Second Life Forums Archive - New godmode has fairly major exploit

Cristiano Midnight

Evil Snapshot Baron

Join date: 17 May 2003

Posts: 8,616

08-01-2006 14:43

From: Joannah Cramer

It could be the collective crying after the last case actually made the LL re-consider their position on this issue. So if they get slammed now for 'learning the lesson' and *not* banning people as being hypocrites because they didn't do again something they've been slammed before... yeah, that'll make them really perceptive to community complaints in the future.

Why bother when it's damned when you do and damned when you don't? :/

The hypocrisy is not in them not suspending anyone, if they in fact learned a lesson, which I highly doubt. If there is supposedly this all important zero tolerance policy about any exploit discussion, why is this thread still here, after it has been reported and pointed out to resmods and Torley? It's not a matter of them being damned if they do and damned if they don't. It is a matter of wild inconsistency.

_____________________

Cristiano

ANOmations - huge selection of high quality, low priced animations all $100L or less.

~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.

Eata Kitty

Registered User

Join date: 21 Jan 2005

Posts: 387

08-01-2006 14:52

At this moment in time we are unable to confirm or deny the existence of an exploit. The security status has been upgraded to [CLASSIFIED] and users are advised to be vaguely alert in case something happens, not that this is confirmation that something may be happening. Please remain calm.

Undeveloped Twin

Registered User

Join date: 18 Jul 2006

Posts: 65

vaguely alert

08-01-2006 14:55

is my default state

Baba Yamamoto

baba@slinked.net

Join date: 26 May 2003

Posts: 1,024

08-01-2006 14:57

From: Eata Kitty

At this moment in time we are unable to confirm or deny the existence of an exploit. The security status has been upgraded to [CLASSIFIED] and users are advised to be vaguely alert in case something happens, not that this is confirmation that something may be happening. Please remain calm.

Will we be using a color scale?

_____________________

Open Metaverse Foundation - http://www.openmetaverse.org

Meerkat viewer - http://meerkatviewer.org

Issarlk Chatnoir

Cross L. apologist.

Join date: 3 Oct 2004

Posts: 424

08-01-2006 15:06

The sky! It is falling !!!!!!

_____________________

Vincit omnia Chaos

From: Flugelhorn McHenry

Anyway, ignore me, just listen to the cow

Sophia Weary

Registered User

Join date: 27 May 2005

Posts: 32

08-01-2006 17:01

From: Sitting Lightcloud

Wouldn't it be easy to check so that that menu only gets enabled when running from linden labs? or when the login user has a last name of Linden?

It doesn't matter, it's a protocol / client side issue. Even if they remove it, we can just patch the god mode menu back. If an exploit exists, it's a problem with their server design, and can't be fixed by simply limiting the functions people see on the client.

Felix Uritsky

Prime Minister of Lupinia

Join date: 15 Dec 2004

Posts: 267

08-01-2006 17:29

From: Sophia Weary

It doesn't matter, it's a protocol / client side issue. Even if they remove it, we can just patch the god mode menu back. If an exploit exists, it's a problem with their server design, and can't be fixed by simply limiting the functions people see on the client.

Exactly. If nothing else, God Mode is an excellent way to test server-side security. Had it not existed, the map-stalking thing would never have even been discovered, and someone would find a way to use it. I bought it primarily out of curiousity, to see what worked and didn't. Now that I have it, the extended camera/select distance makes playing SL without it really suck.

Soleil Mirabeau

eh?

Join date: 6 Oct 2005

Posts: 995

08-01-2006 17:34

From: pandastrong Fairplay

I assumed doggystyle, so I am glad that he cleared that up for us.

<3

_____________________

Dmitri Polonsky

Registered User

Join date: 26 Aug 2005

Posts: 562

08-01-2006 19:31

From: Torley Linden

Hi everyone, and thanks to Ano, Cali, and many others who emailed me about this thread. I checked info behind-the-scenes and this sounds like something which has *already* been resolved and is included in tomorrow's Second Life update. To be sure, I'm going to ask Brent and Phoenix Linden. Just wanted to post ASAP.

How about they fix the permissions bug that is allowing lots of content to be stolen?

Yiffy Yaffle

Purple SpiritWolf Mystic

Join date: 22 Oct 2004

Posts: 2,802

08-01-2006 23:11

From: Felix Uritsky

Exactly. If nothing else, God Mode is an excellent way to test server-side security. Had it not existed, the map-stalking thing would never have even been discovered, and someone would find a way to use it. I bought it primarily out of curiousity, to see what worked and didn't. Now that I have it, the extended camera/select distance makes playing SL without it really suck.

Yea thats the only reason i use it. Camera and Edit...

I'm not sure what this new exploit is, but i'm still using godmode 1.0 (works fine for me) so i probably couldnt do it anyway. Not that i would, cuz i value my SL experiance too much.

_____________________

YouTube channel -+- Website -+- RezzedNet Profile

Moonshine Herbst

none

Join date: 19 Jun 2004

Posts: 483

08-02-2006 15:18

The exploit I saw is now patched.

As it is now closed, here are the details:

It gave anyone with god mode the ability to reset any script. This causes it to lose data and permissions.

For instance they could reset rental units, and give mall owners / landlords a heck of a time trying to figure out who rented what and when. Imagine the mess if they decided to sabotage SL's biggest malls or apartment rentals. But they didn't, they had other targets in mind:

Scripts with debit permissions, meaning vendors, casino games, camping chairs, raffle balls etc would stop working.

Someone was actually going around at popular places, resetting camping chairs and money balls with this exploit. That's how I got on to it.

_____________________

Fenrir Reitveld

Crazy? Don't mind if I do

Join date: 20 Apr 2005

Posts: 459

08-02-2006 15:28

From: Moonshine Herbst

The exploit I saw is now patched.

As it is now closed, here are the details:

Hum. I saw another sort of exploit using god mode.

But I assumed it was this same one... ^_^

*goes off to test and file a report if necessary*

nimrod Yaffle

Cavemen are people too...

Join date: 15 Nov 2004

Posts: 3,146

08-02-2006 16:47

Yes, it's fixed. Though, on the godmode side, you can't see the script if you delete it, but it IS still there.

_____________________

"People can cry much easier than they can change."
-James Baldwin

New godmode has fairly major exploit
Cristiano Midnight Evil Snapshot Baron Join date: 17 May 2003 Posts: 8,616	08-01-2006 14:43 From: Joannah Cramer It could be the collective crying after the last case actually made the LL re-consider their position on this issue. So if they get slammed now for 'learning the lesson' and not banning people as being hypocrites because they didn't do again something they've been slammed before... yeah, that'll make them really perceptive to community complaints in the future. Why bother when it's damned when you do and damned when you don't? :/ The hypocrisy is not in them not suspending anyone, if they in fact learned a lesson, which I highly doubt. If there is supposedly this all important zero tolerance policy about any exploit discussion, why is this thread still here, after it has been reported and pointed out to resmods and Torley? It's not a matter of them being damned if they do and damned if they don't. It is a matter of wild inconsistency. _____________________ Cristiano ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.
Eata Kitty Registered User Join date: 21 Jan 2005 Posts: 387	08-01-2006 14:52 At this moment in time we are unable to confirm or deny the existence of an exploit. The security status has been upgraded to [CLASSIFIED] and users are advised to be vaguely alert in case something happens, not that this is confirmation that something may be happening. Please remain calm.
Undeveloped Twin Registered User Join date: 18 Jul 2006 Posts: 65	vaguely alert 08-01-2006 14:55 is my default state
Baba Yamamoto baba@slinked.net Join date: 26 May 2003 Posts: 1,024	08-01-2006 14:57 From: Eata Kitty At this moment in time we are unable to confirm or deny the existence of an exploit. The security status has been upgraded to [CLASSIFIED] and users are advised to be vaguely alert in case something happens, not that this is confirmation that something may be happening. Please remain calm. Will we be using a color scale? _____________________ Open Metaverse Foundation - http://www.openmetaverse.org Meerkat viewer - http://meerkatviewer.org
Issarlk Chatnoir Cross L. apologist. Join date: 3 Oct 2004 Posts: 424	08-01-2006 15:06 The sky! It is falling !!!!!! _____________________ Vincit omnia Chaos From: Flugelhorn McHenry Anyway, ignore me, just listen to the cow
Sophia Weary Registered User Join date: 27 May 2005 Posts: 32	08-01-2006 17:01 From: Sitting Lightcloud Wouldn't it be easy to check so that that menu only gets enabled when running from linden labs? or when the login user has a last name of Linden? It doesn't matter, it's a protocol / client side issue. Even if they remove it, we can just patch the god mode menu back. If an exploit exists, it's a problem with their server design, and can't be fixed by simply limiting the functions people see on the client.
Felix Uritsky Prime Minister of Lupinia Join date: 15 Dec 2004 Posts: 267	08-01-2006 17:29 From: Sophia Weary It doesn't matter, it's a protocol / client side issue. Even if they remove it, we can just patch the god mode menu back. If an exploit exists, it's a problem with their server design, and can't be fixed by simply limiting the functions people see on the client. Exactly. If nothing else, God Mode is an excellent way to test server-side security. Had it not existed, the map-stalking thing would never have even been discovered, and someone would find a way to use it. I bought it primarily out of curiousity, to see what worked and didn't. Now that I have it, the extended camera/select distance makes playing SL without it really suck.
Soleil Mirabeau eh? Join date: 6 Oct 2005 Posts: 995	08-01-2006 17:34 From: pandastrong Fairplay I assumed doggystyle, so I am glad that he cleared that up for us. <3 _____________________
Dmitri Polonsky Registered User Join date: 26 Aug 2005 Posts: 562	08-01-2006 19:31 From: Torley Linden Hi everyone, and thanks to Ano, Cali, and many others who emailed me about this thread. I checked info behind-the-scenes and this sounds like something which has already been resolved and is included in tomorrow's Second Life update. To be sure, I'm going to ask Brent and Phoenix Linden. Just wanted to post ASAP. How about they fix the permissions bug that is allowing lots of content to be stolen?
Yiffy Yaffle Purple SpiritWolf Mystic Join date: 22 Oct 2004 Posts: 2,802	08-01-2006 23:11 From: Felix Uritsky Exactly. If nothing else, God Mode is an excellent way to test server-side security. Had it not existed, the map-stalking thing would never have even been discovered, and someone would find a way to use it. I bought it primarily out of curiousity, to see what worked and didn't. Now that I have it, the extended camera/select distance makes playing SL without it really suck. Yea thats the only reason i use it. Camera and Edit... I'm not sure what this new exploit is, but i'm still using godmode 1.0 (works fine for me) so i probably couldnt do it anyway. Not that i would, cuz i value my SL experiance too much. _____________________ YouTube channel -+- Website -+- RezzedNet Profile
Moonshine Herbst none Join date: 19 Jun 2004 Posts: 483	08-02-2006 15:18 The exploit I saw is now patched. As it is now closed, here are the details: It gave anyone with god mode the ability to reset any script. This causes it to lose data and permissions. For instance they could reset rental units, and give mall owners / landlords a heck of a time trying to figure out who rented what and when. Imagine the mess if they decided to sabotage SL's biggest malls or apartment rentals. But they didn't, they had other targets in mind: Scripts with debit permissions, meaning vendors, casino games, camping chairs, raffle balls etc would stop working. Someone was actually going around at popular places, resetting camping chairs and money balls with this exploit. That's how I got on to it. _____________________
Fenrir Reitveld Crazy? Don't mind if I do Join date: 20 Apr 2005 Posts: 459	08-02-2006 15:28 From: Moonshine Herbst The exploit I saw is now patched. As it is now closed, here are the details: Hum. I saw another sort of exploit using god mode. But I assumed it was this same one... ^_^ goes off to test and file a report if necessary
nimrod Yaffle Cavemen are people too... Join date: 15 Nov 2004 Posts: 3,146	08-02-2006 16:47 Yes, it's fixed. Though, on the godmode side, you can't see the script if you delete it, but it IS still there. _____________________ "People can cry much easier than they can change." -James Baldwin

Welcome to the Second Life Forums Archive

New godmode has fairly major exploit