[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

Discrete Dreamscape discrete.dreamscape at gmail.com
Sat Aug 21 07:46:42 PDT 2010


This was one person's decision, and was deliberately done for the sole
purpose of messing with the owner of the victim site (although I'd
hardly call the particular individual a victim). Regardless, the team
was pretty disappointed. The one person currently owns all parts of
Emerald's hosting, so it was their decision, albeit a ridiculous one.
They don't take the project seriously, and it's more than a little
embarrassing to the rest of the people associated with the team that
this kind of thing keeps happening, over and over again.


Discrete


On Aug 21, 2010, at 10:33 AM, Brian McGroarty <soft at lindenlab.com> wrote:

> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw <tom at streamsense.net> wrote:
>>  Loading 1mb of content per user is hardly a denial of service attack.
>> Crosslinking occurs everywhere on the web, this is simply nothing but
>> paranoid bull.
>
> "Crosslinking" drops the context of hiding gibberish requests to a
> critic's website in a hidden frame that will never be revealed to the
> user. This isn't a mere hyperlink to another page or naively stealing
> someone else's image hosting.
>
> My read (but I'm no lawyer) is that this looks like 2.d.iii of
> http://secondlife.com/corporate/tpv.php and we're already having that
> discussion. If anyone can come up with specific reasons why this might
> have had legitimate reason to be there, or how this one could be yet
> another oversight or mistake, that would be helpful. I sure haven't
> heard any to date.
>
> --
> Brian McGroarty | Linden Lab
> Sent from my Newton MP2100 via acoustic coupler
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges


More information about the opensource-dev mailing list