New godmode has fairly major exploit

But obviously I can't really tell you what it is!

It doesn't allow theft and won't cause most residents problem but could cause some serious problems with scripting and is effective for griefing, I've had people test it on my own objects for verification.

this thread reminds me of a song:

I need to buy some CDs
I need to buy some gum
I mow the grass, I clean the house,
I think I deserve some...
some more allowance

I need more allowance, yodelayeoo
I need more allowance, yodelayeoo
I need more allowance, yodelayeoo
Why? Because I do
Yodelayeoo, I need more allowance
Yodelayeoo, I need more allowance...

Erk. Make sure you get in direct contact with a Linden ASAP.

It's been in older versions, a Linden should probobly be notified directly (as in IMing an online one)

Already done, but do we get banned for revealing it to them?

No, historically telling a Linden directly yeilds possible cash on first report, but that's iffy at any given time.

Saying it on the forums is not advised as then people can use it before LL can patch it.

Security through obscurity sucks. If people don't know whats going on they could be majorly affected by an exploit.

L$10,000 for the first report -- send the bug report to [email]security@lindenlab.com[/email]

Whhaattt, I reported a bug that let anyone make anything under 31 prims become physical and I got nothing!

This bug can be avoided by locking your object containing important scripts, and should be fixed in a server patch on Wednesday.

Oh, and it has been known for some time now, the L$10k is only for zero-day exploits.

Oh man, this is way too easy. LL, please check his bug report and fix his now!!

What does the bug allow? Letting us know what the bug does (without knowing how to actually do it) lets us take some sort of action if needed.

I assume this has something to do with scripted objects?

Hmm, any object really. Can't say what it does because it's so obvious.

Those who do that are rewarded with suspensions.

If a report's been filed, give the SL# bug number to help them figure out what bug you're complaining about.

Ok, I've had some issues with some of my items today, issues I've never experienced before. I read this thread earlier, so I suspected they were connected.

Installed God Mode, and after some fiddling, YES!! This problem must be fixed asap!

Thousands upon thousands of objects in world can be critically harmed with this. We're talking millions of L$ in all kinds of industries. Merchants, landlords, and much more! I can't go into more details, given the seriousness of the problem, and LL's hang to ban the messenger.

LOCK ALL your important scripted objects! ALL OF THEM!
That will stop the problem for now.

Detailed bug report sent, with plea to fix it ASAP.
Bug report: #366719

From tomorrow onwards, make sure any such exploit is reported as such and not as a bug and it will be brought to the immediate attention of a Linden: /3/bc/125920/1.html

Wendel

What about scripts in items you've already sold? Need I worry about those?

As long as the object is locked, you're safe. Your customers should lock their objects too.
I'm sorry i cant get into more details.

Ive also notified the only tech Linden online, Jeff, hoping he will see the seriousness of the problem.

Ok, so I'm wondering if anyone with god mode can modify my scripts since there is this MAJOR EXPLOIT when using God Mode. Then I wonder if maybe some people wonder, hey, major exploit... let's go see what I can do, maybe I can steal someone's money or delete someone's objects, I sure could use some $$$$

This is why you shouldn't report an exploit here, it makes more harm than good.

http://blog.secondlife.com/2006/07/31/new-express-exploit-reporting-feature-and-l-bounty/

God mode should be banned and I don't see why LL put up with ppl using it. It should report the ones using it and they should get suspended. People who use it don't realize that any 'godmode' program itself can be doing anything it wants on your computer, record cc-info etc.

If there's functions that are helpful in god mode they should be added to the UI not accessed through a third party program.

just my 2 cents

i know what the bug is,it was in the previous god mode patch,its been reported several times,hopefully tomorrow will be fixed...but LOCK YOUR SCRIPTED OBJECTS!

OMFG!!!!! MY... its.... worked so hard on it.... gone..... GONE!!!!

Meh, I make a new one. Thank god I didn't rez my server yet!

Stupid God Mode... why do we even have a god mode? We don't need a god mode!

It's a pretty major exploit. It's already caused me alot of grief over the last few days. LL needs to fix this asap.

I think they should fix it ASAP. I've had 10+ objects affected maliciously by this today, and I've found out that others have too the last few days, probably from competitors without moral. The "attacks" have very specific targets, aimed to hurt my business.

Luckily, on my stuff (out in the public) it only caused a temporary problem. If this gets too widespread, the damage can be huge, especially on some types of objects. IMHO this is important enough to fix it NOW.

It is very, very disturbing to hear that this has been known by LL for a long time. I hope this isn't true.