Is there currently some kind of permissions exploit out there?

Over the past few days, I have noticed an unusual buying pattern by customers in my stores, and today it has culminated to such a level that it really concerns me. Ordinarily, customers buy anywhere from one to maybe five items or so at a time in my stores. Sometimes higher, but the norm is that. Recently, I have noticed customers buying every single item in a vending machine. Entire collections of animations or poses - 30-50 items sometimes. All items are no copy but are transferrable, and are all animations/poses.

This afternoon, in the span of about 2 hours, I did nearly $10,000L in sales to three customers. Considering the items they are buying are $25L-$100L, it is highly unusual - I normally don't always sell that much in 24 hour period. Entire vending machines are being bought out. This makes me wonder if something more than just high demand for stuff is going on. Has anyone else been experiencing this? Maybe I am just being paranoid, but I have suffered through exploits before. I checked the machines and the permissions are fine, so I am not sure what is going on.

They could be buying them to resell at a higher price, You do have some of the best, cheapest animations in SL.

Yes but they are not copyable, so that would not be much of a resale market (and thank you, btw). They aren't buying multiple copies of the same thing, they are buying one of each. That is what is concerning me - that maybe there is some way to make no copy items copyable.

The only one I know of is IMing the creator and tricking them into enabling modify and copy with offers of hot sex. I've been tricked by Bub Linden on several occasions.

Boast much?

Either way, not me, furniture permissions are set up the same way (altho exploits would probably be different) my sales have stayed the same or gone down a little even..

I have too. Aimee Weber is also notorious for using that exploit.

Oooh burn, yeah you got me, I just wanted to boast about my mad sales skillz.

You have a record of who the sales were made to?

New arrivals to SL? Group affiliations in common? Oddities in the people's names?

Have you notified the Lindens?

By the way, thanks for that modificaton to the Snapzilla site that makes a big thumnail for use in the forums. That was 512 pixels across, which works in everyone's browsers, right?

Spose if there was it'd be to do with putting them in gestures or something? I'll go and buy one tomorow and try WITH ALL MY HEART to make it copiable, get bored after 10 minutes, and come back to forum trolling.

I can get some people to try to make a buy if you tell who made the unusual purchases.

Maybe it was just some folks that came into money, or maybe somebody has produced a HUD controller that makes it real easy to use a whole lot of animations.

Several months ago, there was some convoluted way to make something copyable that was no copy. I know the Lindens were aware of it at the time and did something to resolve it. However, these problems do come up from time to time. I am still regularly finding copyable versions of my stuff all over the place from past exploits.

I do know who the customers are and will look if there are any connections between them that I can see. I am going to just come out and ask the customers directly why they bought so many items, in a diplomatic way. It wasn't just today though, it is a pattern I notice every so often and it has been increasingly lately. Today was just a pretty extreme example of it, and it made me concerned since I have seen it in the past.

Neither am I. I had received an IM outside of game yesterday, actually, asking me to help verify if something had been exploited in order to be copied and sold. The friend was dead certain they had recognized the item as being one of my former partner's, Cereal Milk. Sadly, Cereal currently has no way of getting into SL to help root through inventory to confirm it with me, as I didn't happen to have one of his to check it against like I normally would. I've heard slight hintings elsewhere that there's probably a new method, in addition.

Please treat this as complete hearsay, though since I have no way of validating it, which is why I'm being delightfully vague.

OH NOES MY GOLD NECKLACES ARE TOO HEAVY AND MY DIAMOND SHOES ARE TOO TIGHT

(omg caps)

Yeah, I know where you are at, Cristiano.

I know people (external developers) who come into SL and grab a wide array of items for 'research and development'. I have even had a couple explaining to me that is what they are doing, which I thought was a rather polite way to steal ideas.

What can you really do?

The 40 USD they spend on your hard work is piddlin' compared to what they normally have to spend for that kind of quality.

And, truthfully, it would not be suprising that something similar to Ogle exists for animations .. and even if they do not use it in SL, they might use it outside of SL in a different product.

What can you do, when you live in a shoe?

I have recently started work on an LSL obfuscator in order to protect myself more, and I have some other ideas, but it sometimes it is simply impossible to protect your intellectual property.

Also, I think Linden Lab needs to spend more time reminding people that is a indictable crime to circumvent copyright protection software, which exists in SL. That would help somewhat.

http://www.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00001204----000-.html

When I saw the release of the Linux client it occured to me that if you wanted to decompile, reverse-engineer, or otherwise watch transactions between client and grid, it had just been made wildly easier.

I'm not saying that the Linux client is any less secure, but that the tools available on the platform and the "how does this work" attitude common in the Linux community just makes it more likely. Neither does this speculation get you anywhere, but it may be worthy of note.

Good luck.

If anyone wanted to sit there with SoftICE or tear it apart with IDA Pro or sniff traffic, etc, etc, those tools have been there long before SL ever existed for Windows and there's just as many interested cracker types on Windows who'd root through the SL client as there are for any other OS, trust me.

Wha? I never did used an exploit on you ... hrmmm ... wait a second....





CURSE YOU AMY WEEBLER!!!!

as Belaya so rightly said, most application crackers use windows. fuzzing applications can be very easy, but running on a diffrent OS makes very very little diffrence.

OMG LOL!

and...WTG Cristiano apparently someone likes your work!

Point taken. Please allow me to rephrase: If I were inclined to crack the SL protocol, I'd have an easier time on Linux.

Indeed, they already have, as the flap about the cracked client with "god mode" access to scripts and such revealed.

Cristiano, oh Mr. Rich guy..can i borrow some lindens?

S'why I said 'trust me', yes -- I remember that issue. This subject comes up elsewhere often enough since there's those who like to poke around out of curiousity. Though like I said, I don't know anything about a new permissions issue beyond hearsay nor do I think I want to be within ten yards of it, anyway.

@Cristiano: Think you got the general idea by now, though. If it's out there, either no one here knows or no one is talking. I'd try not to worry until you have an actual incident.

Just before the last update I was messing around rezzing a cuddle couch by reveire(sp) and as I rezzed it and attempted to move it, It copied itself so I had 2 of them on my floor (I watched as it duplicated as if I was duplicating a prim) but only bought one.

I thought it was just a fluke as it also crashed me immedietly, When I returned from the upgrade I figured it would be gone but to my suprise I still have both said couches the one I bought and the one that copied. I have no idea how it happened and have not even tried to repeat the actions. *shrugs*