Is there currently some kind of permissions exploit out there?

There's at least one permissions bug related to editing attached objects - so don't set permissions on attached objects, always rez it inworld instead and take back into inventory.

Maybe they bought so many items to give out as freebies to new people? It's just a thought.

I've had something similar occur due to lag - a donation pot/tip jar somehow got "rezzed twice".

Christiano, maybe these people are club owners, and they bought your dances to put into dance machines. That would explain the unusual act of buying all of them, and still be legit. Idunno!

Zapoteth, while I didn't buy 10k worth of these (sorry), I do highly value the one I have now. It was exactly what I've been looking for - a great place to showcase and protect my valueable collection of mini-prims.
(You break them you bought them.)

I've seen at least two, one that uses colored dots and one that uses something like XYText.

Why would protected scripts ever be downloaded to the client? They're run on the server, they live on the server... if there's anything that should be safe from client exploits on SL it's scripts.

I've had some similar things happen with some club-oriented things I sell. I sell a no copy/transfer version, and a copy/no transfer version for five times as much. I'll have people buy both versions, even though they're exactly the same in regard to functionality (and can easily be used for a party other than the purchaser via notecard configuration).

Strange that you should ask that because recently a few clothing items in my inventory have all of a sudden got full permissions when they didn't have them before. Probably no relation though.

If anyone finds anything that I have created is suddenly full permission go for it! I would be flattered if you give them out.

This gets my official drama stamp approval!

Maybe a HUDDLES?

I really hope that's true. I'd love to see that level of economic inter-relation developing.

That is exactly what happened. Someone at LL made a mistake.

I had a guy come in and buy like 20 of my fire extinguishers once. I was suspicious so I grabbed his name and found he had some land so I went there and found he had build an aircraft hanger and there were my extingiushers everywhere just like you would find in an real aircraft hanger.

Of course it has little to do with a new exploit but sometimes it is for a legitamate reason.

Hmmm, I had the scripts in my vendors in inventory go full perms recently - luckily I noticed before distributing any of them. I now check carefully daily!

I've in the past few weeks also noticed at least one of our vehicles go full perms as well, but that seems to just be a hiccup in SL that happens from time to time, not any new exploit. I'd be curious to hear the explanation of Christiano's customer if/when he asks though.

Oh an Argent, it did happen. One of the scripts exploited oddly enough was a freebie already, not any less hurtful/troublesome to my s.o. whose script it was but odd they'd have chosen a freebie amoungst those exploited in the first place.

As if it's not enough that you keep me from seriously working because I keep playing with your friggin awesome wand.....nooo, now my keyboard is acting weird because it's soaked in cafe au lait! D*&A$#M^%N YOU&%, man!

And if certain Midnights have their way, you never will.

This, Christiano, is why we hackers pick things apart and broadcast exploits to the public: so you'll know what's going on. I know exactly what's happening, I've even told my friends about it (per people's demands these things stay secret), but that's as far as I'll take it. That's as far as it needs to go. If you haven't heard about the answer, you obviously know the wrong people.

First person to call you out on your silly posturing bluff.

Suspicious? Hey, didn't you even think of the possibility of a... BIG BIG FIRE?

After the discussion in this thread, which loosely points back to a locked thread in which Jarod was roasted for describing GLIntercept, I doubt he'll be forthcoming with any more publicly useful exploit data. His discoveries and warnings are now reserved for a few select individuals that he can trust to not abuse report him to LL for his efforts.

I'm shocked that this thread is still open after Belaya so clearly stated "If anyone wanted to sit there with SoftICE or tear it apart with IDA Pro or sniff traffic, etc, etc,"

How does that silly phrase go? Oh yes, gee thanks for letting those cats out of the bag111 You can expect a warning from [email]support@lindenlab.com[/email] for broadcasting to the general public the necessary tools for taking apart the Windows version of the client and exploiting it's security weaknesses.

Anyone who has any sort of technical skill required to use SoftICE or IDA Pro or anything, which includes knowing comprehensive X86 assembly skills, knows the existence of those tools since they're actually legit development tools for debugging running applications.

Jarod mentioning in a thread something that has been a known program that has existed for longer than SL in various forms that any idiot can download and use is another story. If he happens to know something involving the permissions system, something that can actually be fixed unlike the one he chose to jump up and down after it's been a problem for a while.. then maybe he should open his mouth and it'll be fixed. But no, he's posturing and he doesn't know a thing on the subject.

Nor, apparently, do you, if you think mentioning those tools is letting any sort of cat out of the bag.

I'm not sure which Midnight you are referring to, it certainly isn't me. I have always supported your protests and revelations of flaws in SL, up to the Open GL issue. The main reason I criticized you for it is that it is not some flaw on LL's part that is causing that problem, and their is very little they can do to protect against it, if anything. Your spreading the details wasn't doing anyone a service except informing even more people how they can steal, under the guise of "letting designers know this is going on". So now you can sit smugly in your knowledge that you know about another exploit, that's fine - i would rather you did that than to just broadcast it to be malicious.

I think it's a small, geeky sort of cat. With glasses.

/me stuffs the cat back into the bag, narrowly avoiding serious laceration.