From the offblahg: "Unfortunately, during the course of the update, we discovered that it included a bug which caused objects purchased in-world to be fully permissive.
After we reproduced the bug in-world, we kicked everyone off the grid and restricted login to Lindens only (this was at 2am PST). Next, we identified the bug and created a fix for it, which was deployed and tested while the grid was down.
The code we rolled out this morning includes additional security protocol, which in addition to the changes going into the next release on Wednesday should help reduce these types of grid attacks in the future. Thank you all again for your patience and support throughout the night. "
----------
You did not state in this blahg post whether you actually fixed the objects that were purchased during the period the exploit existed. Are there object still floating around in peoples' inventory that is fully modifiable, which should not be?
Even if you did manage to retroactively find and re-permission all such objects, what's to have prevented the culprits from opening scripts that should have been protected and copying the content of those scripts out of SL and into external files for later examination and reuse or modificaiton?
In short, can you reassure your hardworking resident content developers, especially the folks who earn their (SL and/or RL) income from their scripted objects for sale? Are we about to have a bunch more Frans Charming-type casualties on our hands? Can you inform us as to the extent of scripts that were potentially exploited in this way?
BTW, it's great that you were so quickly responsive to the discovery of the bug and I'm sure that many LL people were called away from their beds to deal with the problem. Kudos for this; I know emergencies like this really suck.
On the other hand, however, this is yet another example of what's wrong with your QA process. A quick emergency fix slapped together and not rigorusly put through a full suite of carefully designed regression tests should NEVER be applied to a production system. Especially not a production system that affects REAL LIFE commerce.
This latest issue also exemplifies what is wrong with your entire current set of priorities. You MUST shore up your infrastructure before you continue your mad dash for expansion. There are too many serious holes in your client, server, and LSL code. You are growing too quickly for your infrastructure to deal with the new strain on the system.