyone's CMS systems on the hour, and pull out this data. They have either covered their tracks well, or not at all, because they left reams of IP data, and you can see in the logs of the system itself, what information they've pulled.
It is interesting and rather important to note: The poster of the blog article is an absolute douchebag. I'm not happy with the situation obviously, I had my own system compromised, but this guy is an idiot on a warpath - 95% of what's written on his blog is off in the fairyland. He fails to mention that he's hated by the industry, mainly for the reason that he posted 300 username / password combinations of webmasters publically, which resulted in a lot of them having money stolen from online accounts, etc. More intelligent ramblings from this guy: My Guide To Tax Evasion - Why The Unibomber was right
Summary: The breach was real. Scope seems to be limited ONLY to member data. Signed up? Expect some spam. Signed up with a password that you use on all your accounts? check your head, change the passwords.
Here are my impressions. I use laptops strictly for travel, so smaller and lighter, the better.
- There is an RJ45 Port. - The solid state drive is great. The thing boots very, very quickly. - The build quality feels very solid - 7 hours battery life
The only reason I got one is I'm a euro who was in the US, took advantage of the USD being terrible, as 3.2k is way too much for a laptop, normally.
Downsides - Vista preinstalled, with SHITLOADS of crap software. You can downgrade to XP, sony has two very hidden XP driver packs on its site. - You can kill the vista recovery partition, and save 9GB right there.
I recall office 97 was swiss cheese anyhow. when it looked for previous office files to verify the upgrade, you'd point the installer at itself, and it'd be happy and install office;)
poor sepos. they love to cling to their tired insults [austray-leans! Y'all are convicts, har, har!, british, want a cup of tea, hoo, hoo] you know, I was on an air france flight last week flying back to paris, when a petite donnybrook broke out between a yank and a frog.
It was priceless: all the yank could do was look angry and confused and repeat: what's your problem?! ad nauseum, as he was promptly and lucidly dressed down verbably by the french gentleman, much to the amusement of the passengers.
Interesting. I'm planning a trip up to the Great North, and would love to cruise through there to oogle at abandoned launch platforms, and the huge collapsed warehouse that housed the once mighty russian shuttle [until a great wind collapsed the building and squished the shuttle:( ]
Slightly off topic here - but what exactly IS the deal with Baikonur? From what I can see on GE and googling, vast tracts off this 'city' are abandoned or destroyed sites.
Is access possible - on the sly or otherwise? Is it open space, except for around the new / active buildings? I'm curious!
International Digital Emergency Number. Works on all cell phones, all counties, AFAIK. [I know it does for at least France, Hong Kong, Australia, UK..]
Slashdot Mirror
For one, I'm talking about adult. The scope of the article is in adult, afterall.
For two, Paypal is a processor. They retain data, but the sites that use them as a processor DO NOT. Johnny Geocities never gets passed the CC info on who donated to his blog, no matter how insecure his security is.
Exactly like what happened here..
It's exactly the same situation here.
You would, but you'd be wrong.
In all examples I can think of, and definitely in the question of this software, the CC processing is passed to a processing company.
I can't think of any sites off the top of my head that don't pass the person to the 3rd party page for processing.
Ah, resorting to insults when you don't have proof.
Ladies and gentlemen, the real 'minusonbit'
Now, I've never actually bought porn before, but assuming that porn sites work like every other ecommerce site in existance, the credit card number is most certainly entered into a form that's sent to the web server of the porn site. And if the web site has been compromised by a shell account that has premissions to modify the website software (like, say, it has been), then the credit card numbers of anyone who has signed up since the breach are likely to have been stolen. It actually doesn't work like that.
NATS, the software in question here, acts as a gateway to the payment processor. CC information is never entered or passed through NATs.
It's just the same as when you make a purchase on a website through paypal. No CC information information is ever given to the site, all they receive is a postback. That's exactly the situation here, CC data is stored on the processing servers, and is completely distinct from this mess.
It was reported that CC data was stolen, or may have been but this is entirely untrue as you can see above. You gave a privileged SSH account to a third party, what did you expect?! No, I didn't. The accounts were NOT ssh accounts, they were logins to Web UI systems. Seems? So even you admit you don't actually know whether credit card numbers were stolen. I do. CC numbers are not stored on this system [I sound like a broken record]. When I say 'seems', I mean that the hacker did not try to take any other information, such as affiliate information, statistics information, or anything else stored in NATS, the software in question. I'll bet you some were stolen. Any account opened since the breach or that used a recurring payment scheme should check to make sure their credit card wasn't stolen. Rubbish. This information is not stored in the software or on any of the servers. You can 'bet' all you want. I'll take you on that wager, because you're posting and not knowing what you're talking about.
When you provide proof to everyone here that credit cards were stolen, I'll beleive you.
As already posted, CC information IS NOT AVAILABLE to the owners of the processing accounts, in an entirely different system.
It is completely impossble that CC information was taken. I could post you my Epoch [Credit card processor] credentials here, and you'd never be able to pull out credit card info on my customers.
You are a troll.
Furthermore even if they had, if you were a real webmaster, you'd know: you can login to any biller and cannot see credit card information - CREDIT CARD INFORMATION WAS NOT STOLEN.
Finally taking the tack that 'all information is compromised unless proven otherwise' is complete rubbish. That's as far-reaching as saying: assume your online banking is compromised because they don;'t email you daily saying it's not.
The summary is as it was: NATs was breached, and the issue was handled very poorly. You, however, have posted lies, and FUD, once again, to try to engorge your ego. Your posts are full of lies and FUD, it's just that simple - and anyone w/ 5 mins can follow the links in this discussion and see the same.
Your post is a scary reflection of presumably intelligent people who actually believe this FUD.
#1 - If you consider porn and sex filth, that's a problem in itself.
#2 - Making a blanket statement that the adult industry is reponsible for your spam is about as intelligent as blaming yourself for stock spam.
The MinusOneBit Guide to Tax Evasion
And the kicker:
If You Cheat on Your Taxes and Get Away With It... Do the Right Thing... If You Cheat on Your Taxes and Get Away With It... Do the Right Thing...
E-mail me at minusonebit@gmail.com and tell me how you did it so I can spread the tip to others.
As posted before, this guy is nothing more than a troll.
It's very simple: You've cast aspertions that CC data was stolen.
Post proof. We're waiting.
Anyone can go to http://www.gofuckyourself.com/forumdisplay.php?f=26 an industry forum, search for 'minusonebit', and read for yourself about this guy, and the misinformation that surrounds him.
You've made a lot of assumptions, most of them wrong
#1 - CC data wasnt stolen
#2 - NATS does NOT process credit cards. It simply coordinates transactions, just like when you buy something from a site via paypal - the transaction is done at paypal, the yes/no result is shipped back to NATS.
#3 - Don't assume because it's the 'porn industry' that it's seedy and business ethics are out of the window. There are a lot of large companies with a lot of money invested, and the security of their clients makes sense. Why would you want to rip off or mal-treat your clients? There are definitely arseholes in the industry, just as there are everywhere, for example, the post of this article [he released 300 webmaster usernames / passwords to the world, resulting in huge financial thefts.
#4 - There are multiple industry options: MPA, Epoch, CCBill, etc. NATS has a large market share because the software is good, primarily because it was the first piece of software that had 'no shave' option, ie, the software couldnt steal sales.
Like it's been said already, this issue was a clusterfuck, and handled badly by TMM, but there is so much misinformation, especially about te threat of stolen CCs and slamming the industry, that I'm compelled to say something.
No credit card information was stolen. It's impossible.
CC information does not, repeat, does not [read: is illegal to keep] on the servers of sites.
It is maintained by the billers and processors, who thankfully, have better security.
The threat of stolen CC info is FUD by the poster.
I work in adult, and have worked with this CMS very closely for the last 2 years.
I'm not on anyone's side, but unfortunately this problem has been surrounded by a lot of misinformation.
It is interesting and rather important to note: The poster of the blog article is an absolute douchebag. I'm not happy with the situation obviously, I had my own system compromised, but this guy is an idiot on a warpath - 95% of what's written on his blog is off in the fairyland.
He fails to mention that he's hated by the industry, mainly for the reason that he posted 300 username / password combinations of webmasters publically, which resulted in a lot of them having money stolen from online accounts, etc.
More intelligent ramblings from this guy: My Guide To Tax Evasion - Why The Unibomber was right
Summary: The breach was real. Scope seems to be limited ONLY to member data. Signed up? Expect some spam. Signed up with a password that you use on all your accounts? check your head, change the passwords.
Read more about our friend "minusonbit" - here - on an industry forum and judge for yourself.
I just bought one of these laptops 2 weeks ago.
Here are my impressions. I use laptops strictly for travel, so smaller and lighter, the better.
- There is an RJ45 Port.
- The solid state drive is great. The thing boots very, very quickly.
- The build quality feels very solid
- 7 hours battery life
The only reason I got one is I'm a euro who was in the US, took advantage of the USD being terrible, as 3.2k is way too much for a laptop, normally.
Downsides
- Vista preinstalled, with SHITLOADS of crap software. You can downgrade to XP, sony has two very hidden XP driver packs on its site.
- You can kill the vista recovery partition, and save 9GB right there.
I believe that in fact the trailing digits had to be divisible by 7 for a valid key, so the 1 trick was just 'conincidence'
I recall office 97 was swiss cheese anyhow. when it looked for previous office files to verify the upgrade, you'd point the installer at itself, and it'd be happy and install office ;)
poor sepos. they love to cling to their tired insults [austray-leans! Y'all are convicts, har, har!, british, want a cup of tea, hoo, hoo]
you know, I was on an air france flight last week flying back to paris, when a petite donnybrook broke out between a yank and a frog.
It was priceless: all the yank could do was look angry and confused and repeat: what's your problem?! ad nauseum, as he was promptly and lucidly dressed down verbably by the french gentleman, much to the amusement of the passengers.
OT? Absolutely. Mod me down!
Interesting. I'm planning a trip up to the Great North, and would love to cruise through there to oogle at abandoned launch platforms, and the huge collapsed warehouse that housed the once mighty russian shuttle [until a great wind collapsed the building and squished the shuttle :( ]
Slightly off topic here - but what exactly IS the deal with Baikonur?
From what I can see on GE and googling, vast tracts off this 'city' are abandoned or destroyed sites.
Is access possible - on the sly or otherwise? Is it open space, except for around the new / active buildings? I'm curious!
International Digital Emergency Number. Works on all cell phones, all counties, AFAIK. [I know it does for at least France, Hong Kong, Australia, UK..]
Noone was ever 'hung' for anything. Lots of people, however, were hanged.
Sure thing!
http://hardware.slashdot.org/article.pl?sid=07/09/10/1216224
Subject is covered in about 15 - 20 replies.
You can use Airtunes w/ Thirdparty software. It's even open source, IIRC.