TSR: In Ur Accounts, Deletin Ur Stuffs!

[raebchen]

Them using your complaints about breaches to support their claim it has really happened...

I don't see how that confirms it.  I think the idea is to say, "Hey, we heard you're claiming a breech in security that happened several months ago.  Why weren't we informed?  Why weren't we told to change our password?

If TSR says, "Noo, there was no breech," then they'll be also admitting they lied to Delphy.

if TSR says, "Well, there was a breech..." then they still have to explain why none of their valued customers and members were given any instructions on how to keep themselves safe.  TSR asks for a lot of personal information, if they were hacked, they have an obligation to warn people so they will know to change passwords and any other sensitive information.

Yes, telling them to change personal information after a hack is rather like locking the barn after the horse escaped, but telling them to change their password to a new one is not and is the only decent thing to do after a breech.  They didn't do that, they have some 'splainin' to do.

Thanks Darqstar, I've been trying to say what I meant in another way and you just did it perfectly.

[Anouk]

As TSR you will look a whole lot better as the victim that tried to hide their shame, than the agressor that hacked several sites. But that may be just me.  I'd rather be seen as an irrisponsible loserish fansite that can promise to do better in the future, than a hacker. Don't underestimate puppy dog eyes and pity

[Delphy]

Okay this is gonna be long and slightly repeating myself here.  So here goes.

First, the screenshot from Sinthe:



As I have said, none of the IPs marked there are logged against Thomas' account on MTS2.  Let's examine this:

mysql> select * from iplogtable left join user on (user.userid=iplogtable.userid) where iplogtable.ipaddress in ('75.168.197.143', '75.168.189.143', '78.129.197.69', '83.142.228.139', '75.168.199.213');

+--------------+----------------+----------------------------------------------------------------------------------------------------------+
| username     | ipaddress      | info                                                                                                     |
+--------------+----------------+----------------------------------------------------------------------------------------------------------+
| Sinthe       | 75.168.199.213 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Creative ZENcast v2.01.01 |
| Sinthe       | 75.168.197.143 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4               |
| sherriesim   | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)    |
| Sinthe       | 75.168.189.143 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4               |
| Adele Somers | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) |
| leftywillnot | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)                |
+--------------+----------------+----------------------------------------------------------------------------------------------------------+

Now let's examine the other IP addresses used for NaturalSims:

+------------------+---------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| username         | ipaddress     | info                                                                                                                                                                                                    |
+------------------+---------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| xxxx         | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9) Gecko/2008052906 Firefox/3.0 (de) (TL-FF)                                                                                                          |
| yyyy | 70.85.197.178 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0                                                                                                                    |
| yyyy | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0                                                                                                                    |
| zzzz            | 70.85.197.178 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Sky Broadband; Sky Broadband)                                                                                 |
| aaaa        | 70.85.197.178 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3                                                                                                              |
| bbbb         | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5                                                                                                              |
| bbbb         | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5                                                                                                              |
| ccccc        | 70.85.197.178 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Foxy/1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MAXTHON 2.0) |
| dddd   | 70.85.197.178 | Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.6) Gecko/2009011913 Firefox/2.0.0.3                                                                                                               |
| buggybooz        | 70.85.179.186 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)                                                                                                   |
| Hamilton         | 70.85.179.186 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)                                           
| leftywillnot | 70.85.197.178 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
                                                      |
+------------------+---------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

(I've blanked out the names of the other people using these same IPs. None of them are particularly stand outworthy).  The interesting ones are the ones that share the same IP and the same browser info.

Let's look at that browser string, too, since it's fairly uncommon:

+------------+----------------+-------------------------------------------------------------------------------------------------------+
| username   | ipaddress      | info                                                                                                  |
+------------+----------------+-------------------------------------------------------------------------------------------------------+
| sherriesim | 87.194.217.73  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| sherriesim | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| sherriesim | 90.212.232.224 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| buggybooz  | 70.85.179.186  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| Hamilton   | 70.85.179.186  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| leftywillnot | 70.85.197.178  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| leftywillnot | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| leftywillnot | 70.85.197.178  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
+------------+----------------+-------------------------------------------------------------------------------------------------------+

The date on the IP address usage on Thomas' MTS2 account was a few hours *after* the intrusion on buggy's account.  So whoever it was logged into buggy's account *first* and then logged into Thomas' after (not the other way around).  This could be for one of two reasons: Either they wanted to check everything out from a "normal" users perspective to make sure everything of buggys was gone, or they wanted to deliberately create a link between the two.

With regards to the security thing, and the timings, I do think that it's *very* suspicious that somebody would keep ahold of user account logins for *months* and not use them and then only use them now and *also*, at the end of it all, change buggys profile to a pro paysite friendly one.  This last act is the one that suggests it's more personal, rather than general.

Also as an update, according to Steve they investigated the item, confirmed it was the same, and have since removed it in the past couple hours.  Since I don't have a TSR account I obviously can't check.

Edited to add info from S2C.

[Darqstar]

As TSR you will look a whole lot better as the victim that tried to hide their shame, than the agressor that hacked several sites. But that may be just me.  I'd rather be seen as an irrisponsible loserish fansite that can promise to do better in the future, than a hacker. Don't underestimate puppy dog eyes and pity

Oh, I agree, which is exactly why they're claiming this whole, "Hey giuz, we haxed! ONOES!"   But, as a former subscriber to TSR, I'd be more worried personally if there was a hacker.  I exchanged PM's with some folks that had some sensitive information that I stored.  I blithely gave them my true name and address, because I thought in order to subscribe, the information on your profile had to match the information given to the credit card company.

So, while to the community it would look better to have been hacked, to each individual, it could be a very different story.  If someone hacked into TSR and I wasn't notified?  If I still had all the stuff I used to have?  I would be livid.  I'd be beyond livid. I would call the credit card company they use, I would flip my shit out good.  Because that's my safety they've just compromised.  

It's not that I'd blame them for being hacked even.  Mistakes can happen and no one is invulnerable.  But the fact that they didn't warn people so they could change their passwords (in case the hacker returned before security leaks were blocked)  get rid of sensitive information, and go around changing passwords at other sites that used them.  That would be a HUGE issue.  Even if I was still enchanted with TSR, I would never subscribe again, because I couldn't risk it, I couldn't risk that someone might hack TSR again and again, I'd only find out third hand.

[siberiansunset]

*snippy snip*

The date on the IP address usage on Thomas' MTS2 account was a few hours *after* the intrusion on buggy's account.  1.So whoever it was logged into buggy's account *first* and then logged into Thomas' after (not the other way around).  This could be for one of two reasons: Either they wanted to check everything out from a "normal" users perspective to make sure everything of buggys was gone, or they wanted to deliberately create a link between the two.

With regards to the security thing, and the timings, I do think that it's *very* suspicious that somebody would keep ahold of user account logins for *months* and not use them and then only use them now and *also*, at the end of it all, change buggys profile to a pro paysite friendly one.  2.This last act is the one that suggests it's more personal, rather than general.

3. Also as an update, according to Steve they investigated the item, confirmed it was the same, and have since removed it in the past couple hours.  Since I don't have a TSR account I obviously can't check.

1.Very suspect indeed.
2. I whole-heartedly agree.
3. What items were made by shakeshaft from stealing from BB, so i can check?

[Shiny]

From MaxoidHydra:

Hi Simmers,

We're still seeing a few off topic posts concerning TSR and a thread on MTS2. Threads about this issue will be deleted and temp bans will be given out if they continue to be posted.

If you woud like to discuss the issue, please discuss them in either the TSR or MTS2 forums.

Thanks.


HAHAHAHA. Yes, we'll take it to TSR. Why didn't I think of that, that's brilliant. What an extremely relevant response to what people have been saying on the BBS.

[raebchen]

As TSR you will look a whole lot better as the victim that tried to hide their shame, than the agressor that hacked several sites. But that may be just me.  I'd rather be seen as an irrisponsible loserish fansite that can promise to do better in the future, than a hacker. Don't underestimate puppy dog eyes and pity

I see what you're saying. I guess, the way I am seeing it is that he did attack buggybooz and MTS2, now let's cause some more butthurt, while you look at it from the view point of the greater community and those who are watching all this from the fence. For me, TSR will never look like the victim no matter what. But then again, I am not the person, that needs to be convinced of their evil doings  

[scrappysim]

As TSR you will look a whole lot better as the victim that tried to hide their shame, than the agressor that hacked several sites. But that may be just me.  I'd rather be seen as an irrisponsible loserish fansite that can promise to do better in the future, than a hacker. Don't underestimate puppy dog eyes and pity

Except that as an irresponsible loser-ish fansite that allows personal information to be shared and then gets "hacked" and more personal information is acquired by someone with malicious intent they become someplace that even more people would need to protect themselves against.  The idea that they may have hacked someones profile is despicable but may not cause a big hit to their pocketbooks but if they once again cant be trusted with personal information then maybe that would be the angle to exploit to get people either to not get subs or to try to cancel current ones.  I mean people can be appalled about the behavior and not act on that but if your passwords and personal information are not safe then that seems like it might spur more action on the part of the "on the fencers" than something that only effects other people.

[Skoria_Bay]

I didn't see any pots on Shakeshaft's artist's sight. I think Steve has removed them.

[neriana]

 anyone who messages the tsr will probably be ignored unless enough people do it.

Don't message TSR. Eesh. That's like calling the thief to ask him to please return what he stole.

Message Paypal. Report TSR to better business sites.

[SoggyFox]

Yeah - I vote we, as our bans are lifted, keep posting on the BBS - or don't they want the children protected from the crooks at TSR....oh, wait.

[raebchen]

 anyone who messages the tsr will probably be ignored unless enough people do it.

Don't message TSR. Eesh. That's like calling the thief to ask him to please return what he stole.

Message Paypal. Report TSR to better business sites.

Ripoffreport.com is a good one. A company I used to work for had pages of complaints there. I remember finding them and being shocked about it. Anyway, I don't think they ever delete anything on there, so it'll be up for everyone to see.


ETA: Soggyfox, I haven't been banned there yet. I suggest we alternate. Everyday someone will start a post there, so banning won't matter, as there is plenty of people here to go post over there. I'll do it tonight or tomorrow as I am off to an interview and then to work. Someone else post the day after and so on...

[Anouk]

As TSR you will look a whole lot better as the victim that tried to hide their shame, than the agressor that hacked several sites. But that may be just me.  I'd rather be seen as an irrisponsible loserish fansite that can promise to do better in the future, than a hacker. Don't underestimate puppy dog eyes and pity

Except that as an irresponsible loser-ish fansite that allows personal information to be shared and then gets "hacked" and more personal information is acquired by someone with malicious intent they become someplace that even more people would need to protect themselves against.  The idea that they may have hacked someones profile is despicable but may not cause a big hit to their pocketbooks but if they once again cant be trusted with personal information then maybe that would be the angle to exploit to get people either to not get subs or to try to cancel current ones.  I mean people can be appalled about the behavior and not act on that but if your passwords and personal information are not safe then that seems like it might spur more action on the part of the "on the fencers" than something that only effects other people.

I agree, but I don't know if the less computer savvy people - and that's a huge chunk of the populace - will be worried enough, especially if TSR apolagizes and promises to do better/ take care of it. They could feed them anything.
And going into TSR posting that - they can pick and choose what to delete and what not, and all that's left is what they want people to read.
I'd just take it to Paypal.

[scrappysim]

As TSR you will look a whole lot better as the victim that tried to hide their shame, than the agressor that hacked several sites. But that may be just me.  I'd rather be seen as an irrisponsible loserish fansite that can promise to do better in the future, than a hacker. Don't underestimate puppy dog eyes and pity

Except that as an irresponsible loser-ish fansite that allows personal information to be shared and then gets "hacked" and more personal information is acquired by someone with malicious intent they become someplace that even more people would need to protect themselves against.  The idea that they may have hacked someones profile is despicable but may not cause a big hit to their pocketbooks but if they once again cant be trusted with personal information then maybe that would be the angle to exploit to get people either to not get subs or to try to cancel current ones.  I mean people can be appalled about the behavior and not act on that but if your passwords and personal information are not safe then that seems like it might spur more action on the part of the "on the fencers" than something that only effects other people.

I agree, but I don't know if the less computer savvy people - and that's a huge chunk of the populace - will be worried enough, especially if TSR apolagizes and promises to do better/ take care of it. They could feed them anything.

But the ones who will believe them wont be swayed by the hacking argument either then.  I think if people think they could somehow be effected or hurt by the occurrences (even if they believe that it isn't TSR's fault) they might be more apt to do something.  If this was the first time that peoples info was shown not to be safe there then that would be one thing but how many times can TSR put people's info in jeopardy without beginning to feel it in the bottom line. 

[Anouk]

Let's hope so. But I think it will just end up being cencored like everything else.