JEVN Exploit!

What are the alternatives to JEVN? I've seen a few around SL, but never really checked them out. Whoever has them sure ain't advertising them well because I've searched like crazy for them.

Is there really a corn field?

The user password is a good solution and why I stuck to just that in my test release. You'd never be able to find out what someone elses password is unless there's a security hole in SL so you'd have to try and brute force it... through email! Sloooowww.

If I may take a soapbox for a moment, I must encourage everyone affected by this thread to replace their JEVN vendor with another author's rather than waiting for a patch.

Although I know it'll cost extra money, we really do not want to encourage the "rush out shoddy software to capture the market and money, THEN do the actual work and issue a patch" model of software development in SL.

JEVN already have their money, but at least they can be knocked off their dominant perch on in-world visibility. Who knows how many secure alternatives were never developed because scripters wandering the grid saw JEVN already had the market taped?

I know I knocked thoughts of doing one on the head for pretty much this very reason. A purely in-world one, that is.

Yes, I'll attach some pics, I feel like the children of the corn are going to get me!

There's at least two other network vendors off the top of my head, I don't think the market is really 'cornered'. Of course it's hard to tell if they are any more secure.

Ok Mulch, this one is for you. It has the UI and the name of the sim, and of course, there are many ways around the no flying restrictions. Also, if you do a search for certian letters of the alphabet, you can also see who is suspended(at least, I think. There are some names that do show up, but there are very few.)

I really do not understand the reasoning and logic behind rewarding someone who stole from you, sold and or gave it to others to steal more. It is baffeling to me that he was given trust in the first place and action against him was not immediately taken. His involvement in any product makes it highly suspect and untrustworthy.

We only have his word that he gave only 1 copy out, given his track record how reliable is that?

I ask this again. Why are people still using this vending machine? This entire thing has been handled beyond poorly. An immediate update should have been created - it should not have waited while a new version was developed. If I were a customer, I would definitely demand a refund - though I doubt you will get one at this point. The only thing you can do is speak with your wallet by using a different vendor. Mistakes happen and security flaws are found - but how they are handled is the important part, and the ball was dropped here across the board, and some bizarre decisions have been made.

I used to play a rather small cheesy monster killing game called The Realm. There was a person who was quite the hacker and the company actually hired this guy on to look at their code and make sure it was secure because there were some kiddies hacking into house/acct passwords and stealing. After I left I found out that the hacker they hired in had added his own undetectable coding to the system and stole a lot of things from a lot of people, deleted peoples characters they had made, some were years and years old, and then took down the game for over 10 days. D'oh!!


If you let a snake in your bed, you will probably get bit...

um you realize a few things here I hope:

A) Network administrators are "hackers" they have the same knowledge and access to tools that they understand as hackers do. They just protect us.

B) Antivirus and "protection" software companies make it a normal thing to hire those that create viruses after being caught in order to harness thier "unique" talents.

C) The best way to stop a thief is with a thief. Anyone in any security field is TAUGHT HOW someone does something wrong. The only question is morals/perception that make them "good" or "bad"

D) A computer company release a computer that under certain conditions would take over 30 minutes to boot up from time of power button press. This would occur even right out of box. They released it and "tested" for 6 months before releasing a patch. Many of you probably own a computer by this manufacturer...company's name looks like "hell".

On a personal level I applaud the "hacker" for a variety of reasons.

A) He made a script that does something (True it was immoral to many but he did)
B) He reported the information to the manufacturer of said item.
C) He did not mass produce or hand out this item. (Imagine of W-HAT got ahold of this folks.)

By Carlos' own admission he did SELL the exploit to at least one person. And he also admitted to GIVING it to another person other than Esmay, the creator of the vending system. So that makes at least 2 people other than the creator and himself that got the emulator. The one person who it was sold to started this thread. The one person it was given to has not said a word that I know of about any of this. We have no way of knowing what permissions were granted to this silent person and how many that person may have distributed.

As for your item D)..... No way in hell will I ever pay for one of those. I'll keep the ones built by my tech right here in my very own computer shop, tyvm. lol

There used to be a post that got deleted, about someone else hacking the system. They posted logs, and the person stole at *least* 40k worth of items, and that's a low figure.

One or two is not that big of a concern trust me. Usually when hacks or cracks are given out we are talking about hundreds have accessed and used it. Again think about giving this to W-hat. I personaly WOULD give a hack to my friend...to see if they could reproduce it or I was bugged. Anyone here that does any kind of troubleshooting or beta testing will tell you a problem is not a problem till more then one person says it is. Otherwise it is a glitch.

well i would say to all the persons that are bashing Esamy to stop a bit she did a very good work on her vendor and she brought you good sales, yeah but i guess all the good is erased from air heads by a little exploit...

Allegedly.

Yea, didn't they stop doing that in like the early 90's? Too many Haxxo4s movies!

that and/or it almost became an easy way for hackers to get a job, etc. I know two of my friends got offered jobs and one was in 1995.

I think the main reason it was stopped, was becase it *almost* gave people an incentive to hack.

that's what I meant. Sorry brain a tad fried...thinkit scrammbled in a car accidnet I had yesturday. *stupid snow*

I think I missed something.

Okay, so Esmay knew it was possible to build an emulator, and she began reworking everything.

Did she actually know that it was being used to steal stuff and that it had been given out? or did she think there was only one in existance and that it was in a safe place?

i guess you should ask her

Ask her what??

Yes to both, she knew someone had one (or many) and that they took things, but she still did not warn people. She knew that the creator had it, but he told her that he would no give it to anyone (which was not held true).

A: access to tools is one thing. Creating and cracking systems is someting else. I can name a dozen network admins off the top of my head, but NONE of them are capable of breaking even minimal Windows 2000 or Unix security.

B: TOTAL FABRICATION. The truth is, so-called hackers (the correct term is "crackers" are usually "one hit wonders", and once their bag of tricks has been used, they are not innovative enough to be truly useful in the security field. There are a few that are good enough, but not until they've gotten a real education under their belt. Among other places, you can read about this on Snopes.com, if I recall.

C: Wrong, wrong wrong. The way to stop a thief is to think like a thief. Anybody who actually hires a socially irresponsible individual such as a cracker or embezzler to protect sensitive data would have their insurance policies cancelled.

D: What does slow boot time have to do with hacking? There are many reasons to delay releasing an OS or BIOS patch, the most important of which is that you must make sure that you don't introduce new bugs while fixing the old ones. On the other hand, companies like Microsoft make commitments to try to fix security holes as soon as possible after their discovery. Microsoft often has patches available mere hours after the discovery of the vulnerability.