Security leak worries porn site owners
p2pnet news | Freedom:- New Jersey’s Too Much Media, which develops and sells accounting applications with online porn operators among some of its most important customers, says it’s had a security leak.
It admits on its site:
We have become aware of a security issue involving admin passwords we maintain for support of our clients. As a precaution, we have added a few features to aid in the security of NATS. Please submit a support ticket at your earliest convenience so you may be updated to take advantage of these new features. This is not an exploit of NATS and this update does not patch any holes. It adds new security features.
But it’s too much, Associated Press has Keith Kimmel, who runs two sites with pornographic content, declaring and asking rhetorically, “Would you really want a record floating around the Internet that you subscribe to hardcore bondage?”
It, “appears stolen personal and company information is being used to bombard subscribers, many of whom would rather not have their identities known, with junk e-mails advertising sexually explicit images from competitors,” says the story.
However, no credit information appears to have been stolen, it says, continuing:
Company co-founder John Albright said someone stole addresses and passwords from Too Much Media’s computers that allowed them to log onto its customers’ porn Web sites as the webmasters and extract information about porn subscribers and the Web sites that refer them.
Too Much Media’s Next-Generation Administration and Tracking Software, known as NATS, tracks referrals to porn Web sites from other sites and calculates how much the affiliate sites are owed. The porn purveyors typically pay the affiliates a portion of their subscription revenue.
Using the e-mail addresses and passwords, the hackers – seeking customers for still other porn enterprises – sent around new waves of pornographic spam, Albright said.
But AP has Albright declaring the story has been sensationalized.
“It’s not like people are taking this information to go out there and say, ‘John Smith bought a subscription to this Web site.’ It’s just used to market more porn Web sites.”
Corey Silverstein, a lawyer for MojoHost, a web hosting firm porn sites among its clients, doesn’t agree. Thirteen of his customers use the NATS software and he says, “All of them reported that their information had been accessed because of the breach at Too Much Media,” according to AP.
“Thousands of individual accounts were wide open for anyone on the Internet to go in and take,” said Silverstein, also stating addresses gathered by NATS customer Web sites may be especially valuable to porn companies.
“As more free porn sites pop up, fewer people are willing to subscribe to the paid ones, Silverstein said,” according to the story.
But Too Much Media has some advice for its customers to make their NATS installs more secure.
“Remove admin access from all accounts that you do not wish to access your admin area,” it recommends, including the TMM admin account used for support, “as we will no longer be maintaining this account”.
The company adds:
“We have already initiated a password change for this account for you and we have not kept the new password. You may fully delete this account if you wish. Change the passwords of all other admin accounts. Setup the ADMIN IP restrictions in your NATS configuration. There are instructions for this setup found here: http://kb.toomuchmedia.com/idx/0/676/”
Also See:-
Associated Press – Breach Worries Online Porn Industry, January 12, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe
to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.phpNet access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
