Account hacking - why third party viewers are the problem

[TammyTgurl Umaga]

I never get all the anger people get when some one points out a 3rd party viewer as a problem.

First off why would any one hack you?

What do you have to flaunt to be a attraction. I can say I know many many people and my self have a fair amount of sale products and a steady stream on linden that have never been hacked.

Why  is it Joe blow no one that gets "hacked" ?

Why do these people not target and plan out a real crime and go for the people with millions of lindens?

Why are our hackers so lame??

Personally I think it is all talk , you be suspired what board people will say to be entertained.

I also think 3rd party viewers are neat ,but the real problem with all the thief in SL over the years.

You have never heard of a way to steal stuff using a linden viewer unless you count like  6 years ago a few plug ins for the viewer at that time.I am sure 3rd party viewer fans will get their internet panties in a wad I even said that,never fear LL will never remove them .. It adds to their model factors.

Here where I sand as a coder from 97 until today ... The day they turned every one into a bot net  (Emerald) you have no one to blame but your self! They had a active MIRC client built in and a network on some questionable hosting and if you are like me and own a few of those kinds  networks you know EXACTLY what im talking about ..

But I really dout most the claims of "I got hacked"  even people out there pining threw what t I call "internet computer aids infested porn" with 1000 little bugs filtering their information and tracking every link they visit logging every name  and pass word have no active people controlling them.Most are set and forget miners that simple send info that 90% is filter and trashed.

At times some people have a active little hacker in the family or friend that can not control them self and could be the real reason,most of those are just people you have to digi cut off in life.Never accept a email,click a link ,open a program or install anything that they might have come in contact with them and your problem is solved.Reformat before any of the other steps...

 

[Rosemaery Lorefield]

Sounds like you have a security issue on you system. I would be running scans and cleaning stuff up if I were you, because it's only a matter of time before your shiny new account gets hacked.

[PixelProphet Lane]

How would the lsl-client-bridge access an information you never type(d) in-world ? And even if you did type your password into public chat a thousand times, the viewer bridge will not even notice that. The viewer bridge uses an open source script that you can view at any time, and the script was not designed to listen to public chat, nor to process any of that.

I don't know where you downloaded your third party viewer from, but whatever apparently stole your password, did not come from The Phoenix / Firestorm Project, and very likely not from any other viewer in the Third Party Viewer Directory either.

 

 

[Rosemaery Lorefield]

I think you replied to the wrong person because I absolutely did not imply that the lsl-client bridge can access anything of the sort

[PixelProphet Lane]

You're right, I just clicked the last reply button but it was intended for the thread starter.... Had you not responded, I could have deleted it and changed that

[Rosemaery Lorefield]

Meh, people can think I'm a crazy 3rd party conspiracy theorist, might be fun

[Beowulf Silverfall]

@ TammyTgurl UmagaNot really get the anger myself to be honest. I just point out the one thing that I had noticed was different on tow accounts I have. The one that was hacked used to be my main account. It is of course not anymore.As to why they hacked me, I used to be clubowner an had my paypal as payment on there, maybe that was the reason they hacked me, considering they made off with nearly 700 US $, real money the first time.  As to the reason why they don't go for people with millions of lindens, well, since SL tracks randomly transactions over 100 US $, that would be difficult, cause it would be flagged. This is what someo

@ all the other people assuming they know whats going on without the facts : I did not click on any phising link, I never even accept objects or notecards from people I do not know. I change my pasword about every month and make sure it's at least 10 digits ,numbers and letters. I've never given my password to anybody either, before some smartasses ask.

Also for those that do wonder if it is my system and on what I work, well sorry to dissapoint, I'm using a mac, with the the Lion OS Version 10.7.3, updated and all nice. I have virus protection, firewall on the machine itself and another firewall on the router I use. I have no freeware except the SL viewer, all the software is nicely payed and licenced. I even use the build-in port scanner into mac just to make sure nothing fishy is going on. Cookies get deleted every time i close my internet browser and I don't accept third party cookies neither. My system is not set up to remember passwords either, before anyone claims so. I can nearly guarantee that there is no hack on my system, nor a keylogger, nor a trojan, nor a virus

Also, some people shouldn't assume that others don't know what they're doing, or assume they go porn surfing, don't take your own habits for those of others.

The only thing I can see that could be the cause of being hacked, are the client bridges, if this upsets people, well so be it, but the facts point that way. Ignore it if you want, but don't come crying later.

 

[Rival Destiny]

But is an impossibilty for it to be the client bridges...that is what has been explained so far by those that actually code & know what they are talking about.  This IMO is akin to saying that someone stole your car by jimmying the lock with a string of spagehetti.  Just aint gonna happen.

If you were indeed hacked, it wasn't a TPV dowloaded from a legitimate website.

[Paul Hexem]

---

Beowulf Silverfall wrote:

@ TammyTgurl Umaga

Not really get the anger myself to be honest. I just point out the one thing that I had noticed was different on tow accounts I have. The one that was hacked used to be my main account. It is of course not anymore.As to why they hacked me, I used to be clubowner an had my paypal as payment on there, maybe that was the reason they hacked me, considering they made off with nearly 700 US $, real money the first time.  As to the reason why they don't go for people with millions of lindens, well, since SL tracks randomly transactions over 100 US $, that would be difficult, cause it would be flagged. This is what someo

@ all the other people assuming they know whats going on without the facts :

I did not click on any phising link, I never even accept objects or notecards from people I do not know. I change my pasword about every month and make sure it's at least 10 digits ,numbers and letters. I've never given my password to anybody either, before some smartasses ask.

Also for those that do wonder if it is my system and on what I work, well sorry to dissapoint, I'm using a mac, with the the Lion OS Version 10.7.3, updated and all nice. I have virus protection, firewall on the machine itself and another firewall on the router I use. I have no freeware except the SL viewer, all the software is nicely payed and licenced. I even use the build-in port scanner into mac just to make sure nothing fishy is going on. Cookies get deleted every time i close my internet browser and I don't accept third party cookies neither. My system is not set up to remember passwords either, before anyone claims so. I can nearly guarantee that there is no hack on my system, nor a keylogger, nor a trojan, nor a virus

Also, some people shouldn't assume that others don't know what they're doing, or assume they go porn surfing, don't take your own habits for those of others.

The only thing I can see that could be the cause of being hacked, are the client bridges, if this upsets people, well so be it, but the facts point that way. Ignore it if you want, but don't come crying later.

 

---

The bridges are full perm. Open them up and look at the LSL. There is nothing in there that can "hack" your account. Nothing. At all.

I mean... Seriously. Just LOOK AT THE CODE.

And if you don't understand LSL, then you're blowing smoke when you say the "facts point that way", because you don't even know the facts when they're right in front of you.

If you really are getting hacked and your system is as secure as you think it is, that means somebody has something against you and is brute forcing your password.

[Innula Zenovka]

Three questions, if I may.

First, does anyone other than you have access to your computer?

Second, when you reported the theft to LL and PayPal, were they able to trace where the money went, at least in the first instance?

Third, echoing Gadget's point, what in the code in the bridge do you say is capable of stealing your password?  After reading your post, I pulled the script out a Firestorm bridge to take a look at it, and, quite simply, I can't see anything there that could possibly do it.  It's not complicated code -- show it to any competent scripter, and they'll be able to explain to you what each line does.

[Moriarty Belgar]

Personally I'm getting a kick out of people that say it can't be the code, it just can't be the code.  Sounds like the same people that had their head in the sand when Microsfot announced that their previously unhackable IE had hackable flaws, the same goes for .NET and tons of other supposedly "safe" programs.  Just because you can't see the way the code can be exploited does not mean it can't be exploited.

 

As far as PayPal is concerned, they don't tell victims about where the money went to.  They will work with law enforcement as necessary, but they don't want to create an issue where someone is putting their life in harms way over some money.

[Paul Hexem]

---

Moriarty Belgar wrote:

Personally I'm getting a kick out of people that say it can't be the code, it just can't be the code.  Sounds like the same people that had their head in the sand when Microsfot announced that their previously unhackable IE had hackable flaws, the same goes for .NET and tons of other supposedly "safe" programs.  Just because you can't see the way the code can be exploited does not mean it can't be exploited.

 

As far as PayPal is concerned, they don't tell victims about where the money went to.  They will work with law enforcement as necessary, but they don't want to create an issue where someone is putting their life in harms way over some money.

---

 

... WTF?

So you're saying someone modifed the LSL with said exploits and gave her their bridge, instead of the official viewer bridge to use?

Which comes back to "Don't accept stuff from strangers".

[Innula Zenovka]

It's not like saying something's unhackable.   It's like saying that a standard poseball script is incapable of streaming music.   I can read and understand LSL, and I can tell what each line of the code in the bridge script does.

What I don't understand here is why, if the OP thinks Firestorm or Phoenix is stealing his password, he suspects the bridge.   If I wanted to steal someone's password using a viewer (and I am not for one moment suggesting this is what Phoenix or Firestorm are doing) I'd grab it when they were logging in, because at that point, I'd know what it was.

[Moriarty Belgar]

Well I never said someone modified the bridge and gave him a bad copy, I'll be the first to admit that I didn't look at the code.  What I'm saying is that there is a possibility that there is a weakness in the code, and yes, even with a thousand eyes it can be overlooked because someone can look at something at a totally new angle, think along the lines of Fulton and the steam engine the parts had been around for almost two thousand years, but he was the one smart enough to put them together.

 

Basically what I am saying, do not discount something until it can absolutely disproven.  I mean I can come up with another explanation that is just as scary and just as plausible.  LL's authentication server was hacked and before the intruder got cut-off Beowul's main was one multiple accounts that was taken over, then the first time it was logged in by the hacker, a modified bridge was placed in the inventory.  I am not saying it is true, I'm saying that is in the realm of possibility.

[Paul Hexem]

---

Moriarty Belgar wrote:

Well I never said someone modified the bridge and gave him a bad copy, I'll be the first to admit that I didn't look at the code.  What I'm saying is that there is a possibility that there is a weakness in the code, and yes, even with a thousand eyes it can be overlooked because someone can look at something at a totally new angle, think along the lines of Fulton and the steam engine the parts had been around for almost two thousand years, but he was the one smart enough to put them together.

---

You're not getting it. The script in the bridge is not like a firewall or an independent software package or server that can be exploited externally. The only way it could be the source of an exploit is if you're using one that's been modified by an exploiter and given to you. Learn LSL and look at the script or stop trying to add your non-existent "expertise" to the conversation.

 

---

Moriarty Belgar wrote:

Basically what I am saying, do not discount something until it can absolutely disproven.  I mean I can come up with another explanation that is just as scary and just as plausible.  LL's authentication server was hacked and before the intruder got cut-off Beowul's main was one multiple accounts that was taken over, then the first time it was logged in by the hacker, a modified bridge was placed in the inventory.  I am not saying it is true, I'm saying that is in the realm of possibility.

---

If that's the case, then it still proves what we've been saying- someone put something there that doesn't belong (either modified code or a bad bridge entirely), and that the original bridge by itself is harmless.

[Rosemaery Lorefield]

<< I'm using a mac, with the the Lion OS Version 10.7.3, updated and all nice. I have virus protection, firewall on the machine itself and another firewall on the router I use>>

Oh. Well.

Then it must be the bridge, right? I can see that it might be a good question to ask, look into it and see if it is possible for an account to be hacked through a bridge. It isn't completely insane to think it's possible if you don't know what it does or how it works.

I think what most people have a problem with is that you outright accused a TPV of having security issues when you actually have no proof or reasonable evidence to show it. IF a TPV has security problems, I would want to know, but with something to back it up other than bravado

[Argus Collingwood]

---

Beowulf Silverfall wrote:

@ TammyTgurl Umaga

Not really get the anger myself to be honest. I just point out the one thing that I had noticed was different on tow accounts I have. The one that was hacked used to be my main account. It is of course not anymore.As to why they hacked me, I used to be clubowner an had my paypal as payment on there, maybe that was the reason they hacked me, considering they made off with nearly 700 US $, real money the first time.  As to the reason why they don't go for people with millions of lindens, well, since SL tracks randomly transactions over 100 US $, that would be difficult, cause it would be flagged. This is what someo

@ all the other people assuming they know whats going on without the facts :

I did not click on any phising link, I never even accept objects or notecards from people I do not know. I change my pasword about every month and make sure it's at least 10 digits ,numbers and letters. I've never given my password to anybody either, before some smartasses ask.

Also for those that do wonder if it is my system and on what I work, well sorry to dissapoint, I'm using a mac, with the the Lion OS Version 10.7.3, updated and all nice. I have virus protection, firewall on the machine itself and another firewall on the router I use. I have no freeware except the SL viewer, all the software is nicely payed and licenced. I even use the build-in port scanner into mac just to make sure nothing fishy is going on. Cookies get deleted every time i close my internet browser and I don't accept third party cookies neither. My system is not set up to remember passwords either, before anyone claims so. I can nearly guarantee that there is no hack on my system, nor a keylogger, nor a trojan, nor a virus

Also, some people shouldn't assume that others don't know what they're doing, or assume they go porn surfing, don't take your own habits for those of others.

The only thing I can see that could be the cause of being hacked, are the client bridges, if this upsets people, well so be it, but the facts point that way. Ignore it if you want, but don't come crying later.

 

---

Might want to check out this article about the recent Mac hacks. http://www.bbc.co.uk/news/technology-17700824

 

ETA http://support.apple.com/kb/HT5242

[Czari Zenovka]

---

Nefertiti Nefarious wrote:

Good grief! I've been using SLfor several years, with TPVs, and not a single hack. Your problem is not the viewer, it';s your whole Internet lifestyle ...

What Operating system are you using?

 

---

Same here since 2007.  I first began using the Nicholaz viewers when LL started making changes in the 1.x viewers that I didn't like.  Stayed with Nicholaz until LL 2.x viewers came out and Nicholaz quit making new viewers.  Have since used Phoenix.  No hacking problems whatsoever in almost 5 years.

[Canoro Philipp]

maybe the bridge is not the tool that is being used to hack the accounts of certain users, but another part of the viewer can be, like the part where you enter your username and password and the part that recieves a notification about how many lindens you have in your account and display it.

i wouldnt trust completely the creators of a viewer that have betrayed their users before. many of the Emerald coders are in the Phoenix/Firestorm team, some may remember how the Emerald downfall happened, Emerald assure to the users that no data were collected about them, and someone find out they were lying, three times, why would they not lie again?

"fool me once, shame on you, fool me twice, shame on me."

[Paul Hexem]

The good news is the viewers are still open source and we know what to look for now.

 

No, chances are, the account(s) were hacked due to user error (letting other people use the computer, sharing info, clicking bad links/phishing scams, etc.) or brute force hacking.

[Canoro Philipp]

it may be something that was given to you while you used the Firestorm viewer, not exactly the bridge, but some other object that knows how many lindens you have and send it to the hacker.

[Innula Zenovka]

The only way, though, that an object could know how many L$ you have is if you tell it.   There is no LSL function to retrieve your (or anyone else's) account balance.

[Perrie Juran]

---

Canoro Philipp wrote:

i wouldnt trust completely the creators of a viewer that have betrayed their users before

. many of the Emerald coders are in the Phoenix/Firestorm team, some may remember how the Emerald downfall happened, Emerald assure to the users that no data were collected about them, and someone find out they were lying, three times, why would they not lie again?

"fool me once, shame on you, fool me twice, shame on me."

---

Not to pick on you per se but let's parse the phrase I bolded.  The people who did the betraying are not part of the Phoenix team.  The current Team had to and still have to meet strict conditions set for them by Linden Lab in order to be allowed to be on the TPV list even though they were NOT the ones who committed the offense.

@ the OP.  Viruses can and do sneak past Anti-Virus software.  While rare, it's not as uncommon as some people think.  And the way that they are written they do an excellent job of staying 'hidden.'

With all the people involved in SL who watch out for this stuff, and with the number of people who'd like to bring down the Phoenix team, and they are out there waiting to catch the Phoenix team screwing up, we'd be seeing the exact and specific malicious code being outed if the Phoenix team was screwing up.

It sucks that you got hacked.  And it is possible that you may never figure out how it happened.  Right now SL users are being attacked by a lot of phishing schemes.  But hell, I got a phishing E Mail today for one of my credit cards.  I had to compare letter by letter the linked address in the E Mail to my CC companies web site to see the ONE letter difference in the URL. 

[Beowulf Silverfall]

Thanks for the heads-up, but I had the tool already downloaded from here http://www.f-secure.com/weblog/archives/00002346.html

[PeachJubilee]

---

Moriarty Belgar wrote:

Well I never said someone modified the bridge and gave him a bad copy, I'll be the first to admit that I didn't look at the code.  What I'm saying is that there is a possibility that there is a weakness in the code, and yes, even with a thousand eyes it can be overlooked because someone can look at something at a totally new angle, think along the lines of Fulton and the steam engine the parts had been around for almost two thousand years, but he was the one smart enough to put them together.

 

Basically what I am saying, do not discount something until it can absolutely disproven.  I mean I can come up with another explanation that is just as scary and just as plausible.  LL's authentication server was hacked and before the intruder got cut-off Beowul's main was one multiple accounts that was taken over, then the first time it was logged in by the hacker, a modified bridge was placed in the inventory.  I am not saying it is true, I'm saying that is in the realm of possibility.

---

I'm sorry to have to report to you that you only think you know better than those you are seeking to contradict, as a result of not knowing enough to know better.

 

Lsl cannot do what it is being accused of, not just because it cannot hack accounts (it cannot) but also because lsl does nothing when residing in a script stored in the inventory of an unlogged avatar.  Nothing at all.