[sldev] More about viewer auth in today's RC

[Jesse Barnett]

On 12/4/07, Tess Chu <tess at lindenlab.com> wrote:
>
>  We
> *weren't* necessarily trying to make the mechanism itself more secure
> (we believe both mechanisms are secure), but rather, we want to give
> ourselves greater flexibility to use new security mechanisms already
> being successfully employed by banks, credit-card companies, and other
> service providers that need rigorous security regimes.  By moving to
> standard HTTPS plus HTML, we get the benefit of being able to integrate
> new security systems without creating a lot of custom code.
>
> We realize that the way that we went about this was a little clumsy.  We
> have a lot of conflicting priorities to balance; we're working on the
> part of the system that is necessarily shrouded in the most secrecy
> (since we are trying to keep the bad guys out).  Though we fully expect
> Second Life to become more open over time, there will always need to be
> secrets.  We are, after all, not planning on publishing the root
> password for our systems any time soon.
>
> The process of making Second Life more open will take time, and will
> probably (unfortunately) be filled with awkward moments like this one
> where we figure out how to work together with you all.  Please bear with
> us, we're trying to learn the best way to do this.
>
> Thanks,
> Tess

Thank you Tess for replying.

I made a botched attempt to post about this on Sunday, just tried
again and after I posted your mesage was here.
Hopefully it won't appear twice but here goes:

"LL to start using Streambase to combat fraud"

"May be of interest to others. Pattern recognition software has a multitude
of uses including most importantly fraud protection. Due to the sensitive
nature of security, we may not get much feedback on this. But I would
imagine that it could allay some of the recent concerns dealing with our
logins to 3rd party viewers. One such scenario would be an (undefined)
flurry of users logging in from the same IP address etc. Same as you will
recieve a phone call from your CC company if you forget to tell them you are
going on vacation and charges start appearing from Alcapulco........

http://www.wired.com/gaming/virtualworlds/news/2007/11/mmo_cheats

"Online Games Use Fraud Software to Combat Cheats
By Emmet Cole 11.30.07 | 4:00 PM

Cheaters in multiplayer online games beware: Game developers are turning to
advanced financial fraud-detection software to keep you from crooking your
way to online riches."

etc, etc

"The MMO developer BioWare has recently adopted StreamBase's technology, as
has Second Life's Linden Lab and Avatar Reality, which is creating the MMO
Blue Mars for launch in late 2008."

etc etc

Jesse Barnett"

_______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071204/1694a975/attachment.htm