JEVN Exploit!

Hello residents of SL!

I just wanted to post and warn you all about an exploit in the JEVN system. There is someone (IM me for names) that is/was distributing an item that let you get the key of a server, and get all the items they wanted from it for free. The creator of the JEVN system has known about this for about 3 weeks to 1 month, and chose not to warn people. This is also the time that the JEVN emulator has existed. Before anyone claims I took items from them, I will admit that I did get some items. I have stopped using it, and returned the item to the creator of the emulator. The creator of the emulator (IM me for names) has found out a way to reverse engineer the servers so the emulator acts like a vendor. The item will even register in your logs as someone has paid, and it is undetectable. Please hide your servers well so no one will be able to find them.

What is JEVN?

Network server system.

grow up nim - the only reason you're doing this is because you grew a conscience and asked for your money back.. and when the creator of the emulator wouldn't give it back, you threw a hissy.

Alek, that's part of it, but I think people should know when their items they made are jepordized. Esmay should have warned people about this when she first knew about it.

that's total crap and you know it - you're in this for your own self serving motives.. Esmay has been working on a new version for some time now. Maybe she just didn't want to cause mass hysteria amongst her users? In any case, it was her decision to tell, not yours.. you're just doing this out of spite.

Dang, I was hoping for a way to get some free L$ cash!

Alek, I did ask for a refund after returning it, but I know I won't get that. Some people make a substantial amount of their income from SL, and what if they were using JEVN, and someone was stealing their items and made their income go down to a point where they had to stop playing SL? And yes, it was her decision. She decided not to tell people that their products were being stolen, so I did.

nevermind - i'm done.. i didn't make this, it's just my friends feuding.. get over it guys.. you're both in the wrong..

Like I said, I do admit to taking items. I could still be doing it but I returned it and decided to warn people about the exploit in the system.

Man this true shes known for 3 weeks not told any of us to hide our server some ways we can prevent this and I have SOMONE telling me all they can do is copy your items then Im telling her im reseller with none copy items and then she flips out I need to sell my own stuff..

WOW JEVN what a great service..

Can I report this for abuse lost 2K ?

I'm upset this not how somone should deal with problems. And shes like I send out a card tomorrow explaining it all. She should have 3 weeks when she knew to warn us.

Theres many ways we can somewhat protect us if she knows its just one person we can ban send abuse reports from our land.

We can also hide it put into the sky theres many ways.

But we were not warned thats why im pissed not at her great work but how she gave a ratts ass about our security!

For anyone that does own a JEVN system, do not stress out because of this, all you have to do is hide your servers better. If you put them where no one will find them (most likely on a different lot, not on your picks list, *NOT* in a sky box) then you will be safe. JEVN is an excellent system, and If it were not for a different networked system, I would probably be using it.

ugh, Keep a list of allowed keys on the server and the only the keys in such list can use the inventory distrobution system. also an auth challenge that would change on a time basis would be a nice idea and use a nonce with that. Find creative ways to make sure that ONLY the vendors that are real may communicate with you.

nimrod thanks alot for starting a panic. You've got people arguing, fussing and fighting over NOTHING. I have to deal with this crap now in RL thanks to you. Don't do me any more favors by posting shit like this.

I guess I shouldn't have stepped up and posted this to warn people that their items were being stolen, which is something the creator should have done about a month ago, and didn't plan on doing. Sorry!

Who gives a monkeys about his motivation for telling us? I couldnt care less if his motivation for doing it was that he was blackmailing the creator of the emulator and one day he was 1L$ short on his payment, what difference does it make - now we know about a HUGE flaw we can all take the nessessary steps to safeguard ourselves.

EDIT - I am not suggesting that there was any blackmailing involved - just using it as an example of a reason for informing us that I wouldnt care about.

What you did was start panic, and possible alert people that they can possible exploit a server issue, which only makes things worse.

Here, I am the creator of this emulator, this is my story...

I found this exploit while scheming of ways to make a 100% custom vendor, I did not plan this at first, but i prosuded the exploit and found it was highly plausable, the day after creating it, I contacted esmay on the situation, I could tell she was in the least pleased that i had found this. After about a week after holing it, i found a few server (Union Micro) and just browsed the server (without stealing an item) just to see what they had, while i was doing this nimrod offered me 25,000k for the exploit, being stupid and against my better judgement, i sold it on the terms "esmay would not fix the exploit in a week or i would owe him 10k", i accepted this offer, I in turn told him to use his better judgment in using it (after he stole over 8k worth of Union Micro merchindise in front of me), two to three days later i get an IM from Esmay saying that nimrod has been stealing merchindise from vendors, I talked to her and the next day i convinced him to either 1) keep using it and get banned 2) hand it over and resolve this issue peacefully. He chose option 2. Today i was talking to one of my friends and flew over and said that he wanted it back, I declined this and when i did, he treatened to post in the forums if i dident give it back. This i shrugged off as a threat just to scare me into handing it back over to him. After i teleported to a differant location he messaged me with these exact words.

*edited*

This was not to inform the public, this was an attempt to ruin a great vendor system since he couldent have his beloved exploit back.

I do take responsablity for my actions and will accept any punishment that LL will give
But the true criminal in this all is nimrod for stealing over 15-20k in items from various vendors.

I would suggest all vendors to hide and rename your servers to prevent other disputes like this, also if you see nimrod's name pop up in your sales log and it doesnt match with your trasaction log, please I urge you to file an AR.

Esmay, Im sorry for causing all this, you dont deserve your system to be the topic of such a contriversal dispute, I never ment you harm in all this, but have realised that there are people that will do anything, including posting on the form to get there way.

LL, please take whatever action against me you deem nessary, what i did was wrong, after learning the error of what i have done, i resolved it the best of my ability, beyond that, please accept my appoligy for hurting this great designer product and her users that are now forced to make a desision of weather to trust her vendor or not.

To the users, JEVN is not a bad system, this is a very contained bug that will cause no harm if the vendor is hidden from view and renamed to something not including "Server" in the title, Im sorry for shaking your opinion of JEVN and I urge you to stick arround for the next version that will kill this exploit dead in its tracks.

Thank you for all taking time to read this, you need to be informed on why I made it and the events leading up to now.

Thank you,
Carlos Bakalava

(Use periods please.) Actually this was the 2nd or 3rd server you got into, and you let other's get things, not just me. As for the 25k, you said you would be willing to sell it for 30k, so I said I would think about it, and offered 25k which you took.



How come you didn't mention how many things you took too? What about from those other servers?


Actually, you said "It's your @$$ if you get in trouble with it, not mine." I learned that one of the vendor's knew that I took something when I stopped. So I returned it.


Actually I wanted a 10k refund, or the item back. I would be able to show people that it is possible, some still don't think that it is.

Yes, who is the one who decided to exploit her system and sell the emulator? Yes, I did use it, but I no longer had/have it.

[/QUOTE=Nimrod Yaffle]
For anyone that does own a JEVN system, do not stress out because of this, all you have to do is hide your servers better. If you put them where no one will find them (most likely on a different lot, not on your picks list, *NOT* in a sky box) then you will be safe. JEVN is an excellent system, and If it were not for a different networked system, I would probably be using it.
[/QUOTE]

Oh, now it's 15-20k? In IM you told me it was 5k, and I do not remember who I got items from, but if they IM me I will return/pay for the item.


Oh, so not I can't even buy anything without being AR'd? Why shouldn't I AR you for creating the system? What did you expect to come of it when you sold it?


What is my way? I wanted to warn people of some that the creator should have.



It doesn't matter if the name 'Server' is in the title or not, you should know this, you gave me the ID Sniffer. All you have to do is find the Servers, which I have said, hide them well.

I agree alek, I never said to AR anyone, besides, I could/should be ARd myself.

Ok that post is hard to understand. Is that what everyone else gets from it:

1) Esmay creates a vendor system
2) Carlos finds an exploit and tells Esmay
3) Nimrod finds out about this bug from Carlos and pays 25k to know how to do it
4) Nimrod takes merchandise from a store using the vendor system
5) Esmay asks Carlos about Nimrod
6) Carlos makes Nimrod give the stuff back
7) Now Nimrod wants this money back that he paid for the bug
Carlos wont pay him so Nimrod posts an exploit warning here

???

So, the truth comes out. The only person that has actually stolen anything is the topic creator. Interesting.

People just LOVE to blow things completely out of proportion.

And to everyone who claims that they've lost items because of this: IM esmay your transaction logs directly from your transaction history, cross-referrenced with your JEVN logs. It's easy to tell if your stuff has actually been 'stolen'. My guess is that some people will post here claiming that they've lost income because of this, but it's just a bunch of BS.

If you haven't received vendor logs because you've set up your vendor incorrectly despite the VERY CLEAR INSTRUCTIONS and WELL-ORGANIZED SETUP NOTECARD, then saying that you don't have your logs is absolutely no excuse, and we may even go so far as to point and laugh.

Sorry if I come off as sounding mean, but this is just rediculous to the extreme.

No, I gave it back to him, and yes, I would like a refund, but I know I won't get it, so I'm posting to warn people about this. Besides, why would it hurt Carlos, if anything, it would hurt Esmay, which I do not want to do, but she has decided not to warn others.

I said at the beginning that I am guilty, but I am not the only one.


This could be possible, but you are able to edit the transactions. The only people that would be able to see unedited transaction logs (without your password) would be LL, and I doubt they will get involved, most likey this will get locked on page 4-5 anyways.

I say LL should ban you both. You've both used an exploit to profit off of through theft. Regardless of either of your motives, you still commited a crime.

nimrod, as far as I'm considered you're a script kiddie using exploits to their own benefit. You're no better then a parasite.

Carlos, you did the right thing by telling the creator but at the same time damned yourself the moment you sold a copy of the exploit.

You two have just lost any and all respect anyone may have had for you guys. Congrats, you've made it to the Black List.