[opensource-dev] FAQ posted for Third Party Viewer Policy
tigrospottystripes at gmail.com
Sun Feb 28 20:43:48 PST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Without proofs that might have just as well have come from the butt of
Neil or some other person pissed at Skills for catching their customers
using malicious clients.
On 1/3/2010 01:34, Miro wrote:
> I urge you to read the thread. There are details there. To quote on
> "I've learned from sources "close to the developer" just HOW this system
> works, Via your Media stream access, it accesses your computers AppData
> folder, searching for installations of identified "copybot" capable
> viewers, exploiting a function used by programs like flash player,
> quicktime, and others such as that, that check to see which version is
> on your system, telling you when you need to update. YOU DONT HAVE TO BE
> ON THE VIEWER TO BE DETECTED, ONLY HAVE TO HAVE INSTALLED IT AT ONE
> And another
> "IN the meantime, a few tests have been conducted that suggest abuse of
> port 80 via Quicktime and the Windows filesystem.
> 1) Disabling media and uninstalling quicktime seems to completely shut
> this system down, in regards to detecting alts. Existing avatar keys
> are still banned, but its "mysterious alt detection" begins to fail.
> 2) Only some hacked viewers are being detected, and fewer when in Linux.
> Further, whereas in Windows if you use a normal viewer but have a
> hacked one installed, it seems to pick you up (thus eliminating the
> bouncer analogy, unless you think it's also OK for the bouncer to go to
> your house and beat up your family), in Linux that function ceases to work.
> 3) Alternative plugins that can handle quicktime functions, when forced
> to work on a fresh compile of a viewer build, seem to completely block
> all functions other than being added to the database while using a
> viewer that announces itself as Cryolife, Streetlife, etc.
> These all indicate scanning of Windows Application Data, app_data, or
> even Windows Registry entries without consent. Additionally, all of
> this explains why vanilla SL users using Mac OS are getting banned by
> the system; Mac OS handles the version updates for Quicktime rather than
> it having that capability enabled on itself, thus making it impossible
> for this system to function properly against the Mac OS. So, to
> prevent that from being noticed, Skills made all Mac OS users get the
> kill signal because their computers wont allow her/his/its Gemini system
> to access data on the machine. This way, Skills can just assert the
> person was "obviously" using a malicious viewer, defaming them to hide
> the inefficacy of the system itself."
> On 02/28/2010 11:02 PM, Tigro Spottystripes wrote:
> So, all that the scriptkiddies out there need to do to evade the all
> mighty Gemini CDS malicious client user detection system is to not have
> Quicktime installed? And LL is letting all their users run around with
> their machines open to attack by anyone? That doesn't sound plausible at
> On 1/3/2010 00:58, Maggie Leber (sl: Maggie Darwin) wrote:
>>>> On Sun, Feb 28, 2010 at 10:49 PM, Tigro Spottystripes
>>>> <tigrospottystripes at gmail.com> wrote:
>>>>> hm, i didn't thought he did collect IP addresses, but even if the
>>>>> does catch IP addresses (which isn't such a big deal if you keep your
>>>>> machine safe) an IP address wouldn't be of any help identifying
>>>>> malicious clients, unless the malicious clients in question routed
>>>>> thru a known proxy.
>>>> Sounds to me like we're talking about a lot more than IP address.
>>>> There have been both remote file system reading and arbitrary code
>>>> execution vulnerabilities in Quicktime in the past.
Policies and (un)subscribe information available here:
Please read the policies before posting to keep unmoderated posting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the opensource-dev