[opensource-dev] FAQ posted for Third Party Viewer Policy

Tigro Spottystripes tigrospottystripes at gmail.com
Sun Feb 28 20:43:48 PST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Without proofs that might have just as well have come from the butt of
Neil or some other person pissed at Skills for catching their customers
using malicious clients.

On 1/3/2010 01:34, Miro wrote:
> I urge you to read the thread. There are details there. To quote on
> poster...
> https://blogs.secondlife.com/message/111885#111885
> 
> "I've learned from sources "close to the developer" just HOW this system
> works, Via your Media stream access, it accesses your computers AppData
> folder, searching for installations of identified "copybot" capable
> viewers, exploiting a function used by programs like flash player,
> quicktime, and others such as that, that check to see which version is
> on your system, telling you when you need to update. YOU DONT HAVE TO BE
> ON THE VIEWER TO BE DETECTED, ONLY HAVE TO HAVE INSTALLED IT AT ONE
> POINT..."
> 
> And another
> https://blogs.secondlife.com/message/112121#112121
> 
> "IN the meantime, a few tests have been conducted that suggest abuse of
> port 80 via Quicktime and the Windows filesystem.
> 
> 1) Disabling media and uninstalling quicktime seems to completely shut
> this system down, in regards to detecting alts.  Existing avatar keys
> are still banned, but its "mysterious alt detection" begins to fail.
> 
> 2) Only some hacked viewers are being detected, and fewer when in Linux.
>   Further, whereas in Windows if you use a normal viewer but have a
> hacked one installed, it seems to pick you up (thus eliminating the
> bouncer analogy, unless you think it's also OK for the bouncer to go to
> your house and beat up your family), in Linux that function ceases to work.
> 
> 3) Alternative plugins that can handle quicktime functions, when forced
> to work on a fresh compile of a viewer build, seem to completely block
> all functions other than being added to the database while using a
> viewer that announces itself as Cryolife, Streetlife, etc.
> 
> These all indicate scanning of Windows Application Data, app_data, or
> even Windows Registry entries without consent.  Additionally, all of
> this explains why vanilla SL users using Mac OS are getting banned by
> the system; Mac OS handles the version updates for Quicktime rather than
> it having that capability enabled on itself, thus making it impossible
> for this system to function properly against the Mac OS.   So, to
> prevent that from being noticed, Skills made all Mac OS users get the
> kill signal because their computers wont allow her/his/its Gemini system
> to access data on the machine.   This way, Skills can just assert the
> person was "obviously" using a malicious viewer, defaming them to hide
> the inefficacy of the system itself."
> 
> On 02/28/2010 11:02 PM, Tigro Spottystripes wrote:
> So, all that the scriptkiddies out there need to do to evade the all
> mighty Gemini CDS malicious client user detection system is to not have
> Quicktime installed? And LL is letting all their users run around with
> their machines open to attack by anyone? That doesn't sound plausible at
> all...
> 
> On 1/3/2010 00:58, Maggie Leber (sl: Maggie Darwin) wrote:
>>>> On Sun, Feb 28, 2010 at 10:49 PM, Tigro Spottystripes
>>>> <tigrospottystripes at gmail.com>  wrote:
>>>>> hm, i didn't thought he did collect IP addresses, but even if the
>>>>> system
>>>>> does catch IP addresses (which isn't such a big deal if you keep your
>>>>> machine safe) an IP address wouldn't be of any help identifying
>>>>> malicious clients, unless the malicious clients in question routed
>>>>> stuff
>>>>> thru a known proxy.
>>>>
>>>> Sounds to me like we're talking about a lot more than IP address.
>>>> There have been both remote file system reading and arbitrary code
>>>> execution vulnerabilities in Quicktime in the past.
>>>>
_______________________________________________
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting
privileges
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuLRf8ACgkQ8ZFfSrFHsmXijgCfR8yqNqXT9st0W3lYIK5gOLp+
MyMAnjOcJ9xf/CkwIPKnHgH0/K6XLXRa
=NL2i
-----END PGP SIGNATURE-----


More information about the opensource-dev mailing list