Second Life Forums Archive - Potential Precedent Setting Case

Hiro Queso

503less

Join date: 23 Feb 2005

Posts: 2,753

07-20-2005 06:21

From: Jeffrey Gomez

With that I'm done posting to this thread. There's no point in bothering when we'd rather dwell on attacks.

I am no moral angel by any meaning of the term, and you can quote me on that. I simply exist to offer my take on the matter, and if you don't agree with it, that's your perogative.

In a way, it's a pity, as I really respect what you've done for Numbakulla, Cali. Good day.

I am struggling to find an attack there Jeffrey. The only thing I can see is the following quote which I am sure is more directed at your good self than scriptors in general, but its a very valid point imo.

From: Caliandris Pendragon

...Except that scripters think objects and their uniqueness are worthless, and scripted items are not...

_____________________

Ellie Edo

Registered User

Join date: 13 Mar 2005

Posts: 1,425

07-20-2005 06:33

Guess there is so much legal naughtiness in SL - the first case to hit a court will drag it all into the light.

_____________________

Ellie Edo

Registered User

Join date: 13 Mar 2005

Posts: 1,425

07-20-2005 06:40

From: Wayfinder Wishbringer

or it was major and having gone out over the net, will be poured over by every high-level hacker on the planet, and within 2 months the entire Second Life economy is going to crash bigtime.
No, this isn't a minor matter. And if I were a betting man-- considering how many griefers there are out there who hate LL and SL-- I'd bet on the second scenario.

But didn't Philip say only 13 items were compromised? And the hole is now plugged? And all the major financial services people have declared "we're safe"? Or have SLExchange not yet done so ?

I think it'll all be blown over in a fortnight, except for some well justified long term griping. And some welcome improvements in our future security. Didn't a faulty Linden update "out" literally hundreds of products once? Which are circulating even now, while their poor creators still quietly grind their teeth ?

_____________________

Nala Galatea

Pink Dragon Kung-Fu

Join date: 12 Nov 2003

Posts: 335

07-20-2005 07:09

From: Ellie Edo

But didn't Philip say only 13 items were compromised? And the hole is now plugged? And all the major major financial services people have declared "we're safe"? Or have SLExchange not yet done so ?

Yes, this hole was plugged, but it was also introduced in one of the more recent patches. This bug has come around, been squashed, and come back again more than just this time. Plus, this is, as far as I am aware of, the first actually successful attempt to "hack the game." Now that people know it can be done, they will try and do it better. After all most of the worms released on the net have gotten better at causing havok than their predecesors.

So yeah, this is gonna happen again. One of them might even be a very big hack. (Imagine someone getting access to the crumbling asset server with admin access and the fun they'd have with that.)

From: Ellie Edo

I think it'll all be blown over in a fortnight, except for some well justified long term griping. And some welcome improvements in our future security. Didn't a faulty Linden update "out" literally hundreds of products once? Which are circulating even now, while their poor creators still quietly grind their teeth ?

Yup, but the difference is that this wasn't using the system's bug to their advantage. This was actually reverse-engineering the client to bypass the permissions in place. So we'll all still be grinding our teeth everytime this happens.

To me, I always just think of these as those disaters you can pick out in SimCity. Sure, they wreck a lot of things you spent time building, and sure, you lose some people, but in the end, the game stays on and the people rebuild and eventually, things go back to normal, even though you *KNow* there is another disaster just waiting around the corner.

Cristiano Midnight

Evil Snapshot Baron

Join date: 17 May 2003

Posts: 8,616

07-20-2005 07:14

From: Ellie Edo

But didn't Philip say only 13 items were compromised? And the hole is now plugged? And all the major major financial services people have declared "we're safe"? Or have SLExchange not yet done so ?

I think it'll all be blown over in a fortnight, except for some well justified long term griping. And some welcome improvements in our future security. Didn't a faulty Linden update "out" literally hundreds of products once? Which are circulating even now, while their poor creators still quietly grind their teeth ?

What is scary are the very valid reports that the scope is much larger than the 13 scripts- new scripts have appeared in the archive that is posted online, and there was a conspicuous lack of certain types of popular scripts (for example, gaming scripts) that gives credence to the belief that items are being held back for future release/use. The story is not over here. While Philip's statement seemed to provide comfort, it is contrary in some ways to the reality that we are still seeing.

You are right, there were multiple instances of permission bugs that caused content to be released in the past, and the genie was impossible to put back in the bottle. I still spend way too much time chasing down freebie collections (or more frustratingly, people actually selling my items), so yes, the teeth grinding continues.

_____________________

Cristiano

ANOmations - huge selection of high quality, low priced animations all $100L or less.

~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.

Raudf Fox

(ra-ow-th)

Join date: 25 Feb 2005

Posts: 5,119

07-20-2005 09:27

From: Cristiano Midnight

You are right, there were multiple instances of permission bugs that caused content to be released in the past, and the genie was impossible to put back in the bottle. I still spend way too much time chasing down freebie collections (or more frustratingly, people actually selling my items), so yes, the teeth grinding continues.

Since I refuse to see go to a website, is there a list of scripts that was released? I'd gladly help out, but I'd have no clue what to look for without a list.

As for the criminal/civil cases? All I can say is that the criminal would be easy, but the civil, I haven't had time to research for precidents. Otherwise, it's a case of try it and see. I mean, this is America.. and I can't remember where I heard this quote, but "This is America, you don't have to win in order to sue."

I think this means that a lawsuit looks bad no matter what, if you are the defendant.

_____________________

DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176

Want more attachment points for your avatar's wearing pleasure? Then please vote for

https://jira.secondlife.com/browse/VWR-1065?

Csven Concord

*

Join date: 19 Mar 2005

Posts: 1,015

07-20-2005 09:45

From: Raudf Fox

..."This is America, you don't have to win in order to sue."

I think this means that a lawsuit looks bad no matter what, if you are the defendant.

I most often take that to mean that a big corporation can sue a little guy and still come out ahead. They don't have to "win". They only have to force the little guy to pay so much in legal representation that it puts them out of business.

Azrael Harker

Registered User

Join date: 23 Jun 2005

Posts: 33

07-20-2005 10:03

Please forgive my intustion into this post...I'm new. The question that comes to my mind is...will the laws that apply to someone committing this crime in the US apply to these people if they arent US citizens, or are accessing the SL game from a different country. Not knowing all the facts, I can only speculate. Other than closing their account...is there really that much that could be done to someone from a country with no Hacker laws ?

Az

Raudf Fox

(ra-ow-th)

Join date: 25 Feb 2005

Posts: 5,119

07-20-2005 10:37

From: Csven Concord

I most often take that to mean that a big corporation can sue a little guy and still come out ahead. They don't have to "win". They only have to force the little guy to pay so much in legal representation that it puts them out of business.

Yes, this is one good example. The other is the little guy sueing and the big corp settling to keep it from sinking their reputation. It's not considered a "win" when there is no admission of guilt, but the big corp would rather not be seen as the "villan of the day" by the other little guys.

_____________________

DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176

Want more attachment points for your avatar's wearing pleasure? Then please vote for

https://jira.secondlife.com/browse/VWR-1065?

Chip Midnight

ate my baby!

Join date: 1 May 2003

Posts: 10,231

07-20-2005 10:43

From: Azrael Harker

Please forgive my intustion into this post...I'm new. The question that comes to my mind is...will the laws that apply to someone committing this crime in the US apply to these people if they arent US citizens, or are accessing the SL game from a different country. Not knowing all the facts, I can only speculate. Other than closing their account...is there really that much that could be done to someone from a country with no Hacker laws ?

I'm really not sure how that works. This person was from Canada which I'm sure has laws very similar to those of the US. It would be nice if we had some lawyers to chime in with what they know. All we can do is speculate, pretty much.

By the way, welcome to SL

_____________________

My other hobby:
www.live365.com/stations/chip_midnight

Potential Precedent Setting Case
Hiro Queso 503less Join date: 23 Feb 2005 Posts: 2,753	07-20-2005 06:21 From: Jeffrey Gomez With that I'm done posting to this thread. There's no point in bothering when we'd rather dwell on attacks. I am no moral angel by any meaning of the term, and you can quote me on that. I simply exist to offer my take on the matter, and if you don't agree with it, that's your perogative. In a way, it's a pity, as I really respect what you've done for Numbakulla, Cali. Good day. I am struggling to find an attack there Jeffrey. The only thing I can see is the following quote which I am sure is more directed at your good self than scriptors in general, but its a very valid point imo. From: Caliandris Pendragon ...Except that scripters think objects and their uniqueness are worthless, and scripted items are not... _____________________
Ellie Edo Registered User Join date: 13 Mar 2005 Posts: 1,425	07-20-2005 06:33 Guess there is so much legal naughtiness in SL - the first case to hit a court will drag it all into the light. _____________________
Ellie Edo Registered User Join date: 13 Mar 2005 Posts: 1,425	07-20-2005 06:40 From: Wayfinder Wishbringer or it was major and having gone out over the net, will be poured over by every high-level hacker on the planet, and within 2 months the entire Second Life economy is going to crash bigtime. No, this isn't a minor matter. And if I were a betting man-- considering how many griefers there are out there who hate LL and SL-- I'd bet on the second scenario. But didn't Philip say only 13 items were compromised? And the hole is now plugged? And all the major financial services people have declared "we're safe"? Or have SLExchange not yet done so ? I think it'll all be blown over in a fortnight, except for some well justified long term griping. And some welcome improvements in our future security. Didn't a faulty Linden update "out" literally hundreds of products once? Which are circulating even now, while their poor creators still quietly grind their teeth ? _____________________
Nala Galatea Pink Dragon Kung-Fu Join date: 12 Nov 2003 Posts: 335	07-20-2005 07:09 From: Ellie Edo But didn't Philip say only 13 items were compromised? And the hole is now plugged? And all the major major financial services people have declared "we're safe"? Or have SLExchange not yet done so ? Yes, this hole was plugged, but it was also introduced in one of the more recent patches. This bug has come around, been squashed, and come back again more than just this time. Plus, this is, as far as I am aware of, the first actually successful attempt to "hack the game." Now that people know it can be done, they will try and do it better. After all most of the worms released on the net have gotten better at causing havok than their predecesors. So yeah, this is gonna happen again. One of them might even be a very big hack. (Imagine someone getting access to the crumbling asset server with admin access and the fun they'd have with that.) From: Ellie Edo I think it'll all be blown over in a fortnight, except for some well justified long term griping. And some welcome improvements in our future security. Didn't a faulty Linden update "out" literally hundreds of products once? Which are circulating even now, while their poor creators still quietly grind their teeth ? Yup, but the difference is that this wasn't using the system's bug to their advantage. This was actually reverse-engineering the client to bypass the permissions in place. So we'll all still be grinding our teeth everytime this happens. To me, I always just think of these as those disaters you can pick out in SimCity. Sure, they wreck a lot of things you spent time building, and sure, you lose some people, but in the end, the game stays on and the people rebuild and eventually, things go back to normal, even though you KNow there is another disaster just waiting around the corner.
Cristiano Midnight Evil Snapshot Baron Join date: 17 May 2003 Posts: 8,616	07-20-2005 07:14 From: Ellie Edo But didn't Philip say only 13 items were compromised? And the hole is now plugged? And all the major major financial services people have declared "we're safe"? Or have SLExchange not yet done so ? I think it'll all be blown over in a fortnight, except for some well justified long term griping. And some welcome improvements in our future security. Didn't a faulty Linden update "out" literally hundreds of products once? Which are circulating even now, while their poor creators still quietly grind their teeth ? What is scary are the very valid reports that the scope is much larger than the 13 scripts- new scripts have appeared in the archive that is posted online, and there was a conspicuous lack of certain types of popular scripts (for example, gaming scripts) that gives credence to the belief that items are being held back for future release/use. The story is not over here. While Philip's statement seemed to provide comfort, it is contrary in some ways to the reality that we are still seeing. You are right, there were multiple instances of permission bugs that caused content to be released in the past, and the genie was impossible to put back in the bottle. I still spend way too much time chasing down freebie collections (or more frustratingly, people actually selling my items), so yes, the teeth grinding continues. _____________________ Cristiano ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.
Raudf Fox (ra-ow-th) Join date: 25 Feb 2005 Posts: 5,119	07-20-2005 09:27 From: Cristiano Midnight You are right, there were multiple instances of permission bugs that caused content to be released in the past, and the genie was impossible to put back in the bottle. I still spend way too much time chasing down freebie collections (or more frustratingly, people actually selling my items), so yes, the teeth grinding continues. Since I refuse to see go to a website, is there a list of scripts that was released? I'd gladly help out, but I'd have no clue what to look for without a list. As for the criminal/civil cases? All I can say is that the criminal would be easy, but the civil, I haven't had time to research for precidents. Otherwise, it's a case of try it and see. I mean, this is America.. and I can't remember where I heard this quote, but "This is America, you don't have to win in order to sue." I think this means that a lawsuit looks bad no matter what, if you are the defendant. _____________________ DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176 Want more attachment points for your avatar's wearing pleasure? Then please vote for https://jira.secondlife.com/browse/VWR-1065?
Csven Concord * Join date: 19 Mar 2005 Posts: 1,015	07-20-2005 09:45 From: Raudf Fox ..."This is America, you don't have to win in order to sue." I think this means that a lawsuit looks bad no matter what, if you are the defendant. I most often take that to mean that a big corporation can sue a little guy and still come out ahead. They don't have to "win". They only have to force the little guy to pay so much in legal representation that it puts them out of business.
Azrael Harker Registered User Join date: 23 Jun 2005 Posts: 33	07-20-2005 10:03 Please forgive my intustion into this post...I'm new. The question that comes to my mind is...will the laws that apply to someone committing this crime in the US apply to these people if they arent US citizens, or are accessing the SL game from a different country. Not knowing all the facts, I can only speculate. Other than closing their account...is there really that much that could be done to someone from a country with no Hacker laws ? Az
Raudf Fox (ra-ow-th) Join date: 25 Feb 2005 Posts: 5,119	07-20-2005 10:37 From: Csven Concord I most often take that to mean that a big corporation can sue a little guy and still come out ahead. They don't have to "win". They only have to force the little guy to pay so much in legal representation that it puts them out of business. Yes, this is one good example. The other is the little guy sueing and the big corp settling to keep it from sinking their reputation. It's not considered a "win" when there is no admission of guilt, but the big corp would rather not be seen as the "villan of the day" by the other little guys. _____________________ DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176 Want more attachment points for your avatar's wearing pleasure? Then please vote for https://jira.secondlife.com/browse/VWR-1065?
Chip Midnight ate my baby! Join date: 1 May 2003 Posts: 10,231	07-20-2005 10:43 From: Azrael Harker Please forgive my intustion into this post...I'm new. The question that comes to my mind is...will the laws that apply to someone committing this crime in the US apply to these people if they arent US citizens, or are accessing the SL game from a different country. Not knowing all the facts, I can only speculate. Other than closing their account...is there really that much that could be done to someone from a country with no Hacker laws ? I'm really not sure how that works. This person was from Canada which I'm sure has laws very similar to those of the US. It would be nice if we had some lawyers to chime in with what they know. All we can do is speculate, pretty much. By the way, welcome to SL _____________________ My other hobby: www.live365.com/stations/chip_midnight

Welcome to the Second Life Forums Archive

Potential Precedent Setting Case