Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

This is an EXPLOIT ! Bring the grid down and fix it !
Nibb Tardis
Registered User
Join date: 18 Feb 2006
Posts: 29
11-16-2006 02:01
In the past, when an exploit was discovered by LL, the grid has been taken down for the time that is required to fix it.

Why hasn't this been done this time ? Is it because of the ties that exist between LL staff and the LibSL effort ?

Until now, what has LibSL brought us ? God mode and Copybot. What will be next ? FreeMoneyBot ?

Other games that use proprietary protocols PROHIBIT reverse engineering to avoid exploits. If you want an open protocol, you need to add security to that protocol. Until SL has some form of secure communication layer, you MUST declare reverse engineering as against the TOS.

There is no way SL can be considered a serious platform for business applications until there is some built-in security in the protocol.

In my opinion, what LL must have done to face this security threat is:
- Bring down the grid and get to work on securing communication. Even if this takes a couple of weeks, it would at least show that you are taking the issue seriously.
- Declare that reverse engineering is against the TOS.
- Make it so that only LL certified clients can connect to your servers.
Kelly Linden
Linden Developer
Join date: 29 Mar 2004
Posts: 896
11-16-2006 11:58
There are different scopes and areas of 'exploit'.

In the past we have closed the grid and worked rapidly to fix bugs within our own code that have allowed permissions violations. At this point taking the grid down even for weeks will not fix the problem. Obuscating the data would be a huge undertaking that would introduce many bugs in our system and would probably be reverse engineered in a tenth the time it takes us to do. We are instead focusing our efforts on the systems we need in place, as stated in Cory's blog post. Bringing down the grid for this will not help.
_____________________
- Kelly Linden