[opensource-dev] FAQ posted for Third Party Viewer Policy

[Jesse Barnett]

Apologies to group as I know that this is off topic but did not want this to
go unanswered.

I am not the one that discovered the Quicktime link but it was easy to
"prove".

All you have to do is uninstall Quicktime on a Windows machine and you are
invisible even testing with a ripper client that everyone else is being
caught with.

And by now everyone should know that I have taken a very strong stance
against ripping and ripper clients and am not Neil.

Jesse Barnett

On Sun, Feb 28, 2010 at 11:43 PM, Tigro Spottystripes <
tigrospottystripes at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Without proofs that might have just as well have come from the butt of
> Neil or some other person pissed at Skills for catching their customers
> using malicious clients.
>
> On 1/3/2010 01:34, Miro wrote:
> > I urge you to read the thread. There are details there. To quote on
> > poster...
> > https://blogs.secondlife.com/message/111885#111885
> >
> > "I've learned from sources "close to the developer" just HOW this system
> > works, Via your Media stream access, it accesses your computers AppData
> > folder, searching for installations of identified "copybot" capable
> > viewers, exploiting a function used by programs like flash player,
> > quicktime, and others such as that, that check to see which version is
> > on your system, telling you when you need to update. YOU DONT HAVE TO BE
> > ON THE VIEWER TO BE DETECTED, ONLY HAVE TO HAVE INSTALLED IT AT ONE
> > POINT..."
> >
> > And another
> > https://blogs.secondlife.com/message/112121#112121
> >
> > "IN the meantime, a few tests have been conducted that suggest abuse of
> > port 80 via Quicktime and the Windows filesystem.
> >
> > 1) Disabling media and uninstalling quicktime seems to completely shut
> > this system down, in regards to detecting alts.  Existing avatar keys
> > are still banned, but its "mysterious alt detection" begins to fail.
> >
> > 2) Only some hacked viewers are being detected, and fewer when in Linux.
> >   Further, whereas in Windows if you use a normal viewer but have a
> > hacked one installed, it seems to pick you up (thus eliminating the
> > bouncer analogy, unless you think it's also OK for the bouncer to go to
> > your house and beat up your family), in Linux that function ceases to
> work.
> >
> > 3) Alternative plugins that can handle quicktime functions, when forced
> > to work on a fresh compile of a viewer build, seem to completely block
> > all functions other than being added to the database while using a
> > viewer that announces itself as Cryolife, Streetlife, etc.
> >
> > These all indicate scanning of Windows Application Data, app_data, or
> > even Windows Registry entries without consent.  Additionally, all of
> > this explains why vanilla SL users using Mac OS are getting banned by
> > the system; Mac OS handles the version updates for Quicktime rather than
> > it having that capability enabled on itself, thus making it impossible
> > for this system to function properly against the Mac OS.   So, to
> > prevent that from being noticed, Skills made all Mac OS users get the
> > kill signal because their computers wont allow her/his/its Gemini system
> > to access data on the machine.   This way, Skills can just assert the
> > person was "obviously" using a malicious viewer, defaming them to hide
> > the inefficacy of the system itself."
> >
> > On 02/28/2010 11:02 PM, Tigro Spottystripes wrote:
> > So, all that the scriptkiddies out there need to do to evade the all
> > mighty Gemini CDS malicious client user detection system is to not have
> > Quicktime installed? And LL is letting all their users run around with
> > their machines open to attack by anyone? That doesn't sound plausible at
> > all...
> >
> > On 1/3/2010 00:58, Maggie Leber (sl: Maggie Darwin) wrote:
> >>>> On Sun, Feb 28, 2010 at 10:49 PM, Tigro Spottystripes
> >>>> <tigrospottystripes at gmail.com>  wrote:
> >>>>> hm, i didn't thought he did collect IP addresses, but even if the
> >>>>> system
> >>>>> does catch IP addresses (which isn't such a big deal if you keep your
> >>>>> machine safe) an IP address wouldn't be of any help identifying
> >>>>> malicious clients, unless the malicious clients in question routed
> >>>>> stuff
> >>>>> thru a known proxy.
> >>>>
> >>>> Sounds to me like we're talking about a lot more than IP address.
> >>>> There have been both remote file system reading and arbitrary code
> >>>> execution vulnerabilities in Quicktime in the past.
> >>>>
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
> >>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuLRf8ACgkQ8ZFfSrFHsmXijgCfR8yqNqXT9st0W3lYIK5gOLp+
> MyMAnjOcJ9xf/CkwIPKnHgH0/K6XLXRa
> =NL2i
> -----END PGP SIGNATURE-----
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100301/709089ac/attachment-0001.htm