PMBD PMBD
Welcome, Guest. Please login or register.
2024 November 22, 16:57:32

Login with username, password and session length
Search:     Advanced search
138712 Posts in 1637 Topics by 5295 Members
Latest Member: ImaginaryPorkchop
* Home Help Search Calendar Login Register
  Show Posts
Pages: [1] 2 3 ... 6
1  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 09, 17:52:42
Delphy my issue would still be that they had an internal security breach several times- and A. Left peoples private information on the server unencrypted and unsecured and B. That they did not inform anyone except a handful of FA's -- When Mod the Sims was hacked you essentially warned everyone - creator and non-creator alike to make sure we were not using the same passwords at both sites and to be careful- TSR did none of this  and it is a clear message that they don't have the best interests of the community at heart- only their bottom line and saving their own asses.-

I totally agree that things Could Have Been Done Better.  Thats really not my call though - thats how they want to run thier own business.  It *is* worrying they have plaintext passwords, but they are going to be changing that soon anyway, so maybe it wont be an issue for long.

I guess we shall see how things go from here. Smiley
2  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 09, 16:11:17
When people complain that they haven't been informed that their passwords have been compromised the response is "Only a few FA's accounts were affected."
Buggyboos is not and never has been a TSR FA.
QED--Either TSR is lying about the hacking or about how many users's signons were compromised.  Your choice.
The hacking never happened. Even Johan denied this event ever occurred. Therefore, everything else which follows is a lie. It therefore follows from this alone that they were involved, or else they would not have needed to make up excuses for why they were somehow not involved!

Actually, read back on what Johan said.  He said that what *I* said never happened - and what I said was that the *entire* userbase was vulnerable.  What actually happened was that multiple Staff and FA accounts *where* compromised.  So in essence, it was I who misinterpreted the original statement.

I have pages upon pages of log files, database dumps and so on - all from TSR - all stuff that I have not seen before, but ALL stuff I have verified independantly with my own databases.  I have also corroborated this against independant reports other non-TSR people have told me regarding thier accounts there.  In my mind, the information that I have been sent *is* correct: The hacking *did* happen, TSR did suffer massive security issues, and was repeatedly infiltrated multiple times. 



3  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 04, 11:39:08
neriana, lets just agree to disagree, ok?

Pescado, since you are awake let me ask you a question.  Why do you think it's a statistical coincedence that only 5 or 6 people share the exact same IP address *and* the same browser string (which in itself is a fairly unique one) out of a database of tens of millions of rows?  Sharing the same IP address is not uncommon.  Having the same browser string as the person next to you is also not uncommon, but consider this:  The browser strings never actually came up *until* I posted my first thread on S2C.  How could one person *randomly* choose the exact same browser string as the ones used in the MTS2 and TSR logs if this information was never public?  As far as I can tell none of the oher sites that got hacked have this information - they only have IP addresses.  So how would a hacker get it?  The simple answer (and the one that fits the evidence) is: They didn't.  The simple answer is that it's the same person, so therefore it is *not* statistically a coincedence, as you seem to think, that very very few people share the same IP and browser.

I'd like your thoughts on this please.
4  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 04, 03:58:30
Oh and come on - you know better than I do that TSR are *not* the sole invitee to the events that the Maxoids throw! So the part of your argument that "EA only ever invite TSR" is basically useless and backed up by evidence thats actually provable - ie *all* of the events that have gone down in the past 4 years.

Did I say EA only ever invites TSR? I certainly don't recall typing it.


Yeah, you basically implied it when you said this:

Quote from: neriana
You are right; EA keeps inviting TSR to "fan" stuff. They keep not inviting other people.

Not inviting other people + keep inviting TSR = only inviting TSR.  Apologies if your implied statement was not your actual one.

Quote from: neriana
I find the idea that employees of a company go against that company's interests because people outside the company are NICE to them absolutely and utterly ludicrous. But sure, if you think the "Maxoids" are that silly and unprofessional. I don't think quite that poorly of them.

You dont?  I would think that "The Maxoids are being PAID by TSR" to mean that you think they *are* unprofessional, as well as illegal and underhanded.

Either you think they are unprofessional or you don't - and if you *dont* then it pretty much means the entire "Maxoids are paid by TSR" theory is based on... well, nothing, really.  (and lets face it's there is zero evidence to suggest that this theory is based on anything resembling facts, but we have years of evidence to prove that TSR talk closely with the Maxoids.  I know which one I would pick... but then I'm probably one of the sanest here. Wink)
5  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 04, 02:12:35
That simple enough for you Neriana? Smiley

You misunderstood me thoroughly if you think I was saying that the simplest explanation is the best. I was saying that an explanation that's simple isn't better or worse than an explanation that's complex. In other words, Occam's Razor is useless.

In your explanation, you keep talking about "Maxis". Maxis no longer exists. You are right; EA keeps inviting TSR to "fan" stuff. They keep not inviting other people. Whom EA chooses to invite to their parties is an important piece of evidence. If who is "nice" to them actually factors into EA's business arrangements, they're even more poorly run than I thought. Further, TSR is not "nice" to EA at all; TSR violates EA's EULA every day.

Basically, to believe that EA just likes TSR because they're all warm and fuzzy buddies with them, to the extent of excluding other fansites from this warm and fuzzy buddiness and of censoring the BBS as EA regularly does, requires a huge leap of logic. Multinational corporations aren't run on huggles.

Your proposed experiment would be pretty useless now that it's been made public. However, that experiment has already been done, in a way. MTS2 isn't on the list of EA fansites for its supposed "adult" content. We have proven that TSR has plenty of "adult" content, people have complained about that content on the BBS for years, but TSR is still on that list.

Actually, "Maxis" does exist in the sense that there are still "Maxoids".  I was referring to a personal relationship between TSR and the Max*oids*, not neccesarily Maxis as a now-defunct entity. 

Multinational corporations aren't run on huggles, no, but we are not talking about multinational corporations as a whole - we are talking about *individual* people with *individual* biases for or against particular sites, ethics, and colours of the rainbow.  So, it's really *not* a huge leap to go from "TSR and the Maxoids have a long standing relationship" to "Maxoids will favour TSR on thier own site".  It's *certainly* a hell of a lot better an explanation that the "Maxoids are being paid by TSR" which makes about as much sense as a chocolate fireplace.

TSR *is* nice - to the Maxoids.  Doesn't matter what TSR do in terms of "violating" the EULA or with some few adult bits of contact - if the *primary* contact that the Maxoids have with TSR *is* nice, then of course that is going to foster a good relationship.  Come on, it doesn't take a leap of faith to see that people are, well, people, and have feelings and thoughts too, and, in reality, they act on those a hell of a lot more than logic.  Think about it: If you cultivate a nice relationship with somebody it's far easier to overlook thier faults than if you pick them apart, bash them left right and center and generally *be* an ass rather than trying to kiss it.  And since the Max*oids* have a huge say in who gets invited to events (something they have direct control over), as well as how things play out on thier own site (again, direct control), then of *course* it's going to be biased.  But this is nothing to do with the "EA multinational" - it's purely personal, and so long as it can be justified and doesn't backfire, who in the corporate world is really going to care?

When things really come down to it, as *people*, who do you think the Maxoids are going to side with?  The people that constantly bash them, and thier parent company, that deride every decision they ever make, call them names, and generally act like douchebags on thier site... or the people that you have been talking to and have built up a relationship with over *8* years?  Yes, it sucks, no it's not fair, but it *is* a wholly personal thing, and the only way to stop it from happening is to get somebody impartial dealing with the community instead.  To be honest, you pirates are labouring against that 8 years of communications and dialogue, and petty name calling and spamming and so on really will achieve nothing.

With regards to the fansite list: TSR is most likely on the list becuase they *care* about being on the list and becuase of this long standing relationship.  I, on the other hand, do *not* care if I am on the list of fansites.  If I did I'd probably be on them a lot more to put me back, but quite frankly, I don't want to put the time and effort into doing that just to attract a bunch of 12s to my site.

Oh and come on - you know better than I do that TSR are *not* the sole invitee to the events that the Maxoids throw! So the part of your argument that "EA only ever invite TSR" is basically useless and backed up by evidence thats actually provable - ie *all* of the events that have gone down in the past 4 years.
6  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 03, 23:08:41
Quote from: Delphy
Even if you consider the possibility that TSR is somehow paying the Maxoids under the table, as a public company they would be obliged to investigate any such allegations and accusations, so why has nothing come out?
Let's say TSR paid people under the table, and let's say EA were opposed to this, and investigated.  I don't think they would publicise this, it would make them look bad.  I think they would try to cover it up as much as they could instead.  If however, EA upper management is as uninvolved and as ignorant as some think, they could just be unaware.  Or they could be aware but not care so long as it doesn't hurt their business.  I know I'm only speculating.  Just saying I think TSR bribing EA employees is plausible.  However, your idea of a legal business arrangement between EA and TSR is also quite plausible.  However, the April 1st TSR "myths and lies" thingie denies any such legal arrangement.  Doesn't mean they don't have one, just means they won't admit it if they do.

I think it's actually more likely there is *no* such business or legal arrangement, but instead it's a more personal one.  After all, TSR have had years to talk to the Maxoids, get to know them, and so on - just as we had that opportunity on MTS2 when MaxoidTom was around.  So it's probably much *more* likely that the Anti-anti-TSR stance comes more from a personal trust element (as in trust between the Maxoid and the TSR staff) rather than anything business like.  I think *this* explanation is way simpler than any one involving money, since we *know* that Maxis/EA has contact with fansites and we *know* they talk to them from time to time, so therefore it only makes sense that they would favour some over others, but this does *not* mean it's anything legal, concrete, or set in any kind of financial terms - it'd be more of a bias rather than anything else.

Let's think about this for a second.  You have these sites - one of which you have been talking to for years and who you have built up a relationship with.  Not a business one, just a personal one.  So you have this community - on the one hand is the "pirate" side - with sharing of EA owned materials (Castaway etc) and other such dubious dealings but, more importantly, with zero contact with the Maxoids.  Then you have the other hand - that of TSR and the paysites - who are way more likely to basically kiss ass, to say nice things about the game, to basically do whatever they can to be invited to events, and to, essentially, create a higher profile for thier own site.  Again, nothing business like, nothing legal, no money under the table. 

I think that some people forget this long standing relationship in thier haste to be all "TSR is evil".  Just becuase *you* think TSR is evil does not mean that the Maxoids (who have had *years* of talking to them, inviting them to events, etc) think they are, and does not mean that the Maxoids are taking cuts under the table.  In fact, I think the entire theory of the Maxoids being paid by TSR is, actually, ludicrous, and it's way more likely that any such goings on by the Maxoids on the BBS are more becuase of this long standing personal relationship than anything else.

It's pure and simple a personal relationship between TSR and the Maxis people, thats been going on for years, and that is *extremely* unlikely to be broken by any such antics as done by the pirate faction up till now.

Oh and I'd like to add that this is just my thoughts and feelings based on my years in the community and as owner of a Sims 2 fansite who *has* been contacted by EA and has dealings with Maxoids.  It's not becuase I am pro-TSR, I'm just simply pointing out that the theory that the Maxoids are being paid by them is mired in implausibility and, in my opinion, *extremely* unlikely.

For you tl;dr people.  To sum up:

- TSR and Maxis have a personal relationship going back years
- TSR always is nice to Maxis
- Maxis is therefore going to be more nice to TSR

- Pirates and Maxis have a personal relationship spanning in nanoseconds
- Pirates always bash TSR and Maxis
- Maxis is therefore going to be less nice to Pirates

That simple enough for you Neriana? Smiley
7  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 03, 22:54:52
Delphy, the problem with Occam's Razor is that what one person thinks is the simplest explanation, another person often thinks does not fit the evidence. I think the simplest explanation that fits the evidence is that the Maxoids are in the pay of TSR. Other people think EA is more deeply involved as well. What seems "simplest" is often not a compelling explanation, because it does not flow from the evidence at hand.

I don't really think thats the *simplest* solution, though.  As scrappysim points out, a lot of the SimMasters left, so obviously there was a power vacuum, and it was clear to EA or the community manager of Maxis that something had to be done. 

Even if we *do* consider the idea that the Maxoids where in the pay of TSR, isn't EA a public company? Do they not have accounts?  Why would an *employee* of one of the largest software companies in the world want to get a cut from what is, essentially, a fly in the ointment?  There is no logical rhyme nor reason why "the maxoids are in the pay of TSR" - not from a financial standpoint.  Even if you consider the possibility that TSR is somehow paying the Maxoids under the table, as a public company they would be obliged to investigate any such allegations and accusations, so why has nothing come out?

Whats actually *more* likely is the other way round - TSR are linked to EA via some kind of license deal or a advertising deal or something like that. 

If we consider the "evidence", it's more akin to them simply wanting to control the forums (aka the BBS) more in the run up to the Sims 3, and shutting down any dissedent talk, rather than them being specifically in the pay of TSR.  If they *where* in the pay of TSR, then test it - put up a post saying how great say, Parsiminous is, or another huge free site - and see what happens.  No bashing, no name calling, no "Parsim are better than TSR" or whatever - just a fan thread about the site.  If your theory is correct, then this would be seen as competition and would be shut down.  Indeed, the thread BlueSoup is still up... and that has a lot of anti-TSR statements in it, but the *actual subject itself* is more general for the game. If the maxoids *where* in the pay of TSR, wouldn't BlueSoups thread be shut down too?  It seems to not make any sense with your scenario.

No, I think it's more likely that people equate any *anti*-TSR deletions to "the maxoids are being paid by TSR", but I think the same thing would apply to bad mouthing *any* site there.  In this case it's probably more the "evidence" that is flawed - or, rather, the assumptions made *from* the evidence, rather than the evidence itself.  After all, as I said, why would the largest gaming company in the world need to be paid by a *fansite*? 

But if you *really* want to test things - go ahead and do it, instead of assuming that it's true. 
8  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 03, 21:20:10
With regards to the whole Sim Masters thing, it could just be that EA/Maxis want more control over the forums and the information on them.  I mean, since the whole Sims Store stuff we know that they are moving much more into the social/online areas, so it's logical to think that they would want to have extra control, and I think that perhaps the whole thing that has happened lately was just the straw that broke the camels back, in terms of who does what and who has power - especially when you think that a lot of sim masters left not that long ago.

I'm not really going to draw any conclusions into it - I just see it as more of a control thing rather than anything tinfoil hattery related like TSR paying them, etc etc.  Occams razor, people, remember? Smiley
9  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 03, 20:48:57
Delphy, was Shakeshaft by chance one of the creators that got lured over to TSR? I ask because I did a search  t if I had any of her stuff from MTS2 to delete-and noticed that  the last time she was logged in was on the 26- which would be right before the shit hit the fan- and I know on my profile it shows the last time I was actively logged into the server in order to download stuff or post on the forums . Have you looked into the former MTS2 creators who went to TSR to see if anyone else was active recently - This seems it might be a big security breach if you have TSR creators who are no longer active on Mod the Sims  in terms of currently creating items for upload like MsBarrows or Shakeshaft who still can access their accounts . 

I'm confused - why would it be a "security breach" for people who have left MTS2 to still have accounts?  It's a free site, anybody can make an account, but only buggybooz had the password to her MTS2 account.  I really don't think that investigating ex-MTS2 people is really relevant, and Shakeshaft was actively logged into MTS2 multiple times (pretty much once a day) stretching back months, so I don't think it's really that relevant about any logins on the 26th.

On another note, the whole thing re: browser strings and what "coconut" said doesn't sit well with me - yes they arent' that hard to change but the fact remains that the browser string is *identical* in all the various cases, complete with a not-so-common ImageShack toolbar.  So it's my feeling that it's not just a coincedence but, when combined with the *other* evidence, is, in fact, quite important to note.
10  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 03, 19:38:53

Delphy, I'm confused about one thing... when you wrote that TSR had been hacked, you made it sound like Steve had been pretty clear with you that yes, they had been.  Then, I hear, "Well, no, it wasn't like we were really hacked..." a sudden claim that it was only FA's who were affected, blah blah blah.

Did Steve say they were hacked?  And did he make it very clear that they were hacked and it was a fairly serious hack, or did they mention it briefly, lightly, as if it wasn't really significant?  

From the way you spoke about it first, it came across like you were told clearly, by Steve, that they were hacked and that this was something that most defenately could have been a way for someone to get access to Buggy's TSR and Thomas's password to the Hamilton Account.   But TSR and co. seem to be implying that it was mentioned so briefly, so lightly, almost as if they were surprised you even figured that could be the reason.

Steve said that it was possible that Thomas' details had been gotten by a 3rd party (ie they'd been hacked) but that it was months ago, and later said that it was *only* FA and Staff access that was gotten.  It was something that was mentioned more in passing rather than a detailed explanation, so I do not know the full details, but it was definately mentioned and something I questioned him on to try and explain how this could have happened.


And I still say that if they weren't hacked, how else would they get both passwords?  Buggy's and Thomas's.   I did consider that maybe, just maybe, Shakeshaft had hacked TSR, but I can't see Thomas being so stupid as to leave his password to his MST2 account somewhere where someone hacking TSR would be able to find it.  

This is one of my key problems with the "coconut did it" theory - even HAD somebody gotten Thomas' password months ago, they would have no way of getting Buggy's (since the account was unknown) during the same hack.  Since nobody outside of TSR knew what buggys account on TSR *was* (not even I did, and Steve certainly didn't give me the impression he knew either for sure when we first talked) then this doesn't cover any theft of buggys account details there. This is one of the points I am awaiting to get details back from Steve on (among other things).

11  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 03, 17:32:58
What, if anything, is happening with the TSR/Buggybooz investigation?

I know these things take time, but I hope it doesn't drop into the memory hole of the interwebz.

Darqstar, what a classic Catch-22.

I haven't forgotten about it - I'm just waiting for some answers to some questions back from Steve at TSR. 
12  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 01, 14:57:53
I've edited my post on S2C to point to the discussion here, and rewrote parts of it, since we are now dealing with multiple attacks on multiple sites spanning months, and it's not clear to me yet who is behind this.  I'm also still in contact with Steve, and I have asked for more clarification regarding IP addresses and so on.

This is actually a unique opportunity here - to figure out, once and for all, who "hacked" all these various sites.  I know a lot of you are thinking "TSR did it!" but I am more cautious and have posted as such - if it *does* turn out to be some previously unknown quantity inside TSR, or elsewhere, then we can take it further from there.  It's certainly *linked* to TSR since the latest event started around the stolen content allegations, but I am not convinced that (as I have said) this was anything TSR sanctioned, as many of you believe.

So I'm going to go ahead with investigating as much as I can, checking out any IP addresses, times, dates, and try and build up as much investigate documentation as possible - and we shall see where this takes us. Smiley

(You may now commence allegations of bullying, believing lies, calling me a cockbagel, or whatever... but I'm just after the truth, no matter who it leads to.)
13  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 April 01, 10:23:31
I'll investigate the IP addresses Nouk is forwarding, but I have to say this:  A simple list is not enough!  If we just had IPs we would never have posted anything up in the first place.  IP addresses themselves aren't conclusive proof.  If we just take IPs, and list them, then we could say "Yes, Thomas used that proxy IP" - but thats totally disregarding the fact that the proxy IP was used *months* later and was never used on his account prior to that.  This is primarly the reason why I am *not* in the "Thomas did it!!" camp, but am instead questioning the hows, whys and wherefores of *everything* going on.

What I personally think is interesting is more along the lines of the SherrySim/leftywillnot angle - people have said this is Atwa, but do we have confirmed times and dates and browser match strings to prove this?

What we need are times and dates and browser strings where possible.  This is to build up a picture of who logged in using what PC at what time.  Then we can say "Okay so-and-so logged in from a *confirmed* IP that is verified by a third part, then logged out, then logged in via the cloaked proxy 1 min later then did x y z".  In other words, a chain of events linking everything.  Isolated IP addresses with no dates or other corroborating evidence are, for me, simply not enough.  I know I'll probably raise the ire of some people here by saying that, but until *all* parts of the stories check out or can be explained I am not going to conclusively say "So-and-So Did this!".

As I said, though, I'll investigate anything sent on to me.
14  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 March 31, 22:48:25
Johan- Can you explain why no one was ever notified that their private information such as passwords may have been compromised and if that is not the case, why Thomas or Steve would tell Delphy that it was?
It seems Delphy jumped to conclusions or got the wrong idea. I wasn't in the chat with them so i don't know exactly what was said but no, our users login details were not compromised. Some FA accounts were compromised a while ago, if you remember blaming us for hacking ourselves? This is the incident i think they were talking about.

Johan, talk to your boss (Steve) then. Smiley  Becuase he said this: "...for Tom's login, it *is* possible it was obtained from his end... thats a loophole we fixed just after Christmas".

Chatting with Steve I don't think I "got the wrong idea" since we where talking *specifically* about security of accounts and logins, etc.

I would suggest that, before you go around trying to discredit me, you first check your own source.  "No our users login details where not compromised" does not tally with "thats a loophole we fixed after Christmas".

Either actual TSR accounts *where* compromised or they weren't.  The explanation that Steve told me was that they *where*, and this is how people managed to get into Thomas' MTS2 account *and* buggys.  If, however, you are saying that they where NOT compromised... then the ONLY people that would have access to the account information to log into those two accounts... are TSR themselves.
15  The Pirate Ship / ARR! / Re: TSR: In Ur Accounts, Deletin Ur Stuffs! on: 2009 March 31, 18:18:05
Okay this is gonna be long and slightly repeating myself here.  So here goes.

First, the screenshot from Sinthe:



As I have said, none of the IPs marked there are logged against Thomas' account on MTS2.  Let's examine this:

mysql> select * from iplogtable left join user on (user.userid=iplogtable.userid) where iplogtable.ipaddress in ('75.168.197.143', '75.168.189.143', '78.129.197.69', '83.142.228.139', '75.168.199.213');

+--------------+----------------+----------------------------------------------------------------------------------------------------------+
| username     | ipaddress      | info                                                                                                     |
+--------------+----------------+----------------------------------------------------------------------------------------------------------+
| Sinthe       | 75.168.199.213 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Creative ZENcast v2.01.01 |
| Sinthe       | 75.168.197.143 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4               |
| sherriesim   | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)    |
| Sinthe       | 75.168.189.143 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4               |
| Adele Somers | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) |
| leftywillnot | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)                |
+--------------+----------------+----------------------------------------------------------------------------------------------------------+

Now let's examine the other IP addresses used for NaturalSims:

+------------------+---------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| username         | ipaddress     | info                                                                                                                                                                                                    |
+------------------+---------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| xxxx         | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9) Gecko/2008052906 Firefox/3.0 (de) (TL-FF)                                                                                                          |
| yyyy | 70.85.197.178 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0                                                                                                                    |
| yyyy | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0                                                                                                                    |
| zzzz            | 70.85.197.178 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Sky Broadband; Sky Broadband)                                                                                 |
| aaaa        | 70.85.197.178 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3                                                                                                              |
| bbbb         | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5                                                                                                              |
| bbbb         | 70.85.179.186 | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5                                                                                                              |
| ccccc        | 70.85.197.178 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Foxy/1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MAXTHON 2.0) |
| dddd   | 70.85.197.178 | Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.6) Gecko/2009011913 Firefox/2.0.0.3                                                                                                               |
| buggybooz        | 70.85.179.186 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)                                                                                                   |
| Hamilton         | 70.85.179.186 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7)                                           
| leftywillnot | 70.85.197.178 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
                                                      |
+------------------+---------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

(I've blanked out the names of the other people using these same IPs. None of them are particularly stand outworthy).  The interesting ones are the ones that share the same IP and the same browser info.

Let's look at that browser string, too, since it's fairly uncommon:

+------------+----------------+-------------------------------------------------------------------------------------------------------+
| username   | ipaddress      | info                                                                                                  |
+------------+----------------+-------------------------------------------------------------------------------------------------------+
| sherriesim | 87.194.217.73  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| sherriesim | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| sherriesim | 90.212.232.224 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| buggybooz  | 70.85.179.186  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| Hamilton   | 70.85.179.186  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| leftywillnot | 70.85.197.178  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| leftywillnot | 83.142.228.139 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
| leftywillnot | 70.85.197.178  | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; FDM; ImageShack Toolbar 4.5.7) |
+------------+----------------+-------------------------------------------------------------------------------------------------------+

The date on the IP address usage on Thomas' MTS2 account was a few hours *after* the intrusion on buggy's account.  So whoever it was logged into buggy's account *first* and then logged into Thomas' after (not the other way around).  This could be for one of two reasons: Either they wanted to check everything out from a "normal" users perspective to make sure everything of buggys was gone, or they wanted to deliberately create a link between the two.

With regards to the security thing, and the timings, I do think that it's *very* suspicious that somebody would keep ahold of user account logins for *months* and not use them and then only use them now and *also*, at the end of it all, change buggys profile to a pro paysite friendly one.  This last act is the one that suggests it's more personal, rather than general.

Also as an update, according to Steve they investigated the item, confirmed it was the same, and have since removed it in the past couple hours.  Since I don't have a TSR account I obviously can't check. Smiley

Edited to add info from S2C.
Pages: [1] 2 3 ... 6
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.063 seconds with 18 queries.