Quote:
Originally Posted by PBucksJohn
I'm not saying we won't. I'm simply saying those who find an issue should contact us and make us aware of it. Discussing and posting the specific details of a security issue in a public forum helps no one.
There are aprox. 400 - 500 NATS installs. Four are saying here they have had an issue and I would bet there are more being exploited by whoever this criminal is. It certainly does not mean every system has an issue. We are asking those who find an issue to contact us and deal directly with us.
I am not going to go through and dissect a security issue here on GFY.
|
I'm not asking you to make public what you want to do or even asking you to use this thread as a launchpad for alerting people to the issue. This is exactly why I suggested you email ALL your clients, myself included, and don't expect us to contact you.
This is a serious issue and one that needs to be handled expeditiously and I for one want to know how this happened and why it happened. This isn't a chance exploit of an admin account. The person knew enough to gain access to the NATS specific admin account and has done so on numerous installs that I currently know of. Based on this fact alone, you cannot blame any of us for thinking that it may perhaps have not been a security exploit but rather a leaked password.
Asking those who find an issue to contact you is kind of silly since it is now safe to assume that anyone who has not disabled the NATS account has been compromised or will be compromised in due course.
...