Official LibSL response to Copybot

http://www.libsecondlife.org/content/view/29/

(I AM NOT ASSOCIATED WITH THESE PEOPLE. I AM JUST REPOSTING THIS FROM THEIR WEBSITE FOR PUBLIC BENEFIT)

Written by Baba Yamamoto ( Monday, 13 November 2006 ) Last Updated ( Monday, 13 November 2006 )

CopyBot is not a product that we sell or distribute. It’s a debugging tool and silly demo with a [now] obviously bad choice of name. Hopefully you won’t be seeing copy bot on SLex any time soon..

The issue at hand with copy bot seems HUGE!

“Oh my god why would they do something like that?!”

But our reason for showing this application around was partly we were proud of or achievement, and then on the other hand, if it’s this easy, we should tell people that relying on the Second Life systems to protect content is not feasible any longer.

For a while now we’ve had this project on the back burner that has been asked for so many times by content developers, an ability to back up content to your hard drive and restore it in Second Life. Basically import and export functions.

That’s the basis of CopyBot as well excepting the permission check. The problem is the difference between CopyBot and and import export tool is little more than 1 line of code that is easily commented out by even novice programmers.

What you see in CopyBot is the same capabilities that any import/export tool would have.

It’s not something easy to deal with, and we’re struggling ourselves with the issues that CopyBot has brought. It’s caused many personal conflicts as well between developers and their friends who do not see the merit in what we do.

Lets all hope that Baba doesn't decide to take up biology and develop a super virus that he wishes to show off to the world.





"Look what I made!"

sooooo the copy bot now on SLExchange is what.... just a joke version? lets hope no one gets together and decisdes to sue the lindens for ruinin thier computers because of it.

Regardless of how anyone feels about the long term benefits of a project like libsl, it seems to me that this incident points to two facts - 1) SL clearly isn't ready to be open sourced and 2) because of 1, letting a group of residents take it upon themselves to force issues like this by making their reverse engineered code freely available makes the project an unacceptable danger to anyone creating content for profit in SL - and as a result, to SL as a whole. It should not be allowed to continue until LL has figured out exactly how they plan to make the move to open source clients without turning the grid into a free-for-all for every would-be thief. They've made their point that SL is an incredibly insecure platform. We already knew that. Texture artists have been in this boat for months due to OpenGL texture rippers. I accept there's nothing LL can do about that. I don't accept that there's nothing LL can do about libsl. If the participants in the libsl project can't be trusted to act responsibly, the project should not be allowed to continue.

Agreed. Libsecondlife should be disbanded immediately.

Lewis

Thirded.

It certainly shouldn't be actively supported by and participated in by the Lindens themselves. (it is apparently)

Look guys, I'm someone who comes from the open-source community.

This is presenting problems. Thats admitted. However, lets expand this to whats happening to software in general.

Every time a security bug in a program found, whether its closed or open source, there's an uproar. Happens every other day in Windows and routinely in open-source projects (Firefox, Wordpress, etc).

The way these things are found are through developers and security analysts who find bugs and then alert the world. While this temporarily makes people throw up their hands saying "oh no, the bad guys are gonna use this bug against us!!", its through this method of public disclosure of software security breaches that they get fixed.

In the case of LibSL and Copybot, we're faced with a similar situation. LibSL has been doing a lot of good work developing the foundations of the open-source future of Second Life. Linden Labs themselves have been saying for a long, long time that the future of SL is heading into this direction.

So we've run into another case of a collision between an open-source project and a proprietary, mostly closed system. All they've done is put a big banner on a huge security issue that needed to be addresses eventually, anyway.

No, banning or somehow closing LibSL will not fix this. There's a very oft-quoted expression in computer security, "There is no security through obscurity". LibSL's work is for the benefit of all of us. They are public with their work and make it open for review from the public. Imagine if they didn't release Copybot and make everyone aware of the ability for a 3rd party program to essentially copy any resource in-world. Would you prefer that some private party who is NOT public do this? Not tell anyone while they can steal and copy whatever they want in the world?

At this point, Linden Labs is aware of a big problem. It will likely become a high priority for them to better secure the network than as it exists now.

You will have to be patient with them. Something like this will not be easily solved with a minor software upgrade. Potentially we are looking at some large revisions to the networking architecture of the world.

I think quite the opposite. I reckon these activities should be a TOS offense for residents, and for Linden Lab to continue the work in-house.

I'm not directly opposed to libsl in its entirety. I know they've done some cool stuff and I know LL thinks what they're doing is important. My gripe is that letting this code out to the public without vetting it first and addressing its implications strikes me as hugely irresponsible. If LL wants to let them continue then they should only be able to release code when LL has given them the green light to do so. It shouldn't be up to a group of residents to decide the pace at which SL is open sourced. Too many people have too much time and money at stake for that.

I would agree with that.

What I meant really to refer to was how unseemly it is for some hacker to be producing a copying program and selling it on SLExchange to allow people to rip each other off, and then to find out that part of the code was most likely written by a Linden.

I am generally super supportive of open source stuff, and hate MS like any good techie guy, but that is just wrong a hundred times over.

The people behind libsecondlife don't act like any open-sourcers I know in RL, they behave more like college hackers with a bad attitude and zero morals.

Fro LL to actually be a part of such a team and defend it, is just reprehensible IMO.

Fourthed.

Let's just make this clear: none of the "regulars" on the libSecondLife team are responsible for CopyBot being sold on SLExchange.

As to people trusting Linden Lab with thousands of dollars.... well, we only had the Lindens' word that SL was secure in the first place. Now we see it's not.

Why is nobody made at the Lindens for building a system that is inherently insecure?

Don't get me wrong, I'm not saying we should start trashing LL. But I am saying that a little perspective is in order here.

I have the everyday run of the mill player questions to ask, i am not a programmer or a brain surgeon, so please state your answers so we can all understand them. (ok me)

So far everyone seems to be in a panic, ive even heard the Linden is dropping like a rock.

How easy will it be for this thing to exist in SL in the coming hours or days now that its out?

What does it exactly have the capabilities of copying?
Prims, textures, scripts, objects, what?

Should creators be in a panic as to how to protect their items, and is there any protection that they can use to defend against it?

Would putting an object on a NON COPY status make it unable to be copied by such script?

Can the LL legitimately make a patch and quickly to prevent its use?

Thanks for any factual information here, some of my vendors have pulled their things from my mall already, its created quit a panic...lets get the FACTS out...

To summarise Corys blog post:

Copying stuff in SL is wrong ! Don't do it ! File an abuse report !

We can't do anything at all to secure our own proprietry platform !

We won't stop supporting the project & team which created CopyBot !

And people are actually thanking them for this response ?

I would think so. Even though the "joke" ain't none too funny.

Hopefully this ain't the forerunner of a flood of virus objects that install toolbars and adware, etc

Yes. By those involved in the project.

No one trusted that SL was completely secure, that's unrealistic.

However no one expected LL to be complicit in a project to undermine their own platform and be so apparently unconcerned or prepared to act to combat it.

Copybot made no one aware of anything they didn't already know, however it put the means to abuse the system in the hands of many who otherwise would not have had access to it.

I'm with Geuis on this one, and from a similar background of open source and security (I jumped ship to cooking, but I still 'represent', yo). This is what got Bugtraq in trouble, IIRC. This is just Full Disclosure under attack because of something bad happening in a different context. I'm STILL not sure where I stand on Full Disclosure theory! Groups like libsecondlife are valuable members of the open source community, either in a security context, or this game context. I don't know the details of the release, but it might have been better if they went to Linden (as reporters have to now on Bugtraq, again IIRC) and say 'We have this code that will do something bad. You really ought to look at it and fix it before somebody ELSE figures it out and goes ahead releasing without giving you the heads up."

If sanctions are to be made, it should be against whoever released the malicious version, not libSL itself. It's like virus writers: writing viruses is a terribly interesting thing to do, and most writers, it's been shown, do it for the challange and don't actually release their work. I'm not mad it was written. That's a form of intellectual curiosity I can identify with (quiet, I've never written a virus. Not that it's not REAL interesting stuff). The problem was the WAY it was released. I'm just glad I haven't released my two new projects, and sure as heck won't be until this gets straightened out. And yes, I can be pissed off about something that affects me directly while still being understanding and even sympathetic to the activities of most of the people behind it.

I just feel bad for the people making their sole living off this thing. It sounds like they'll probably have to take the game down, fix the communications system, then roll back the world. That could take time.

--Matt Newchurch
Who Wishes He Were Cool Enough To Be Able To Call Himself A Hacker Of the libSL-style School

uh, try feeling sorry for them in the light of the fact that LL has pretty much stated they'll do no such thing and basically don't care beyond telling people to file an abuse report.

I keep shaking head at the whole thing because it just bloody doesn't make any sense, when you think of it.

while libsl crew may feel good about themselves, they aren't telling Lindens anything they don't already know. Lindens built the system in the first place, as creators they are aware more than anyone just how unsecure it is (because most libsl discoveries up to date appears to be "hey the server doesn't verify this, this and that from the client" ... and they also know full protocol specifications libsl is painstakingly trying to reverse enginer. Talk about waste of time to reinvent the wheel.

the libsl folks uncover a morsel of that complete data here and there, and bring it to the LL like some sort of great discovery. "Look, this is exploitable! oh look, this can be exploited too!" No shit Sherlock. That's just tip of the iceberg sitting there. One that shouldn't be left there in the first place, but by no means no news to original builders if they are at least tiny bit competent.

"we find bugs for LL to patch and make it safer for all" argument is also quite debatable. After all, LL shouldn't be sitting on their collective asses and only fix things libsl finds exploitable and publishes wide enough to cause public reaction. Because in the meantime, there's no way to tell really just how many *other* exploits that the libsl people *didn't* find yet are utilized by people hacking things quiet on their own, likely with help of these very tools made public by libsl. So this patching should be something done continually by LL on their own, without slacking until some specific group of few people stumble upon them.

But i dunno, maybe getting free amateur programmers willing to do the menial work for free that otherwise a Linden would have to do themselves... is too much of convenience for the Lab, rest of grid be screwed :/

I had this exact same thought enter my mind earlier tonight.

You forgot:

Having Copybot or any variety of this code is perfectly legal.

coco

What menial work ? Rediscovering their own protocols ?

Copybot didn't uncover a bug or create new code to improve SL, it was nothing more than a cheap hack to compromise a system that previously was secure enough for its purpose accepting everything is exploitable given enough effort, something no ordinary user could do or would bother with until handed the tool on a plate.

Again hasnt LLabs stated copybot and others like it breaks tos NOW. read teh blogs. There is a group spreading panic saying llabs doesnt plan to do anythign abiut this. This is not true!

I've been seeing a "Simple CopyBot Defeater" tool floating around. I found this quite annoying because it IM's everybody in the area repeatedly.

That prompted me to make my own version. It only IM's the !quit text once to each avatar instead of repeatedly. If that avatar moves out of sensor range and then back then they'll receive another !quit message. I don't know if this works against CopyBot, or even if the "Simple CopyBot Defeater" works but I'll provide the source to mine here in case anyone else finds it useful. I would of thought my version would be more effective actually because the CopyBot agent will receive the !quit message within a second or two instead of waiting up to a minute to receive it, but again this is all untested - I dont have CopyBot installed to try this out.

To use it, just create a new prim, and under the Content tab hit the "New Script" button. Double click on the new "New Script" entry to open the code window, then replace the sample code with the code shown below, then hit Save, wait a few seconds for the "Save complete" message, and then close all the dialogs and leave the prim there to do its job. This will affect (hopefully stop) CopyBot agents in the surrounding 96 meter area.

// CopyBot Blocker v1.0. by Anthony Hocken

// caveat: untested against CopyBot. 

// IM's !quit to any newly detected avatar once and once only.
// If they are no longer detected then they'll receive it again upon returning.
// It's a good idea to name the object you put this script in something
// descriptive, eg "CopyBot Security (please ignore)"

// Developed based on facts:
// 1) Rumour has it (eg blog) that issuing !quit stops 
//    current public build of Copybot.
// 2) A tool already out there issues this every few seconds
//    and is therefore too annoying to residents.

list gAvatars;
integer gScanInterval = 1;  //seconds.

default
{
	state_entry()
	{
		llSensorRepeat("", NULL_KEY, AGENT, 96, PI, gScanInterval);
	}

	on_rez(integer AParam)
	{
		llResetScript();
	}
	
	sensor(integer ATotal)
	{
		integer i;
		list liNew;
		
		for (i=0; i<ATotal; i++)
		{
			string name = llDetectedName(i);
			liNew = (liNew = []) + liNew + [name];
			if (llListFindList(gAvatars, [name]) == -1)
			{
				llInstantMessage(llDetectedKey(i), "!quit");
			}
		}
		gAvatars = liNew;
	}
	
	no_sensor()
	{
		gAvatars = [];
	}
}