[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

Rob Nelson nexisentertainment at gmail.com
Tue Aug 24 14:27:40 PDT 2010

Previous message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Next message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  They used a custom build of the KDU JPEG compression library to embed 
information in baked textures, such as the installation directory and 
the title of the window.  The outrage around this is that Emerald 
developers:

1. Disclosed private information without informing users about the 
disclosure in their privacy policy (installation folder can contain the 
username, usually on Linux, though).
2.  Obfuscated this system by hiding it within a closed-source library
3. Continued to lie about the purpose of this system.
4. LINDEN LAB CONTINUES TO IGNORE THE TPV VIOLATIONS. If I had pulled 
this crap with my tiny viewer, I'd have been banned back into the stone 
age.  The double standard Linden Lab uses infuriates many who were 
forced to do many difficult changes to comply with the TPV, only to find 
out that Linden Lab has no intention of enforcing it.
5. Reportedly, Emerald merely changed the encryption method used when it 
was discovered.  I don't even know if they changed their KDU library to 
comply yet, or if they're covering their bums still by making a storm of 
apologetic blog posts while continuing the same old crap.

Rob Nelson

On 8/24/2010 1:50 PM, Harold Brown wrote:
> What I find interesting is that people are neglecting to realize that
> ANY viewer, even a LL viewer could have been used to do the same thing
> by changing the WEBPAGE the login screen pointed to.  Or for that
> matter distributing a object using the new Media functions to load a
> webpage with the exact same iframe set.
>
>
>
> On Mon, Aug 23, 2010 at 8:03 AM, David M Chess<chess at us.ibm.com>  wrote:
>> Could we move all this stuff to a new "emeraldgate" list, or something?
>>
>> That I could then carefully not subscribe to?
>>
>> __
>> _______________________________________________
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>

Previous message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Next message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the opensource-dev mailing list