Sl Multiplayer Games Have Been Hacked!!!

Why not just filter the listener? You could simply filter for listening for objects that have the same owner, and all your problems are solved. You don't even need to encrypt anything. And don't camping chairs use notecards anyway?

I am trying to wrap my brain around this and not succeeding very well.

1. there is a crack/hack for multiplayer games
2. this crack/hack tricks the game into thinking a stranger is the owner
3. this crack/hack then takes money from the real owners account in an amount greater than the pot?

SOmeone please let me know if I got this right

most simple of precautions:

I've seen a lot of coding precautions.... but it amazes me at times how many people don't set autoreturn (I mean even every 24 hours) or allow building when none is needed.

oh and post some script examples!

Stop scaring people, Games, and stop sending me a bunch of false hack reports and telling people at my casinos to go somewhere else because Quki Casino is being hacked. A simple line of code prevents that, and i've asked every possible Linden i could find about this so called "hack", and there is no such thing.

I even gave you that simple llGetOwner(id) code, and you refused to admit that that was all you needed. You don't need all those unnecessary security stuff, although i can admit being safer is better than being sorry. Having all that security code just lags the sim a little more.

To this day, Quki Casino hasn't been hacked once, I even told some people the channels my machines were working on, and even then they were still unable to foil it, even when all they see is a plain key flying through the chat waves.

If what you're doing is just trying to advertise VGI and scaring people away from my casino after your casino being hacked and after your casino remained down for 3 straight days, that's very dirty advertising. If you haven't noticed, i've stayed as far as you as I could, to prevent any misunderstanding of me trying to advertise in people's faces while they're sitting in your chairs. I've only relied on word of mouth and my own tiny little casino in the north continent.

Thus it's settled. There is NO hack until i see it happen, and i have decided not to join your casino group because of your low profile types of advertising. Have a nice day.

PS: take Pay Chair V5.5 off the list please, my chair hasn't been hackable since version 2.2, thank you very much.

Why would people playing at a casino care if it is being hacked?

Because then they'll think i'll come in and reset the chairs and eject everyone before they can make the money, and waste their sitting time.

Cuz somone who we know that runs VGI likes to eject everyone without paying them. I would just freze them all with high time rate and start to check logs and eject the hacked ones then offer refund to the paying ones and close down but seeings how we have no issues right now were fine.

Maybe, although I don't see what point in cracking the secret code of Tringo would be.

No. No one is claiming that.

No, no one is saying that either.

I might be able to envision a way for someone to tell a Tringo game to award the pot to someone else, but it would mean some very sloppy code if that was the case. And I doubt the creators of Tringo, Slingo and Quintzee all made the same stupid oversite.

Wow, how many resources and how long does it take to scan all 4,294,967,294 chat channels? Not to mention, the good luck required to actually catch a 'packet' of chat. Certainly, this would be difficult to do using in-world scripting. And I find it hard to believe that SL sends every chat to every client, whether it's private or public chat. I would hope the server only sends public chat.

I realize that many objects use low-level chat channels that can be easily scanned for... run 100 listeners, and you'll likely catch 90% of object chatter. But much of that is useless if you can't pass yourself as the object's owner.

There are also ways to create fairly secure comms in SL without the overkill measures meantioned here.

you can filter listens by object/av name, key of sender, and text...

you can get a script to give you the key of an object it rezzed, you can get keys of avatars sitting on objects.. there are many many many simple checks you can do to make sure that what info a script gets is from a true and trusted source.

Don't use listens unless they are absolutely 100% needed if your data needs to be secure.

Does this mean that my Green Fate wee-wee can be taken over by a hacker?!!!!

Nevermind!

No but I can tell when you come

Well there goes THAT idea.

Date: Tuesday, January 24, 2006
Violation: Terms of Service: Script Hack
Region: Ahern
Description: Unsolicited bukkake scene.
Action taken: Warning Issued. Get it? Ahahaha.




(sorry, normally I'm quite a prude...)

If you really want to secure your stuff from eavesdroppers, why don't you use email multiplexors instead? There is no security on chat channels that someone slightly more clever than you won't get around, but email is not vulnerable to listen attacks. (There are still security issues with it, as seen in a recent vendor exploit, but the range of attacks is smaller than with listeners.)

Email is also slower and causes more lag. Security is an oxymoron even in real life. You can't make anything impenatrable, only harder to crack wich gives you more time to track whoever is trying to break it to prosicute them.

4 what itz wurth

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci775421,00.html

<shrugs> That's why I was developing the Secured Networking system that I posted to the Scripting Forums. I figured that it might help reduce the amount of hackable systems using open chat channels...

Perhaps I should finish building that kit into a script that can be prim messaged from another script... Made it modular for people...

Actually, you CAN make a system virtually uncrackable under the CURRENT SL. The speed limits of SL and regular securing effort can make it nearly impossible to fully crack a system. Nearly...

Just comes down to the fact that SL scripting moves hackers back to the C-64 computer era. They have to be more cunning and less brute force...

Guys, guys ... why don't you redirect your complaints to LL? Direct object to object communication (which would be secure enough, I presume) was supposed to be in 1.7 already and now shares the fate of havok2 ...

What utter BULL - I have multiplayer games that I know are very close to unhackable and know of no "hack kits" available for them.

They are unhackable as they use Email - and unless your intercepting Emails you dont stand a snowballs hope in hell of hacking them.

(and unless you know a way of changing your key - you stand even less chance - as all communcations' keys are checked at origin and recipient )

Stop publishing hysteria to promote your wares.

HEAR HEAR!!!

All these ideas to encrypt data etc are well and good, but it kinda sucks that we should have to make our scripts even more complex just to keep out the sods who just can't leave well enough alone. It's hard enough to keep things at a decent speed as it is without adding even more crud to deal with a messaging system that just isn't really suitable for object to object communication. Changing channels constantly is certainly something I've considered, but what's SL gonna be like when we have hundreds of objects doing that all over the place... lag city. Not to mention channel clashes. Bound to happen if we start using large ranges of random channels everywhere.

Now a general comment to the people that are saying "just stick this line in and everything will be safe"... Usually when it comes down to it, it just aint that easy. One thing that's really annoyed me in this area is how when object1 rezzes object2 out of it's inventory, object1 gets the key of the newly rezzed object2, but object2 doesn't get the key of object1 . Combine that with everything being owned by the owner (as opposed to the players) and trying to tie objects together for security becomes a real pain in the *%&$. Basically my point is that when you really try to make something complicated I tend to find that those simple checks to keep things secure just never seem to do the job in a lotta situations.

So in a nutshell.... yes I agree things need to be more secure. Will I make my stuff more secure... probably, but it has to be balanced with performance, and LSL being LSL there's always gonna be holes. In the end I agree with Candide LeMay. The Lindens have already said they are going to fix this with proper object to object communication so I think we need to be pushing to that that working (and the key problem I mentioned above). I'm REALLY against having to build workarounds in our LSL code to try and deal with this.

The delay is a few seconds, even in a busy sim. I doubt it matters unless the application is extremely time-sensitive. As for it causing lag, I doubt it's any worse than listeners. It may even be less resource-intensive.