Sl Is Breached
|
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 09:51
From: Shadow Subagja I've seen 3rd party chat clients popping up, even have friends who IM me while offline with them, this would indicate to me that the chat server/service is separate from inworld authentication as they don't show up as online.
1. Given the above, does the chat system allow you to be logged in more than once I wonder?
2. Is is possible somebody guessed your password and authenticated to the chat system in parallel with you? (if thats the case I'd be more worried about your account).
3. Is there an exploit/bug in authentication to the chat server/service that allows you to spoof your identity in some way?
I would worry about simple causes like that more than some leet hacker hacking the internet, controlling routers, and massaging traffic flow to STEEL Y0UR PACK3TZ. Heh, I can tell yeh my password is 10 to 15 characters, random alpha-numeric combonation ^^ He couldnt have guessed it. Even so how would he have been abel to see text I wrote 30 seconds earlier. Now.. he did mention that "I might be lagging a little" so he was doing something... |
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 10:00
From: Boreas Catron Heh, I can tell yeh my password is 10 to 15 characters, random alpha-numeric combonation ^^ He couldnt have guessed it. Even so how would he have been abel to see text I wrote 30 seconds earlier.
Now.. he did mention that "I might be lagging a little" so he was doing something... which would imply a man in the middle attack, the easiest way to tell would be to look at sl's debug log for the ip address' of the login server etc. and post it here |
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 10:01
From: leliel Mirihi which would imply a man in the middle attack, the easiest way to tell would be to look at sl's debug log for the ip address' of the login server etc. and post it here And I do that how? *gets on a tries to figure out himself while waiting for a reply* |
|
RobbyRacoon Olmstead
Red warrior is hungry!
Join date: 20 Sep 2006
Posts: 1,821
|
06-12-2007 10:06
From: leliel Mirihi which would imply a man in the middle attack, the easiest way to tell would be to look at sl's debug log for the ip address' of the login server etc. and post it here Could also imply tools like AirSnort or Ethereal... With Ethereal, I can watch all Second Life data (including instant messages and chat) that goes through my network. If the guy has access to the same network (at work that's trivial, or he could work at an ISP maybe?) then he could easily do this with free open source tools. . |
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 10:07
From: RobbyRacoon Olmstead Could also imply tools like AirSnort or Ethereal... With Ethereal, I can watch all Second Life data (including instant messages and chat) that goes through my network. If the guy has access to the same network (at work that's trivial, or he could work at an ISP maybe?) then he could easily do this with free open source tools.
. He's a college student with no job, and he's not on my network XD |
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 10:08
From: Boreas Catron And I do that how? *gets on a tries to figure out himself while waiting for a reply* on windows its C:\Documents and Settings\%USERNAME%\Application Data\SecondLife\logs\debug_info.log i belive and on a mac its ~/Library/Application Support/SecondLife/logs/debug_info.log |
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 10:08
I want to thank everyone who is trying to help by just posting thoughts and ideas, I'd really like to figure this out cuz I really don't feel comfortable knowing he can pop in at anytime and get chat logs.
|
|
Dytska Vieria
+/- .00004™
Join date: 13 Dec 2006
Posts: 768
|
06-12-2007 10:12
From: Boreas Catron *sighs* His reasoning behind it was to check if I was truthful to him about roleplaying with other people [ADD-IN:That and see what disturbing things I was talking about....]. He didn't trust me so he did it. There's your motive. So, why do you not simply ask =how= he did it?
_____________________
+/- 0.00004
|
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 10:13
sorry that should be SecondLife.log not debug_info.log
|
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 10:22
OK so just post the whole text file? Its pretty large.. 33kb worth in Notepad.
|
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 10:40
just look for a line like this
2007-06-12T17:34:13Z INFO: LLUserAuth::authenticate: uri=https://login.agni.lindenlab.com/cgi-bin/login.cgi
followed soon after by a line that looks like this
2007-06-12T17:34:28Z INFO: LLCircuit::addCircuitData for 72.5.12.205:13007
the address in your log many be different, it could be from any of these net blocks
66.150.244.0/23
69.25.104.0/23
72.5.12.0/22
64.129.40.0/22
64.154.220.0/22
63.210.156.0/22
|
|
Rusty Satyr
Meadow Mythfit
Join date: 19 Feb 2004
Posts: 610
|
06-12-2007 11:04
Are you *SURE* you weren't talking his alts?
Creating several alts to "test" someone's trustworthiness is an old and very effective tactic.
Of course, it also shows how untrustworthy the nosey person is.
|
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 11:06
From: Rusty Satyr Are you *SURE* you weren't talking his alts?
Creating several alts to "test" someone's trustworthiness is an old and very effective tactic.
Of course, it also shows how untrustworthy the nosey person is. that's what i think as well but it never hurts to test other possibilities |
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 11:14
Is this it? this all the info needed? 2007-06-12T17:07:53Z INFO: LLUserAuth::authenticate: Authenticating: Boreas Catron, 2007-06-12T17:07:53Z INFO: LLUserAuth::authenticate: Options: inventory-root, inventory-skeleton, inventory-lib-root, inventory-lib-owner, inventory-skel-lib, initial-outfit, gestures, event_categories, event_notifications, classified_categories, buddy-list, ui-config, login-flags, global-textures, END 2007-06-12T17:07:53Z INFO: LLUserAuth::authenticate: uri=https://login.agni.lindenlab.com/cgi-bin/login.cgi 2007-06-12T17:08:07Z INFO: LLXMLRPCTransaction::transferRate: Buffer size: 221876 B 2007-06-12T17:08:07Z INFO: LLXMLRPCTransaction::transferRate: Transfer size: 22391 B 2007-06-12T17:08:07Z INFO: LLXMLRPCTransaction::transferRate: Transfer time: 13.311 s 2007-06-12T17:08:07Z INFO: LLXMLRPCTransaction::transferRate: Transfer rate: 13.456 Kb/s 2007-06-12T17:08:07Z INFO: LLUserAuth::authResponse: Processed response: 0 2007-06-12T17:08:07Z INFO: LLCircuit::addCircuitData for 64.129.45.47:13006 2007-06-12T17:08:07Z INFO: LLControlGroup:  aveToFile: Saving settings to file: C:\Documents and Settings\Zephryos\Application Data\SecondLife\user_settings\settings.xml 2007-06-12T17:08:07Z INFO: LLViewerObject::initVOClasses: Viewer Object size: 432 2007-06-12T17:08:07Z INFO: LLWorld::addRegion: Adding new region (984:1115) 2007-06-12T17:08:07Z INFO: LLWorld::addRegion: Host: 64.129.45.47:13006 |
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 11:19
From: Boreas Catron Is this it? this all the info needed?
[...]
2007-06-12T17:08:07Z INFO: LLCircuit::addCircuitData for 64.129.45.47:13006 yes and that's one of LL's servers, which leaves packet sniffing, keylogers, and sim exploits, tho i still think it's an alt |
|
Aislinn Jewell
Virtually You Hope Center
Join date: 18 Feb 2007
Posts: 119
|
06-12-2007 11:22
Is this the same thing that is being discussed in another thread? " Alledged Instant Message-Spy scripts Location: Quan 152, 217, 23 Vending machine called "HACKBOX ALL" dropped by ZHAO Yiyuan Cost: $L2999 Claim: * New IM-Spy * Read instant messages from other people. Undetectable. No distance limits. Works in all areas. (Only 1 person at a time)" /327/d0/190225/1.html
_____________________
Aislinn Jewell
Virtually You!
Center for Health, Healing & HOPE!
& Christian Connection of SL Yahoo Group
[email=virtually_you@yahoo.com]virtually_you@yahoo.com[/email]
|
|
Object Pascale
moshi moshi
Join date: 27 Jan 2007
Posts: 648
|
06-12-2007 11:40
From: Boreas Catron Ok, this guy is in California, I knwo where he lives, I'm in texas. We are definently not on the same network -_-
One again.. Ill state this... in large letters XD
PRIVATE CHAT IN PM's! = ONE ON ONE CONVERSATIONS THROUGH PRIVATE MESSAGING = NOT PUBLIC CHAT!
^^ there we go ^^
Ok so how bout the lindens make it encrypted? How about helping us understand why he's able to receive your IM packets in the first place, since the server doesn't broadcast them to his computer at all unless he is involved in an IM conversation with you? As you and this friend are on bizarrely good terms considering his invasion of your privacy, I think it's time you and he got together, reproduced the conditions which allow him to intercept your IMs, and forwarded the exact details to Brent Linden. See? You two can help them circumvent this exploit before it falls into more evil hands. If your friend is reluctant in case it gets him in trouble .. well, Brent Linden has already been emailed about this thread, so if he looks into this he's likely to run across the data anyway. However, you both have a chance to help out instead of leaving a flaw exposed - and you might just get rewarded for it. From: someone "To further prove our dedication to exploit exorcism, we’re offering a limited-time exploit bounty of L$ 10,000 to the resident who first reports an exploit via the inworld bug reporter and tags it as an exploit." |
|
Object Pascale
moshi moshi
Join date: 27 Jan 2007
Posts: 648
|
06-12-2007 11:42
From: Boreas Catron Heh, I can tell yeh my password is 10 to 15 characters, random alpha-numeric combonation ^^ He couldnt have guessed it. Even so how would he have been abel to see text I wrote 30 seconds earlier.
Now.. he did mention that "I might be lagging a little" so he was doing something... Do you use other software with this person? Yahoo, MSN, GTalk, Skype? Do you swap and share files using other networks? |
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 11:48
From: Object Pascale Do you use other software with this person? Yahoo, MSN, GTalk, Skype? Do you swap and share files using other networks? yay keyloger! it would be better to ask if _anyone_ she doesn't fully know and trust has asked her to install any programs, sent her an email with attachments, asked her to visit a web site they may have some control over, yes, windows has that many holes. |
|
Object Pascale
moshi moshi
Join date: 27 Jan 2007
Posts: 648
|
06-12-2007 11:54
From: leliel Mirihi yay keyloger! it would be better to ask if _anyone_ she doesn't fully know and trust has asked her to install any programs, sent her an email with attachments, asked her to visit a web site they may have some control over, yes, windows has that many holes. That's what I was thinking. Keylogger or backdoor. A backdoor would allow a malicious party to lift anything he wants off this guy's hard disk. Time to get the recovery disk out, format the hard disk and restore Windows from scratch.  Hmm, and somebody teach me to read. That exploit reward thingy expired about ten months ago.  |
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 13:19
OK guys, if it was just a keylogger or somesuch it wouldnt be on all the computers for one, and another thign it wouldnt ONLY affect things said in SL.
|
|
leliel Mirihi
thread killer
Join date: 24 Oct 2006
Posts: 129
|
06-12-2007 13:29
From: Boreas Catron OK guys, if it was just a keylogger or somesuch it wouldnt be on all the computers for one, and another thign it wouldnt ONLY affect things said in SL. then make an alt, get a new friend that neither you or him know, then tell him about it and challenge him to get their IM's. and don't visit him with the alt or tell him who the friend is |
|
Meade Paravane
Hedgehog
Join date: 21 Nov 2006
Posts: 4,845
|
06-12-2007 13:50
From: Boreas Catron OK guys, if it was just a keylogger or somesuch it wouldnt be on all the computers for one Unless you installed the spyware on all the machines you use.. From: Boreas Catron and another thign it wouldnt ONLY affect things said in SL. Er.. How do you know that SL chat is the only thing he's seeing? From: Boreas Catron The reason why I dont report him or mention his name.. I care for him still despite our seperation as friends. I'm sorry but you're being very stupid. Flush this jerk from your life and move on. 
_____________________
Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224- If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
|
|
Boreas Catron
Disgruntled Kitty
Join date: 29 Jul 2006
Posts: 21
|
06-12-2007 16:11
Yeh, he be flushed. The fact still remains that SL privacy is apparently non-existant if he could get all that.
The whole reasoning behind this is that I specifically asked him and he told me he was looking at SL.
|
|
Kokoro Fasching
Pixie Dust and Sugar
Join date: 23 Dec 2005
Posts: 949
|
06-12-2007 17:33
Go to http://www.webroot.com/ and check your machine for keyloggers. |