theif application on the lose

so, apparently theres some application out there that can copy prims of anything and the new owner can be the "creater".

Anyone have any idea what`s going on?

Can this thing take things INSIDE a prim, or just the prim itself?

this is bad, real bad

From the post I read....it takes the prim, attachment points, and textures. Gimme a sec to see if I can find the thread.

/139/f4/148795/1.html

There ya go.

Are you talking about this? http://youtube.com/watch?v=nWQzKVfgSdE
Not sure how they are doing it.

ok this may sound paranoid: but dont believe the hype, for all we know the video IS the exploit. and as much i dont like the lindens right now, can you honestly believe that they would approve such a thing? especially when it does violate their TOS?

as one poster put it i call shenannigans.

if You did click that link, humour me and run your virus programs or adaware programs asap.

"Torley (2 days ago)
That's so freaky, reminds me of Terminator 2, when the T-1000 mimicks people and then kills them! Only I think he can do prim hair too... That's how you can tell who's the imposter, hahaha. "

=\

I really hope that's not Torley Linden for real in the comments of YouTube... if it is... my whole perception of SL has totally changed.

It wasn't good to start with but with that long ass drawn out "I live and breathe SL, cut me some slack" blog post, if that's Torley's comment.... I'll never believe another thing from his mouth.

Not really obvious, but "Will traffic die like DI" (/139/7a/148517/1.html) has some information:

Copybots!...... Copybots!

From what I heard, LL doesn't give a flip. Hope I'm wrong but you know... that's what I expect.

"File a DMCA"

heh. *sigh*

*shrug*

Maggie this is not a joke. The video is NOT the exploit. I've seen it with my own two eyes. o-o In fact I'm the one that started this rucus, I beleive. And happy to have done so. LL isn't taking care of letting residents know what's going on, so I'm taking the liberty.

That most-def is Torley.
And copybot's code is no longer in SVN for the time being, so you're safe... for now

And I was there, and you're blowing everything completley out of proportion. You are trying to start some kind of riot and get people riled up, which is most-def trolling.
What can be seen can be copied. There have been prim copying programs and exploits way before libsl. LL is waiting to get all the facts before scaring their users. The code is nolonger in SVN for the time being.

Your statement that the code is 'no longer available' does not get over the fact that it shouldn't have existed in the first place.

It is a clear exploit, and all those involved in its creation should be permabanned immediately. There is no place for people like that in this game.

I'd say that this was another great reason to add to the many that libsecondlife should be halted and closed down as soon as possible. The fact that there are Lindens in that group is outrageous.

The group charter says it is a 'reverse engineering team'.

ToS 4.2 states clearly that "You may not charge any third party for using the Linden Software to access and/or use the Service, and you may not modify, adapt, reverse engineer (except as otherwise permitted by applicable law), decompile or attempt to discover the source code of the Linden Software, or create any derivative works of the Linden Software or the Service, or otherwise use the Linden Software except as expressly provided in this Agreement."

You cannot give special treatment or dispensation to a group of residents to break the ToS when others are not allowed to.

Will Linden Lab take the appropriate action... or just bury their head in the sand and pretend it isn't a problem?

Lewis

You're right. I AM trying to start a riot; a riot over something that is COMPLETELY unjust, that no one else is taking note of. You see, this is what you HAVE to do when the authority doesn't let citizens know what's going on.

Fact is, there damn well IS something to be scared of. And SL residents SHOULD be scared of it. Because it is there, and it will not just go away if we wish hard enough and keep it on the low. So LL doesn't want to get its residents worked up over this..? That's too bad, because there will always be people like me that will absolutely ruin that.

The residents of SL have a RIGHT to know what's going on.

Now THAT'S nice.

You are in this libslgroup, and you say something like that?

I will point out that this sort of thing is against the terms of service in the first place. LL just decided to let libsl do these kinds of things anyway.

The TOS is supposed to protect all of us from things like this.

coco

Oh yeah, and by the way, now they do.

Soo i dont get it

I saw the video of the thing changing shapes and i read about it in the sl herald, someone said they can take it but can no distribute, is this true? can they take things INTO their inventory? or is this simply just somethin that can copy and create in the open?


im no really understanding...


should people be closing their stores?

It's an opensource outside client that completely copies ANYTHING that is rezzed completely and too a tee. The owner commands it, it's coppied, it's his -assets saying that he is the creator and everything. Full perms.

Well they did not take it down until just recently. It was still freely available as late as 7:30 PM PST this evening (Monday) !!!


And it would probably still be there if a resident hadn't made a big splash about it on the The Linden Answers Forum.
\.

/

"AA: Hello. I would like to direct your attention to the fact that SL servers perform absolutely no verification of commands sent by the SL client. This allows anyone with the ability to forge communications to copy any asset inworld. This is not difficult for anyone with moderate technical capability. Obviously, this is an issue for content creators on all levels from personal to corporate. LL has been aware of this for years, and has done nothing. It is the foundation of their protocol and server code which allows such insecurities, and to fix this would require major redesign of SL back-end programming. However, if LL is to promote SL as a "platform for business and development", security is required. Perhaps a bit more public attention would
http://www.secondlifeherald.com/slh...rotec.html#more

Well? How about that? Not clear whether LIBSL is wearing the white or black hats for this one.



.

File: [libsecondlife] / trunk / applications / CopyBot / CopyBot.cs (download)
Revision: 574, Mon Nov 13 09:52:41 2006 CET (21 hours, 8 minutes ago) by lancej
File size: 25814 byte(s)

You *are* aware SVN keeps track on all changes made to content of repository, so one simply needs to request a bit earlier revision of directory listing and they can view the very same code that is "no longer there", right..?

For those who are a little lost: someone, using the libSecondLife project, has apparently found a way to duplicate clothing and avatars by intercepting the data that SecondLife sends to the client and then re-uploading it to the server. This essentially creates a brand-new inventory object that is identical to the original. Jesse is a libSecondLife evangelist. Lewis would rather see the entire libSecondLife project deleted and everyone who's contributed to it permenantly banned from Second Life.

For what it's worth, I've been an advocate in the past for libSL, and in fact for anything that gives users more control over their experience in Second Life. I believe that anything that gives the user more control over their experience is a good thing. However, I also firmly believe that ANY theft of IP should be punished.

Rather than yelling at each other, how about we step back and take a rational look at this. There are several issues at play, and resolving this will not be easy.

The surprise should not be that this has happened, but that it hasn't happened sooner.

ALL of the content in Second Life, except for scripts, is displayed on the SL client. This means that in the absence of some unbreakable encryption (and trust me, there's no such thing), it is possible for anyone to record the data coming down the pipe and analyze it. This is not unique to libSecondLife, and the TOS will not stop people from being able to do this in the future.

libSecondLife is not capable of doing anything that the SecondLife servers don't allow. the problem is that most of the security in SecondLife occurs at the client level, and not the server level. Simply put, this is BAD. I've done quite a bit of client/server programming, and I can tell you that when you don't enforce a rule at the server level, it will get abused. Already, several security holes have been uncovered ("map anyone" ring a bell?)

The question is, what can be done about this problem? The cat is out of the bag. Even if the source code were taken down tonight, people could still use what's out there to build on. The reverse-engineering efforts will continue, but will do so under the cover of darkness. Throwing the TOS around like a club won't work, because it's simply impossible to put the cork back on the bottle after the genie has been released.

The simple fact is that SecondLife relies on the client having an in-memory copy of the data that's on the server. Prims have to be transmitted to the client before they can be displayed; there's no way around this fact. As long as prims are displayed on the client, sounds are played at the client, and animations are run on the client, it will be possible to duplicate them. At the moment, it's impossible (afik) to steal a script, since it's executed at the server.

How do we protect IP in the real world? It's possible to photocopy a book, rip a CD, and even copy a 3D object using a 3D scanner and printer. IP protection in the real world is a very expensive process, and involves millions of dollars and hundreds of thousands of man-hours every year. Just stopping the import of pirated movies, books, and software is a full time job for many port inspectors.

So the real problem here is not libSecondLife, the copy bot, or whether Jesse and Lewis will ever get along. The real problem is human nature: there will always be people who can and will do things the easy way. The only long-term solution to preventing IP theft in SL is for consumers to be aware of what the "real thing" is, and to give users a way to quickly and easily tag pirated merchandise when it's found. Perhaps a system similar to the AR can be implemented that can be used specifically to flag stolen content. Perhaps a SL Copyright Office can be created, with the sole job of registering items that users have created.

But whatever you do, you must remember the two most important words in the Universe, and no, they're not "Bring a towel". That's 3 words. They are

[left] [/left]
[left]This will be resolved. Rather than fighting amongst ourselves, let's find a way to work this out. Come up with reasonable schemes to help prevent future problems like this. Remember: SL piracy isn't going to go away by itself. People were pirating content long before this happend, and will continue to do so if a larger change isn't made. Let's figure out what that change is going to be together.[/left]