Sl Is Breached

Bloody SL is breached, the users chat logs can be tracked as their sad by a network program labled something like CRSI or siomething like that. Someone blatantly got all my chat logs everything that was said to me and from me through private messaging and through world chat from OUTSIDE SL. This was an extreme slap in the face when many things were brought up by this someoen to me directly from my own personal chat!

WTF Lindens!?

Make your bloody network and system secure, if its that bloody easy to get that simple info, why not passwords, moeny, hell taking down the whole bloody f'in system. And yeh I'm pissed off and ranting, I'm sorry. But Please someone that knows anything abotu this POST! This is crap!

More details please dear! A script can easly relay chat to IM anybody. Maybe simply you were victim of a eavesdropping bug?

Aparently the guys been watching every single last thing thats been typed from me or to me. He was -NOT- logged into SecondLife and he was somehow being able to see everything I was saying and other people where saying. No I do not have something on my system, no I'm not an idiot. There is a door open in between SecondLife and My computer, or theres a door open in the SecondLife system allowing the person to view other peoples messages illegally/immorally. That help any?

Maybe that is violation of Community Standards and you should submit Abuse Report. It seems you have been a stalking victim.

As far as listening on a chat, any object can be manufactured to have the script to listen on the chat channel (0) and relay it to any IM recipient, then, sent to email address. For snooping on IM, that is beyond me how to do!

I hope you resolve the problem! I previously assume you are not the idiot! Only want to give the suggestions of what to search.

The thing is... its not in channel 0.. its in PRIVATE CHAT.. i mean pm's not in the world.. Like when you msg someone and that little box shows up... yeh.. that. FROM THERE!

Meaning.. its no an ingame thing.. its not an object or a script. Its hacking.

Sounds like your COMPUTER has been breached.

Someone's got access to your files. Get it off the net and get help.

Its not my computer, he got stuff from when i was on different computer. I've logged in on many many many other computers and he had logs from them too. So its not just my copmuter.

Well that's it , the damn roadrunner knows all our latest plans......

.. rephrase that for my simple mind -_-

Is it possible you were PMing his alt? Or a mutual friend who is more his friend than yours? Is it possible you've upset a whole bunch of people and they're now playing with your head?

If he's lifting chat logs directly from your PC, how did he send them to you? By email? It would be quite tedious to send them via IM or chat.

What does "many many many computers" mean? Just how many computers do you need or have?

Did you AR this individual when he revealed what he did to you? If not, why not? If you've found an exploit you can file an AR in the exploit category, but I'd advise against it unless you're 100% sure it's an exploit and can back up what you're saying with *good* evidence. You're quite literally getting somebody out of bed or interrupting his social life when you file an exploit AR outside LL office hours.

Many computers, meaning about 5 in 4 different locations. And its not just pm'ing between 1 or 2 ppl.. its every single last person I've talked to... and its very.. personal things that are involved....

If it was just people playing a prank on me then its my whole friends list... it doesnt make since to be that.

The reason why I dont report him or mention his name.. I care for him still despite our seperation as friends.

*sighs* Despite him being someone I care about I need to tell SL about this. its a -possible- major breach of privacy and security. If vital and sensitive information is passed on SL and is listened to like my conversations were it can lead to very "annoying" or outright dangerous situations.

It's a Warner Brothers Coyotee thing............

Who else has access to computers at those four locations? It would be very easy to lift SL chat logs off a shared machine.

If your friend is intercepting your chat logs, he is engaging in a malicious act against you and it's time you stopped caring about him because he clearly doesn't give a crap about you. You can easily bring this to Linden Lab's attention by filing an exploit AR against him every time he sends you a communication with information you feel could only have been obtained through an exploit.

I would advise against filing IMs in the exploit category however unless the evidence is strong. Ie. If he just said "I got your IM chat logs", then don't do it. If he quotes exact extracts from IM chats you had with different friends, then go ahead and AR him .. provided you're sure those different friends aren't really the same person.

If the chat being intercepted is *public*, that is still against the rules but unlikely to be down to an exploit. Anybody can intercept public chat very easily.

If the copy of the open chat starts with You:<enter chat here> then the source will be directly from your client, if it begins with your name, then its from a SL server.

My guess, and thats all it is, you are wearing an object that acts like a relay. Strip off all your HUDS and scripted objects, delete every file and folder from C:/Documents and Settings/<your pc sign in name/Application Data/Second life/.... parse your PC's caches, including the internet cache and cookies, cold reboot your PC.

Run a through virus scan on your system and even adware scan.

Do the same on all other systems you have used, as it could migrate through the client/sl asset server to other systems you have used.


I have heard that there is a scripted object going about that can do things from your inventory, all you have to do is rez it once. No point telling its name as it changes. Maybe time to purge a lot of 'unknowns' from your inventory.

See if that stops it. GL

See this thread
/327/d0/190225/1.html

I don't believe it. Impossible to do with LSL. It would have to rely on an exploit. It's more likely the seller is robbing people blind by selling goods which are not as advertised. I'm not surprised the OP in that thread couldn't get it working.

Is he using an Acme bugging device?

It's trivially easy to listen to listen to other people's chat on a shared network. All you need is a packet sniffer (eg tcpdump) and some way to strip the text out of them.

SL chat is not encrypted at all, so anything you say is passed in clear text over the network.

Except that IM conversations not involving your avatar are never sent to your client so it's not trivial to intercept them.

unless they could easily finger your ip ?

and do what with your ip address? and please don't say a man in the middle attack

Ok, this guy is in California, I knwo where he lives, I'm in texas. We are definently not on the same network -_-

One again.. Ill state this... in large letters XD

PRIVATE CHAT IN PM's! = ONE ON ONE CONVERSATIONS THROUGH PRIVATE MESSAGING = NOT PUBLIC CHAT!

^^ there we go ^^

Ok so how bout the lindens make it encrypted?

so in order for him to do this he would either have to sniff the packets in your ISP's network, LL's network, or break into the sims themselves, none of which is easy. i really cann't see someone doing this just to read your IM's unless he was going to blackmail you for some real money (i.e. several thousands ).

*sighs* His reasoning behind it was to check if I was truthful to him about roleplaying with other people [ADD-IN:That and see what disturbing things I was talking about....]. He didn't trust me so he did it. There's your motive.

I've seen 3rd party chat clients popping up, even have friends who IM me while offline with them, this would indicate to me that the chat server/service is separate from inworld authentication as they don't show up as online.
1. Given the above, does the chat system allow you to be logged in more than once I wonder?
2. Is is possible somebody guessed your password and authenticated to the chat system in parallel with you? (if thats the case I'd be more worried about your account).
3. Is there an exploit/bug in authentication to the chat server/service that allows you to spoof your identity in some way?

I would worry about simple causes like that more than some leet hacker hacking the internet, controlling routers, and massaging traffic flow to STEEL Y0UR PACK3TZ.