Second Life Forums Archive - Bizarre account copybotting avatars, clothing and even profiles and groups

Viktoria Dovgal

…

Join date: 29 Jul 2007

Posts: 3,593

06-09-2008 09:04

From: Eva Tiramisu

This could explain why I found items set to the correct land group, but owned by someone we never invited on our land, she didnt show up in group though. I just wrote it of as a bug and returned her stuff.

That could also be an old bug in the client that only recently got fixed (I think it might be only fixed in the RCs so far). The group field in the editor hasn't been cleared properly, so if you look at any object that is set to a group, any objects you look at that _aren't_ set to any group will appear to belong to that last one.

ETA; that bug was https://jira.secondlife.com/browse/VWR-3598

_____________________

RobbyRacoon Olmstead

Red warrior is hungry!

Join date: 20 Sep 2006

Posts: 1,821

06-09-2008 09:07

From: Eva Tiramisu

This could explain why I found items set to the correct land group, but owned by someone we never invited on our land, she didnt show up in group though. I just wrote it of as a bug and returned her stuff.

My wife told me about some guy in our store creating prims that were set to our invite-only group the other day. Stupid me, I shrugged it off as some kind of cache or synch issue, despite how insistent she was that the objects were set to our group.

Looks like I need to buy some chocolate today

.

_____________________

Talon DeCuir

Angel

Join date: 19 May 2007

Posts: 350

06-09-2008 09:33

If you set an enrollment fee on an invite only group.... if you invite someone - will they get asked to pay that fee - or since you invited, will it by pass that?

Viktoria Dovgal

…

Join date: 29 Jul 2007

Posts: 3,593

06-09-2008 09:45

From: Talon DeCuir

If you set an enrollment fee on an invite only group.... if you invite someone - will they get asked to pay that fee - or since you invited, will it by pass that?

Yes, the invitations do include the fee in that case.

Group fees are going to become the new !quit and just as useful, aren't they?

_____________________

Phoenix Psaltery

Ninja Wizard

Join date: 25 Feb 2005

Posts: 2,599

06-09-2008 10:11

http://jira.secondlife.com/browse/SVC-2514

_____________________

Wildefire Walcott

Heartbreaking

Join date: 8 Nov 2005

Posts: 2,156

06-09-2008 10:12

From: Briana Dawson

Group land and permissions cannot be affected by CopyBot.

What i learned is this:

The JOIN GROUP button for "invite only" groups is actually there just not visible - so it can actually be joined via code command and not via button click - which is why the CopyBot can join groups, it just gets the group key, sends a join requiest and is instantly in. The rest of us are limited because we don't get the JOIN button so we cannot join.

To prevent CopyBot's from joining your closed group put an astronomical entry fee to the group. I use 50k Linden.

So, groups are safe from land/permission/pay-out rip-off exploits by means of CopyBot.

Are you saying they're only safe from copybot if you set the join fee to a very high price, or that there's currently no risk at all? Because, as mentioned earlier, even if the person only gets Everyone permissions in the group, if the owner has granted full rights to Everyone, any group-owned land is compromised.

_____________________

Desperation Isle Estates: Great prices, great neighbors, great service!
http://desperationisle.blogspot.com/

New Desperation Isle: The prettiest BDSM Playground and Fetish Mall in SL!
http://desperationisle.com/

Desperation Isle Productions: Skyboxes for lots (and budgets) of all sizes!

Meade Paravane

Hedgehog

Join date: 21 Nov 2006

Posts: 4,845

06-09-2008 10:15

I don't think there's a group exploit here - Lindens would go absolutely postal about something like that.

_____________________

Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224
- If you see "if you were logged in.." on the left, click it and log in
- Click the "Vote for it" link on the left

Meade Paravane

Hedgehog

Join date: 21 Nov 2006

Posts: 4,845

06-09-2008 10:18

Did anybody poke the security stuff on JIRA about this yet? I find it pretty hard to believe that there's a hole this ginormous in the group stuff but it's worth a JIRA anyway. It's really scary if it's true.

_____________________

Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224
- If you see "if you were logged in.." on the left, click it and log in
- Click the "Vote for it" link on the left

3Ring Binder

always smile

Join date: 8 Mar 2007

Posts: 15,028

06-09-2008 10:21

looks like the copier is not duplicating primmed objects, but that they can copy your clothes/skin is also concerning.

_____________________

it was fun while it lasted.
http://2lf.informe.com/

Qie Niangao

Coin-operated

Join date: 24 May 2006

Posts: 7,138

06-09-2008 10:26

From: 3Ring Binder

looks like the copier is not duplicating primmed objects, but that they can copy your clothes/skin is also concerning.

Come to think of it... is that what's actually going on? I mean, are they able to get separate layers, or do they just get the whole baked enchilada, and paint it all on as a skin?

_____________________

Archived for Your Protection

Meade Paravane

Hedgehog

Join date: 21 Nov 2006

Posts: 4,845

06-09-2008 10:36

From: 3Ring Binder

looks like the copier is not duplicating primmed objects, but that they can copy your clothes/skin is also concerning.

We're talking about that video from the SLU thread?

If so, youtube says it's from Nov 2006.

_____________________

Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224
- If you see "if you were logged in.." on the left, click it and log in
- Click the "Vote for it" link on the left

3Ring Binder

always smile

Join date: 8 Mar 2007

Posts: 15,028

06-09-2008 10:41

no. i was talking about the picture posted. non-primmed clothes and skin and shape are obviously duplicated. maybe they are both profile hacking and texture stealing simultaneously.

_____________________

it was fun while it lasted.
http://2lf.informe.com/

Viktoria Dovgal

…

Join date: 29 Jul 2007

Posts: 3,593

06-09-2008 10:49

From: Qie Niangao

Come to think of it... is that what's actually going on? I mean, are they able to get separate layers, or do they just get the whole baked enchilada, and paint it all on as a skin?

The cloner doesn't really need to download anything, only needs to read the target's attributes and tell the server it has the same ones.

The individual layers can be snarfed, but the cloner doesn't use that.

_____________________

Meade Paravane

Hedgehog

Join date: 21 Nov 2006

Posts: 4,845

06-09-2008 10:50

From: 3Ring Binder

no. i was talking about the picture posted. non-primmed clothes and skin and shape are obviously duplicated. maybe they are both profile hacking and texture stealing simultaneously.

To do prim stuff, the bot would probably have to actually clone the objects then wear them, possibly having to take it to inventory first.

All that is possible, even if the picture doesn't show it. It's just more work - maybe the bot in the picture doesn't know how to do that stuff or isn't using that feature.

_____________________

Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224
- If you see "if you were logged in.." on the left, click it and log in
- Click the "Vote for it" link on the left

3Ring Binder

always smile

Join date: 8 Mar 2007

Posts: 15,028

06-09-2008 10:51

From: Meade Paravane

To do prim stuff, the bot would probably have to actually clone the objects then wear them, possibly having to take it to inventory first.

All that is possible, even if the picture doesn't show it. It's just more work - maybe the bot in the picture doesn't know how to do that stuff or isn't using that feature.

you missed my piont.

From: someone

maybe they are both profile hacking and texture stealing simultaneously.

_____________________

it was fun while it lasted.
http://2lf.informe.com/

Kitty Barnett

Registered User

Join date: 10 May 2006

Posts: 5,586

06-09-2008 10:57

From: 3Ring Binder

you missed my piont.

The original showcase copybot did all of that already, including recreating prim attachments.

Meade Paravane

Hedgehog

Join date: 21 Nov 2006

Posts: 4,845

06-09-2008 11:04

From: 3Ring Binder

you missed my piont.

Copying a profile, stealing non-prim clothes/skins and copying prims (attached or not) are just some of the functions that can be done. That a particular bot does (or does not) do more than one of these functions isn't that big of a deal, IMO.

The important bit is the list of things that can be done and if they're dangerous things.

_____________________

Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224
- If you see "if you were logged in.." on the left, click it and log in
- Click the "Vote for it" link on the left

Ariana Rieko

Registered User

Join date: 8 Jun 2008

Posts: 11

06-09-2008 13:21

From: Meade Paravane

Did anybody poke the security stuff on JIRA about this yet? I find it pretty hard to believe that there's a hole this ginormous in the group stuff but it's worth a JIRA anyway. It's really scary if it's true.

You would think by now LL has learned to stop depending on client checks for securety things, I think there was a another securety hole with banlines being a client side check but can't find the post right now where that was explained, it was something about griefer viewers able to ignore banlines.

foehn Breed

More random than random

Join date: 16 Jan 2006

Posts: 1,142

06-09-2008 14:21

Status: Resolved Resolved ?

_____________________

You have no friends online at this time. "Excellent!"

Einstein "I never think of the future. It comes soon enough."

Macphisto Angelus

JAFO

Join date: 21 Oct 2004

Posts: 5,831

06-09-2008 14:29

I found out today that not only does the new form of copybot copy an item, but there is a version out there that also rips textures from the item at the same time and downloads them seperately in a file. Two forms of theft in one. :/

_____________________

From: Natalie P from SLU

Second Life: Where being the super important, extra special person you've always been sure you are (at least when you're drunk) can be a reality!

From: Ann Launay

I put on my robe and wizard ha...
Oh. Nevermind then.

Tarina Sewell

Just Browsing Thank you

Join date: 20 Jul 2007

Posts: 2,180

06-15-2008 09:30

From: Macphisto Angelus

I found out today that not only does the new form of copybot copy an item, but there is a version out there that also rips textures from the item at the same time and downloads them seperately in a file. Two forms of theft in one. :/

What do i need to put in a my store to protect myself from this?

Viktoria Dovgal

…

Join date: 29 Jul 2007

Posts: 3,593

06-15-2008 09:34

From: Tarina Sewell

What do i need to put in a my store to protect myself from this?

The long and short of it is that you can't. Subtle watermarking might help you to identify ripped textures, but you can't prevent it from happening. It's built into the system, textures have to be downloaded to everyone's computers so they can see them.

_____________________

Kitty Barnett

Registered User

Join date: 10 May 2006

Posts: 5,586

06-15-2008 09:57

From: Tarina Sewell

What do i need to put in a my store to protect myself from this?

Viktoria already pointed out that you can't really do anything preventing about it.

There are a few things sold in-world that claim to offer any protection but they're just scams unfortunately.

What you can do is to familiarize yourself with the DMCA process: http://secondlife.com/corporate/dmca.php

Read it through and make sure you understand everything you need to do if it ever becomes necessary and ask questions now if you're unsure about something. You'll save time and hopefully you'll never have to file one, but if you do you'll be ready and informed

.

Vittorio Beerbaum

Sexy.Builder Hot.Scripter

Join date: 16 May 2007

Posts: 516

06-15-2008 10:01

Anything mentioned here existed by ages... so i would suggest to concentrate on the big news here, and figure out if it really happened how exposed: someone joined a invite-only group. I did my test with packet manipulation, testclient, etc. and i didn't found a way to join a group because it is locked serverside (even faking an accepting message). But it doesn't mean that the possibility doesn't exists because of an exploit that i doesn't know.

_____________________

Beerbaum Music Department
http://slurl.com/secondlife/Beerbaum/127/131/23
http://www.vittoriobeerbaum.com

Tarina Sewell

Just Browsing Thank you

Join date: 20 Jul 2007

Posts: 2,180

06-15-2008 10:06

From: Viktoria Dovgal

The long and short of it is that you can't. Subtle watermarking might help you to identify ripped textures, but you can't prevent it from happening. It's built into the system, textures have to be downloaded to everyone's computers so they can see them.

Ahh, I bought a sculpty hat kit at a build edu and I noticed the sculpty image had text all over it. cool good idea (I like my prim built hat better though)

Bizarre account copybotting avatars, clothing and even profiles and groups
Viktoria Dovgal … Join date: 29 Jul 2007 Posts: 3,593	06-09-2008 09:04 From: Eva Tiramisu This could explain why I found items set to the correct land group, but owned by someone we never invited on our land, she didnt show up in group though. I just wrote it of as a bug and returned her stuff. That could also be an old bug in the client that only recently got fixed (I think it might be only fixed in the RCs so far). The group field in the editor hasn't been cleared properly, so if you look at any object that is set to a group, any objects you look at that _aren't_ set to any group will appear to belong to that last one. ETA; that bug was https://jira.secondlife.com/browse/VWR-3598 _____________________
RobbyRacoon Olmstead Red warrior is hungry! Join date: 20 Sep 2006 Posts: 1,821	06-09-2008 09:07 From: Eva Tiramisu This could explain why I found items set to the correct land group, but owned by someone we never invited on our land, she didnt show up in group though. I just wrote it of as a bug and returned her stuff. My wife told me about some guy in our store creating prims that were set to our invite-only group the other day. Stupid me, I shrugged it off as some kind of cache or synch issue, despite how insistent she was that the objects were set to our group. Looks like I need to buy some chocolate today . _____________________
Talon DeCuir Angel Join date: 19 May 2007 Posts: 350	06-09-2008 09:33 If you set an enrollment fee on an invite only group.... if you invite someone - will they get asked to pay that fee - or since you invited, will it by pass that?
Viktoria Dovgal … Join date: 29 Jul 2007 Posts: 3,593	06-09-2008 09:45 From: Talon DeCuir If you set an enrollment fee on an invite only group.... if you invite someone - will they get asked to pay that fee - or since you invited, will it by pass that? Yes, the invitations do include the fee in that case. Group fees are going to become the new !quit and just as useful, aren't they? _____________________
Phoenix Psaltery Ninja Wizard Join date: 25 Feb 2005 Posts: 2,599	06-09-2008 10:11 http://jira.secondlife.com/browse/SVC-2514 _____________________
Wildefire Walcott Heartbreaking Join date: 8 Nov 2005 Posts: 2,156	06-09-2008 10:12 From: Briana Dawson Group land and permissions cannot be affected by CopyBot. What i learned is this: The JOIN GROUP button for "invite only" groups is actually there just not visible - so it can actually be joined via code command and not via button click - which is why the CopyBot can join groups, it just gets the group key, sends a join requiest and is instantly in. The rest of us are limited because we don't get the JOIN button so we cannot join. To prevent CopyBot's from joining your closed group put an astronomical entry fee to the group. I use 50k Linden. So, groups are safe from land/permission/pay-out rip-off exploits by means of CopyBot. Are you saying they're only safe from copybot if you set the join fee to a very high price, or that there's currently no risk at all? Because, as mentioned earlier, even if the person only gets Everyone permissions in the group, if the owner has granted full rights to Everyone, any group-owned land is compromised. _____________________ Desperation Isle Estates: Great prices, great neighbors, great service! http://desperationisle.blogspot.com/ New Desperation Isle: The prettiest BDSM Playground and Fetish Mall in SL! http://desperationisle.com/ Desperation Isle Productions: Skyboxes for lots (and budgets) of all sizes!
Meade Paravane Hedgehog Join date: 21 Nov 2006 Posts: 4,845	06-09-2008 10:15 I don't think there's a group exploit here - Lindens would go absolutely postal about something like that. _____________________ Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
Meade Paravane Hedgehog Join date: 21 Nov 2006 Posts: 4,845	06-09-2008 10:18 Did anybody poke the security stuff on JIRA about this yet? I find it pretty hard to believe that there's a hole this ginormous in the group stuff but it's worth a JIRA anyway. It's really scary if it's true. _____________________ Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
3Ring Binder always smile Join date: 8 Mar 2007 Posts: 15,028	06-09-2008 10:21 looks like the copier is not duplicating primmed objects, but that they can copy your clothes/skin is also concerning. _____________________ it was fun while it lasted. http://2lf.informe.com/
Qie Niangao Coin-operated Join date: 24 May 2006 Posts: 7,138	06-09-2008 10:26 From: 3Ring Binder looks like the copier is not duplicating primmed objects, but that they can copy your clothes/skin is also concerning. Come to think of it... is that what's actually going on? I mean, are they able to get separate layers, or do they just get the whole baked enchilada, and paint it all on as a skin? _____________________ Archived for Your Protection
Meade Paravane Hedgehog Join date: 21 Nov 2006 Posts: 4,845	06-09-2008 10:36 From: 3Ring Binder looks like the copier is not duplicating primmed objects, but that they can copy your clothes/skin is also concerning. We're talking about that video from the SLU thread? If so, youtube says it's from Nov 2006. _____________________ Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
3Ring Binder always smile Join date: 8 Mar 2007 Posts: 15,028	06-09-2008 10:41 no. i was talking about the picture posted. non-primmed clothes and skin and shape are obviously duplicated. maybe they are both profile hacking and texture stealing simultaneously. _____________________ it was fun while it lasted. http://2lf.informe.com/
Viktoria Dovgal … Join date: 29 Jul 2007 Posts: 3,593	06-09-2008 10:49 From: Qie Niangao Come to think of it... is that what's actually going on? I mean, are they able to get separate layers, or do they just get the whole baked enchilada, and paint it all on as a skin? The cloner doesn't really need to download anything, only needs to read the target's attributes and tell the server it has the same ones. The individual layers can be snarfed, but the cloner doesn't use that. _____________________
Meade Paravane Hedgehog Join date: 21 Nov 2006 Posts: 4,845	06-09-2008 10:50 From: 3Ring Binder no. i was talking about the picture posted. non-primmed clothes and skin and shape are obviously duplicated. maybe they are both profile hacking and texture stealing simultaneously. To do prim stuff, the bot would probably have to actually clone the objects then wear them, possibly having to take it to inventory first. All that is possible, even if the picture doesn't show it. It's just more work - maybe the bot in the picture doesn't know how to do that stuff or isn't using that feature. _____________________ Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
3Ring Binder always smile Join date: 8 Mar 2007 Posts: 15,028	06-09-2008 10:51 From: Meade Paravane To do prim stuff, the bot would probably have to actually clone the objects then wear them, possibly having to take it to inventory first. All that is possible, even if the picture doesn't show it. It's just more work - maybe the bot in the picture doesn't know how to do that stuff or isn't using that feature. you missed my piont. From: someone maybe they are both profile hacking and texture stealing simultaneously. _____________________ it was fun while it lasted. http://2lf.informe.com/
Kitty Barnett Registered User Join date: 10 May 2006 Posts: 5,586	06-09-2008 10:57 From: 3Ring Binder you missed my piont. The original showcase copybot did all of that already, including recreating prim attachments.
Meade Paravane Hedgehog Join date: 21 Nov 2006 Posts: 4,845	06-09-2008 11:04 From: 3Ring Binder you missed my piont. Copying a profile, stealing non-prim clothes/skins and copying prims (attached or not) are just some of the functions that can be done. That a particular bot does (or does not) do more than one of these functions isn't that big of a deal, IMO. The important bit is the list of things that can be done and if they're dangerous things. _____________________ Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
Ariana Rieko Registered User Join date: 8 Jun 2008 Posts: 11	06-09-2008 13:21 From: Meade Paravane Did anybody poke the security stuff on JIRA about this yet? I find it pretty hard to believe that there's a hole this ginormous in the group stuff but it's worth a JIRA anyway. It's really scary if it's true. You would think by now LL has learned to stop depending on client checks for securety things, I think there was a another securety hole with banlines being a client side check but can't find the post right now where that was explained, it was something about griefer viewers able to ignore banlines.
foehn Breed More random than random Join date: 16 Jan 2006 Posts: 1,142	06-09-2008 14:21 Status: Resolved Resolved ? _____________________ You have no friends online at this time. "Excellent!" Einstein "I never think of the future. It comes soon enough."
Macphisto Angelus JAFO Join date: 21 Oct 2004 Posts: 5,831	06-09-2008 14:29 I found out today that not only does the new form of copybot copy an item, but there is a version out there that also rips textures from the item at the same time and downloads them seperately in a file. Two forms of theft in one. :/ _____________________ From: Natalie P from SLU Second Life: Where being the super important, extra special person you've always been sure you are (at least when you're drunk) can be a reality! From: Ann Launay I put on my robe and wizard ha... Oh. Nevermind then.
Tarina Sewell Just Browsing Thank you Join date: 20 Jul 2007 Posts: 2,180	06-15-2008 09:30 From: Macphisto Angelus I found out today that not only does the new form of copybot copy an item, but there is a version out there that also rips textures from the item at the same time and downloads them seperately in a file. Two forms of theft in one. :/ What do i need to put in a my store to protect myself from this?
Viktoria Dovgal … Join date: 29 Jul 2007 Posts: 3,593	06-15-2008 09:34 From: Tarina Sewell What do i need to put in a my store to protect myself from this? The long and short of it is that you can't. Subtle watermarking might help you to identify ripped textures, but you can't prevent it from happening. It's built into the system, textures have to be downloaded to everyone's computers so they can see them. _____________________
Kitty Barnett Registered User Join date: 10 May 2006 Posts: 5,586	06-15-2008 09:57 From: Tarina Sewell What do i need to put in a my store to protect myself from this? Viktoria already pointed out that you can't really do anything preventing about it. There are a few things sold in-world that claim to offer any protection but they're just scams unfortunately. What you can do is to familiarize yourself with the DMCA process: http://secondlife.com/corporate/dmca.php Read it through and make sure you understand everything you need to do if it ever becomes necessary and ask questions now if you're unsure about something. You'll save time and hopefully you'll never have to file one, but if you do you'll be ready and informed .
Vittorio Beerbaum Sexy.Builder Hot.Scripter Join date: 16 May 2007 Posts: 516	06-15-2008 10:01 Anything mentioned here existed by ages... so i would suggest to concentrate on the big news here, and figure out if it really happened how exposed: someone joined a invite-only group. I did my test with packet manipulation, testclient, etc. and i didn't found a way to join a group because it is locked serverside (even faking an accepting message). But it doesn't mean that the possibility doesn't exists because of an exploit that i doesn't know. _____________________ Beerbaum Music Department http://slurl.com/secondlife/Beerbaum/127/131/23 http://www.vittoriobeerbaum.com
Tarina Sewell Just Browsing Thank you Join date: 20 Jul 2007 Posts: 2,180	06-15-2008 10:06 From: Viktoria Dovgal The long and short of it is that you can't. Subtle watermarking might help you to identify ripped textures, but you can't prevent it from happening. It's built into the system, textures have to be downloaded to everyone's computers so they can see them. Ahh, I bought a sculpty hat kit at a build edu and I noticed the sculpty image had text all over it. cool good idea (I like my prim built hat better though)

Welcome to the Second Life Forums Archive

Bizarre account copybotting avatars, clothing and even profiles and groups