GoFuckYourself.com - Adult Webmaster Forum - View Single Post

RazorSharpe · 12-22-2007, 02:20 PM

Quote:

Originally Posted by RazorSharpe

I am no false impressions about software but I do expect that when I am pay to buy a software such as NATS and the developers of the software are aware of an issue that they will make it a priority to investigate the issue and make their clients aware of it and what they intend to do about it. I'm sure you can understand how i don't feel like this is too much to ask for.

This vulnerability specificaly targetted the NATS staff admin account and no others as far as i can tell which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself.

...

maybe i shouldn't drink and post ... corrections to my post follow:

I have no false impressions about software but I do expect that when I pay for a software such as NATS and the developers of the software are aware of an issue that they will make it a priority to investigate the issue and make their clients aware of it and what they intend to do about it. I'm sure you can understand how i don't feel like this is too much to ask for.

This vulnerability specifically targetted the NATS staff admin account and no others, as far as i can tell, which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself.