PBucksJohn posts statement on NATS Controversy

PBucksJohn, the owner of TMM (Too Much Media), the company produces NATS, CARMA and SPARTA has posted on the GFY.com messagebord with his views on the recent controversy that has been created over a potential or reported security issue in the NATS software. We have replicated the post in full below so those of you who run or are affiliates of programs that use NATS can read a statement from the company that runs it.

“First, I would like to address the issue. It appears at this point that a number of the non-unique admin usernames & passwords we maintain for support were compromised. All passwords were had changed were charged to a random string and we have destroyed our list and our mechanism of keeping it which resided on a local server in the office. We are still investigating whether or not someone accessed them from there and if so, how someone may have accessed that server. We have implemented a policy change in that we will no longer maintain any NATS admin accounts. We had made this change a while ago regarding SSH information. We are now doing this with all passwords. You will need to grant us access for any level of support. We have also contacted all clients to inform them of the security features in NATS they can utilize to better prevent any security situation from arising in the future.

Whether you are a NATS client or not you are more than welcome to contact us with any questions about these issues.

Second, I would like to talk about our previous handling of the issue. Our security and the security of our clients is of extreme importance to us. We had become aware over the past few months that a few clients were being accessed wrongly using the account we maintain. We believed we had a way of knowing which clients were affected and we contacted them immediately. Apparently we were wrong. I apologize for this. As perfect as I wish we can be we are going to make mistakes from time to time. If we had known that the issue was more widespread we would have without question contacted everyone. We did not believe at the time it was a widespread issue. Again, this was a mistake on our part and I apologize to everyone for it. I was not trying to put blame on our clients for this and I’m sorry if I was taken that way. I was simply trying to point out the various possibilities as to what may have been going on while we were investigating it. This is not our clients fault in any way.

Many people here have brought forth a lot of information and helped greatly with this issue. I am very grateful for that. However, I am sad to see so many people enjoying the problems we and our clients are having because they have some personal agenda. We never have a problem with anyone any stating issues we may have. I appreciate those who brought the issue up and contributed to what we hope is the resolution of it. However, there have been numerous misstatements and false accusations flying around. I assure you there is no backdoor in NATS which we use to access your system and I assure you Fred is not stealing your emails and spamming your members. These are just two of the many untrue things that we have been accused of over the past 72 hours. Due to all of this I will not be continuing a discussion of the issue here. I feel I have addressed what the issue is and I apologize again for our being wrong about it originally. I wish we hadn’t been both for our sake and yours.

Again, anyone is free to contact me to discuss this directly.”