[opensource-dev] FAQ posted for Third Party Viewer Policy

Tigro Spottystripes tigrospottystripes at gmail.com
Sun Feb 28 19:49:18 PST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hm, i didn't thought he did collect IP addresses, but even if the system
does catch IP addresses (which isn't such a big deal if you keep your
machine safe) an IP address wouldn't be of any help identifying
malicious clients, unless the malicious clients in question routed stuff
thru a known proxy.

Btw, gathering IPs has nothing to do with Quicktime, or at least it
isn't restricted to Quicktime, any sort of data hosted on a server with
some sort of monitorament(sp?) in the server will do. LL knows how the
system work, and in the past they were quite fast to pull the plug on
Quicktime when there was a security hole related to it.

On 1/3/2010 00:30, Miro wrote:
> You might wish to make time to read this (very long) thread, if you have 
> not already:
> 
> https://blogs.secondlife.com/thread/10467
> 
> Some research has been done into how the device works. Apparently it 
> exploits a vulnerability in QuickTime to access users' computers and 
> "mine" information about what software is, or was, installed on them.
> 
> [I say "apparently" because I have not done the research myself and so 
> cannot verify what others have written.]
> 
> On 02/28/2010 10:20 PM, Tigro Spottystripes wrote:
> AFAIK it doesn't claim to be able to detect them all the time, nor to be
> able to detect all clients that might be out there; it shouldn't be
> possible to do it, if he does make claims opposite to that he would be
> lying.
> 
> On 1/3/2010 00:15, Maggie Leber (sl: Maggie Darwin) wrote:
>>>> On Sun, Feb 28, 2010 at 9:38 PM, Bryon Ruxton<bryon at slearth.com>  wrote:
>>>>
>>>>> An LSL function somewhere to identify viewers would help.
>>>>> Leave then to us the ability to make inworld tools to control who gets in or
>>>>> not.
>>>>
>>>> Your attention is directed to SVC-4636.  I'm sure your support would
>>>> be welcomed by some.
>>>>
>>>> Others know such a move would only increase the incentive for spoofing
>>>> any identifier that might be used, regardless of what the ToS might
>>>> say. Someone who's engaged in content copying is unlikely to be
>>>> deterred by committing one more ToS violation.
>>>>
>>>> There is already at least one viewer developer who is also selling a
>>>> product claiming to identify (by some secret proprietary means)
>>>> avatars running "bad" viewers and ban them.
>>>> _______________________________________________
>>>> Policies and (un)subscribe information available here:
>>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>>> Please read the policies before posting to keep unmoderated posting privileges
>>>>
_______________________________________________
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting
privileges
>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuLOToACgkQ8ZFfSrFHsmXwrQCeO/VCLVcpsXu2tKVGVZ2GTno2
yHYAnjDfIbZ2ShyMgYuriSV3XozxY1sD
=VPzF
-----END PGP SIGNATURE-----


More information about the opensource-dev mailing list