Fake system text?

I just read a report that someone has received "notices" from someone with a non-Linden SL client similar to what you see when a friend comes online, and it shows as blue in your history.

I have no evidence to support this claim but no reason to disbelieve it.

Something to be on the lookout for.

could it be the pop up blue dialog box from estate owners?

I don't know, I didn't see it.

The story was told as if it was the result of using a non-Linden lab viewer, as if someone had discovered a packet definition that could be used to give them this ability in either a textbased client or a modified graphical viewer.

There are tools, I think the MistiTool is one, that allow you to send the blue pop-up type notices to other residents, if that's what you mean.

Yep the mistitool does. I didn't know this until the other night when some one showed me.

Blue in history will be one of the messages at show in the bottom of the screen, right? Does Mystitool have a way to make that kind? I know it can do a dialog box at the top.

I'm not sure whether the box appears at the top or bottom of the screen. I suspect you may be right and it is at the top, similar to where objects ask for permission to animate the AV etc.

That's weird.

I got a bunch of offline messages a few days ago from someone, in a foreign language (Spanish I think). They showed in my Chat History, not as an IM. And then, when I was online, another one appeared in a blue box bottom right.

I assumed it was just some system glitch, but it sounds like it might be what the OP describes - or MystiTool (I didn't know it did that - will have to try!).

I presume that MystiTool would send Dialogs (the ones that appear at the top right), since as far as I know there's no legal method for scripts to send system notifications (bottom right).

I saw a greif attack once where the person would send hundreds of fake server notices. Quite annoying.

its very easy to do.

both the bottom blue popups and the top ones.

its just packet manipulation

Can you explain a bit more, poopmaster?

I would think that system message packets have to come from LL. Do our clients accept these message packets from any source IP address?

What do you mean by "packet manipulation"? Do you mean intercepting traffic and modifying it, or a replay attack? The former requires hacking gear at LL or else in the network between LL and client -- and anyone with the savvy to do that would most likely apply it to something that actually matters, not silly stuff like this. The latter requires knowing the client's IP address, which I don't think is trivial to obtain.

You needn't give away any clues that would really help a serious hacker, just enough info for us to find out whether you know what you're talking about and perhaps what might be done to solve the problem.

I doubt that MystiTool could yield blue system messages using LSL script. Perhaps it could by sending messages outworld to sites that use replay attack tricks (but see above). Either that or there's a serious security hole in LSL.

If an altered client can do it, then it's a security hole in SL protocols.

google slproxy

What's the Mysti command for dat?

Mari

Its in the Toys button of the tool...and you can *throw your voice* for the lack of a better description...in other words find a victim and in chat say something and in green text it appears the other person said it.... of course its all in green text.

Oh! I use /1 mimic (what you're describing) all the time -- most recently to make a large coca-cola can talk. I thought it mighta hadda way to make blue boxes.

Mari

You could probably send messages to someone that look like system messages, if you use a non-standard viewer. I haven't looked into it and haven't tried anything like this, but I have poked around with libSL and have noticed that just about everything that comes in other than chat, comes via the IM protocol. TP requests, Group invites, those blue alert messages, and I think inventory offers, all come through the IM protocol.

So I figure, if you have a custom made client, you could probably send out IMs that are built to resemble system messages. That just leaves the question of how the SL servers would handle it -- would they pass the IM on to the intended recipient without verifying anything about it, or do they check to see if the IM has certain characteristics (system message) does it come from a legitimate source...

-Atashi

Ohhh lol you do! I think its umm /1 pop ........not in world so I'm not super sure!

slproxy lives between YOUR client and LL. It could make YOU see funky stuff.

For it to make other people see funky stuff, it would need to exploit a security loophole of the kind that Atashi hypothesizes.

Is the IM protocol between clients, or between client and server?

If it's between clients, it means that one client can get (via the server) another client's IP address, which IMHO would maen a huge mistake on LL's part.

If it's between client and server, then the server is far too trusting if it lets this kind of thing happen.

Good, we can ignore the Mystitool red herring. That's object chat, which is easily distinguished from system messages unless you have your chat prefs configured to render object chat in blue (which wouldn't be very smart). It also can't make the lower-right-corner blue popup messages.

[X] wrong [X] ignorance is bliss tho...

you can create, modify and inject packets with sl proxy

ignorance blessed with arrogance is even better

The grief attack I witnessed I was definitely in the form of server (or sim owner) notices where you were forced to hit ok/ignore... They came by the hundreds, they did not interrupt my connection or anything other than provide a huge neusance. There were so many so fast you were forced to relog or live with it.

The packets are still between you and the server though, so for you to create a system message packet and get it to appear on someone else's viewer, you have to send it through the servers, which would imply that the servers don't actually check to see if you have the authority to do so.

Whether you use SL Proxy or put some customizations into your own opensource viewer / bot, you're still relying on sending a modified IM from one client to another client, through the servers.

-Atashi

its not about authority, its simply a instant message....

What I meant about 'authority' has to do with the fact that IMs are not always just IMs.

SL uses the IM 'package' to send everything that isn't chat. The estate messages, system wide messages from the Lindens, group invites, TP offers, inventory offers, all come in the form of an IM. The browser decides what goes in an IM window and what appears in a blue popup based on what is in the IM package.

If you use a nonstandard viewer or some other means to form a system message and send it out, will the servers blindly pass it on to the destination? Or will they check that a 'system message' is actually coming from a Linden, and not just any kid with an open source client and some spare time?

That's where authority comes into play. It is about authority because it's not just an instant message.

-Atashi