[opensource-dev] Banning by client

Tigro Spottystripes tigrospottystripes at gmail.com
Sun May 2 14:45:43 PDT 2010

Previous message: [opensource-dev] Banning by client
Next message: [opensource-dev] Banning by client
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

AFAIK only LL (and someone intercepting network communications) knows
what channel some client is using

On 2/5/2010 18:42, Rob Nelson wrote:
> The only way to reliably detect a client is if the client sends an MD5
> hash of the executable to the login server, and that function was
> removed ages ago from the login process due to ease of spoofing.
> 
> Requiring a unique login channel requires manual intervention to change
> the login channel from the official LL channel to the unique one
> required by the TPV, so malicious developers don't even have to lift a
> finger in order to bypass detection.  
> 
> The entire system is flawed, and I'm sure LL knows this.
> 
> On Sun, 2010-05-02 at 20:56 +0200, Carlo Wood wrote:
>> On Sat, May 01, 2010 at 06:53:49PM -0400, Glen Canaday wrote:
>>> Though WHY anyone wouldn't want to come HERE to talk about client 
>>> detection is far beyond my grasp. That's like AVG not wanting to talk to 
>>> Microsoft.
>>
>> Probably because it's a moronic asshole, who is only 
>> interested in making money with the product and doesn't
>> care if 1% are false positives.  Not until LL comes
>> knocking on their door anyway.
>>
>> I guess that the only reasonable response (unless LL
>> wants to get involved) is to find out how the detection
>> works and write a patch that makes SURE it won't be
>> detected (which then can be used by everyone, but malicious
>> viewers will do this anyway, whether or not we do or not).
>>
>> So, how does this thing "detect" the mentioned "signature"?
>>
> 
> 
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAkvd8oIACgkQ8ZFfSrFHsmVIXQCfSTydZfbMH4c4CxpvwWmHqHcZ
YJUAn2GTGUzLWRSU+uF3FMlh84UkOxpA
=3u94
-----END PGP SIGNATURE-----

Previous message: [opensource-dev] Banning by client
Next message: [opensource-dev] Banning by client
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the opensource-dev mailing list