More scripts to be released?

One of the lidnens advised me that I shouldn't talk about it, I figured I'd get in trouble if I did, and actually, who do you think told the original poster what to post? Oops, I think that just slipped out. And yes, it is possible to do it again, as said by the hacker. He also said that he can still get in SL if he wanted to because he used his old CC info (from canada) and something about an old ISP (not 100% sure about the facts of this part).

It is impossible to perm ban someone. They can just change IP's and start again. How do I know this? Because last year, I had to IP block most of the AOL IPs to keep one idiot from haunting...

It is far better if they do decide to do this as a CRIMINAL case, not just banning them. Something setting the example is the best way to go about things.

LL should have the secondlife.exe client send the MAC hardware address of the network card to the SL servers and check against a ban list as well.

Thank you Nimrod. If this is the extent of the proprietary information you have, the Linden was wrong.


It'll be much less expensive for them to just start educating us on ways to protect our work. But that will require gaining our trust by being openly forthcoming with all information related to the matter. It's not like they're having to shield their hand to stay one step ahead of the perp as though they didn't possess the ability to see and track everything that happened on The Grid in real time.

Although some details of it are fuzzy, a couple of things are clear:

1) A lot more scripts have been taken than has been publicized so far. Additional scripts will be put onto the site, though hopefully the person doing so will get bored and stop.
2) The fix put in place is not foolproof - it can still be hacked, though it did close off the existing hack. How simple an additional hack is that could do the same thing is unclear, but it is still a real possibility, according to the person who did the original hack.
3) The contact information being widely publicized is incorrect. He is not currently in Canada, but is in fact in the US.

Points # 2 and 3 should be taken as warnings, but not 100% verified fact - they came from the person claiming responsibility for having done this in the first place. The fact that more scripts have appeared in the script archive on the web site does give credence to # 1, and honestly, the ready availability of the contact information would lead me to believe there is truth to # 3 as well. Nothing is as easy as a WHOIS lookup.

No, I don't want to prove the Lindens wrong and have people lose faith in them, they probably just released a statement with the information they had at the time, but now they have more information.

MAC address spoofing is so easy these days, it seems hardly worth it. I'm not sure litigation is the right way to go either, though. What is needed is a SL client (and the rest of the infrastructure) that is both stable and secure.

Yeah that's the part where we have to say "we thought we had a handle on this but we were wrong. It's a much bigger problem than I described yesterday." They were also wrong to put you in a position of having to out their understandable misassessment or leave your fellow residents facing another storm with no fair warning. I feel bad that the Linden you confided in had no more respect for you than that.

No real damage is done to their reputation yet. The crisis is too young, unless it is really true that they were shown the hack several weeks ago.

I don't think that's how it is, I think the linden wasn't completely sure what to do, so just to be safe, he/she told me that.

How reliable is the source of that rumour? I'm really starting to wonder what's going on here myself. Either it's as Philip said the other day, or as appears more likely, the number of scripts affected is much higher.

Can LL categorically tell us that the hole is plugged now or is this information going around now that something similar might still be possible, true?

I guess maybe it's time for LL to update us on the situation at least as at times like these rumours spread like wildfire and the truth gets buried amongst them.

Moopf, I can guarantee you there's more. Just yesterday, he gave me 2 of the new ones. When I told one of the lidnens, they contacted the creators, as they did not know before I told the linden. The hacker told me that there were many more scripts and he would release more on his webpage today, and more in the future.

Not at all, it's strictly hearsay. But it's easily confirmed or denied by a Linden statement. I don't want to doubt them either. But I have to when they let rumours fly by not posting regularly during such a crisis. Philip's post was very much appreciated. It turned out to be almost completely wrong, but saying what they thought they knew at the time was far better for the community's morale than saying nothing at all.

Even a daily "we don't know anything more at this stage" would make us believe they were working their butts off. I still think a daily "here's something we think will help you protect yourself" would be better. But maybe they don't have time for that.

The most easily verifiable part of it is the fact that more scripts have appeared, so at least that portion of it is true. The only way to know for certain if the vulnerability still exists is for someone to test the vulnerability - because if someone can exploit it, do you think they won't? I hope it is all hearsay, but I don't think it is.

I think it was denied, I asked Ben linden about his, and he said that they didn't know about it and the person might have told a non-linden. When I talked to the hacker, he didn't even know who Philip linden was, and when I told him, he said he "sucks at coding."
Also, If this hack could still be done(but in a different form), do you think LL would tell us? No, that would encourage other people to try to and what if one of them succeeds?

Let them test it with alts. We might get banned for trying.

BTW Nimrod, good show reporting to your nearest neighborhood Linden. It may've been days or weeks before they had a headsup if you hadn't. Thank You.

Actaully, at SLuniverse, someone posted a thread with all his (non-current, but at the time they thought it was) contact information, I just got his yahoo ID and started talking. I guess anyone could have done that.

Can we get nimrod an age check, please? Smells like a minor, acts like a minor, and there's a teen grid for him now (sorry Teen Grid - I don't mean to be throwing such a, well, nimrod, your way). Also, by the looks of his hero, JS, Plastic, whatever... on the picture I saw... he's worshipping a 16-year old Harry Potter wannabe.

-Flip

You're implying I'm underage and like harry potter? If not, the hacker is 21 and is into anime/asian girls, well, at least the directory on his website shows so. What picture were you talking about? Also, if you're talking about me, why do you think plastic (who is not the hacker(at least who I talked to)) is my hero?

Edit: And if you think he's my hero because I said he seemed pretty cool, I was talking about his attitude, he didn't show any aggression or anger towards LL.

Edit again: See? This crap is what I was talking about with someone. People want more information, and when I give it to them, they accuse me of things. I have been accused of standing up for him, praising him, and now, he's my hero and I'm underage? These are all not true and if LL wants me to prove that I'm over 18, I can certainly do it.

ATTENTION: new scripts now, Sheild breaking push gun, and temp on rez multvendor. If you know the creator of the gun, please IM him, I IMed the owner of the multivendor.

where are you seeing these things?

Sorry, not giving the site out to anyone (for obvious reasons), if your script is listed, I'd do my best to try and tell you as soon as I can.

The obvious reason? Forgive me if I've reached the wrong obvious reason, but it seems to me the only possible reason not to give that info out is to protect this vapid little twit from the rightful outrage of the community.

I dunno, I Ar'ed you for the virus in your sig. And I'm pretty sure others have too. I think it sends entirely the wrong message. It's an incitement to griefing to me.

Also, maybe to limit exposure of other people's scripts? I wouldn't post where this info is listed either (if I knew).

So long as the provider of the website has been notified that the website contains infringing property, then this is a valid reason (and probably the reason nimrod isn't giving it out).

The website shouldn't remain up, though. We're on pretty firm legal ground here. The provider of the website should be notified of the infringing content.