Jump to content

Potentially Dangerous Error with Voice System

Abram Violet
 Share
You are about to reply to a thread that has been inactive for 4362 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

JeanneAnne

JeanneAnne

Posted
Posted

Perrie Juran wrote:

Here's my take on things.

Anything I do or access on the Internet has a level or risk.  Given all the hype in the Media, how anyone could not know this would be a little hard for me to fathom.

So we take steps to protect ourselves.  Anti Virus, Firewall.  A few other anti spyware apps.  Some folks go another step and use proxies.  But I am aware that anything on the Internet, in order for it to work, needs to know my IP.  And the one great weakness of the Internet as far as privacy is concerned is that ultimately, my IP can be tied to me.

It sucks that there are people who would abuse this.  Big time as far as I'm concerned.

I think it is a big short coming on Linden Lab's part that they don't to the best of my knowledge provide a specific warning regarding Voice that it is a peer to peer connection so people can make an informed decision about using it.  Same with Media on a prim and DJ music streams. 

But on the other hand I can see the Media Zoo and headlines should Linden Lab be bolder about the warnings.  "Linden Lab Admits It's A Hackers Paradise."  Etc, etc.

So yes we should be careful.  But I refuse to live in fear.

 

Good post Perrie .. & I agree w/ you ..

When i was in college we had a static IP addie & it could be traced to the very floor of the dorm. That sucked.

It's not quite so bad when your IP can only be traced to your isp. In some cases this only goes so far as the city you live in & in some cases it only tags your region which can stretch across several states. A sophisticated hacker could conceivably go further but unless they were stalking you, why would they? When my brother wasa teen & was pulling his credit card scam, he didnt care where the guys he was ripping off lived. He only wanted their CC info so he could w/draw their funds.

As for LL .. its worse than them simply not warning ppl that their IPs can be ripped from SL .. They actively censor discussion of the topic!! They apparently dont want newbies to know this can happen. I agree that it may be cuz they wish to avoid negative publicity over it. I also think thats why they dont market SL better .. they dont want their dirty laundry aired out in the open. This may not be the whole of it tho .. Allegations over the JLU mess were that certain Lindens were involved. How do we know that the Lindens dont get our info & sell it to marketers or do other things w/ it? Maybe the corporation exploits resident info or maybe its only rouge employees who do. Who knows? All kinds of nefarious things could be going on that might not be going on if LL was up fronta bout ppls' IPs not being secure in SL. When they act like they don't want ppl to know about all this .. you hav2 wonder ..

I agree w/ you tho .. that theres no sense being paranoid about it

Jeanne

Link to comment
Share on other sites
Ceka Cianci

Ceka Cianci

Posted
Posted

my post was not about living in fear or being paranoid..

it's about being aware and not walking so sure footed as if it only happens to someone else..and that because someone's product can squeak by the TOS doesn't mean it's passed some security award of safety..

over the weekend someone in one of my groups found a club where they have a game that required you to get on voice to play it..otherwise you can't play..

urls were checked out that were running and one happened to be related to a person selling alt detecting devices back when all the RZ stuff was going on..

not RZ but another not so popular one..

now if they are doing something wrong there i have no idea..but being aware that they have been known to dabble in these things in the past..i won't take a chance on them again..

that's not paranoid or living in fear..that's learning from experience and keeping myself aware of possible new  risks..

it takes me no time at all to check out a url that i am not sure of that may pop up in my filters..

it takes me longer to connect to the market place which i do more times a day than i can count lol

 

 

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

JeanneAnne wrote:

Perrie Juran wrote:

Here's my take on things.

Anything I do or access on the Internet has a level or risk.  Given all the hype in the Media, how anyone could not know this would be a little hard for me to fathom.

So we take steps to protect ourselves.  Anti Virus, Firewall.  A few other anti spyware apps.  Some folks go another step and use proxies.  But I am aware that anything on the Internet, in order for it to work, needs to know my IP.  And the one great weakness of the Internet as far as privacy is concerned is that ultimately, my IP can be tied to me.

It sucks that there are people who would abuse this.  Big time as far as I'm concerned.

I think it is a big short coming on Linden Lab's part that they don't to the best of my knowledge provide a specific warning regarding Voice that it is a peer to peer connection so people can make an informed decision about using it.  Same with Media on a prim and DJ music streams. 

But on the other hand I can see the Media Zoo and headlines should Linden Lab be bolder about the warnings.  "Linden Lab Admits It's A Hackers Paradise."  Etc, etc.

So yes we should be careful.  But I refuse to live in fear.

 

Good post Perrie .. & I agree w/ you ..

When i was in college we had a static IP addie & it could be traced to the very floor of the dorm. That sucked.

It's not quite so bad when your IP can only be traced to your isp. In some cases this only goes so far as the city you live in & in some cases it only tags your region which can stretch across several states. A sophisticated hacker could conceivably go further but unless they were stalking you, why would they? When my brother wasa teen & was pulling his credit card scam, he didnt care where the guys he was ripping off lived. He only wanted their CC info so he could w/draw their funds.

As for LL .. its worse than them simply not warning ppl that their IPs can be ripped from SL .. They actively censor discussion of the topic!! They apparently dont
want
newbies to know this can happen. I agree that it may be cuz they wish to avoid negative publicity over it. I also think thats why they dont market SL better .. they dont want their dirty laundry aired out in the open. This may not be the whole of it tho .. Allegations over the JLU mess were that certain Lindens were involved. How do we know that the Lindens dont get our info & sell it to marketers or do other things w/ it? Maybe the corporation exploits resident info or maybe its only rouge employees who do. Who knows? All kinds of nefarious things could be going on that might not be going on if LL was up fronta bout ppls' IPs not being secure in SL. When they act like they don't want ppl to know about all this .. you hav2 wonder ..

I agree w/ you tho .. that theres no sense being paranoid about it

Jeanne

If rogue employees are stealing the info my very limited legal knowledge says FELONY.

How and what Linden Lab does with our personal Info, read the TOS.  They are still bound by California's privacy laws which as far as I understand are some of the strictest there are.

On a side note and I did a little searching about security flaws in Vivox.

I'm way out of my league here technically speaking, but what I gleaned was this.  Spacial Voice uses a Media Mixer.  When using spacial voice your pointed at that mixers IP.  That is one of the reasons why when you "call someone" you are disconnected from Spacial,  You are changing the connection to a different IP.

Now because Spacial mixes the voices before sending them on to you, in order for someone to find your IP they would have to be hacking into the spacial mixers.  Again, a potential Felony.

Given the number of MMPORGS that are using Vivox as well as other businesses, if this was a wide open door to abuse, I believe you'd find it both being abused as well as being screamed about on other MMPORG discussion boards.  I only spent about ten minutes total looking into this but at least in my cursory search i could find no other complaints.

Again, I am not saying it didn't or couldn't happen.  What I do find is I am a little skeptical of it based on my limited knowledge and research.

 

Link to comment
Share on other sites
Abram Violet

Abram Violet

Posted
  • Author
Posted

As I type this, I have a friend who knows some people who have links to the programs they use to do this! I'm working on getting the program link, and posting it here. Hopefully with that, they will be able to see what exactly they are doing to the voice server and be able to block this stuff.

 

I know someone looking at my IP isn't that big of a deal, it's just creepy whenever complete strangers IM you saying your city, ISP, and that they are going to kill you in real life. (then I report it and nothing is ever done about it)

The police told me that I can't file a complaint either unless I had the person's real name, so unless they fix this...who knows what could happen to someone one of these days.

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

Abram Violet wrote:

As I type this, I have a friend who knows some people who have links to the programs they use to do this! I'm working on getting the program link, and posting it here. Hopefully with that, they will be able to see what exactly they are doing to the voice server and be able to block this stuff.

 

I know someone looking at my IP isn't that big of a deal, it's just creepy whenever complete strangers IM you saying your city, ISP, and that they are going to kill you in real life. (then I report it and nothing is ever done about it)

The police told me that I can't file a complaint either unless I had the person's real name, so unless they fix this...who knows what could happen to someone one of these days.

If you have that info send it also to Security@SL.  See the information here:

http://wiki.secondlife.com/wiki/Security_issues

Note that "Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified. Please report issues as soon as they are discovered!"

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

Abram Violet wrote:

The police told me that I can't file a complaint either unless I had the person's real name, so unless they fix this...who knows what could happen to someone one of these days.

I don't know where you live but not taking your report is B*LLSH*T.  They may lack the umption or ability to investigate but not taking the report is PURE B*LLSH*T.

I'd be asking to talk to whoever told you that superior.

Link to comment
Share on other sites
Drake1 Nightfire

Drake1 Nightfire

Posted
Posted

Abram Violet wrote:

I know someone looking at my IP isn't that big of a deal, it's just creepy whenever complete strangers IM you saying your city, ISP, and that they are going to kill you in real life. (then I report it and nothing is ever done about it)

 

What are you doing that inspires such hatred?  I don't think I have ever gotten a death threat in SL in my 5 years here.

Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted

Abram Violet wrote:

I spoke to a live agent about this matter and they told me this would be the best place to post my issue, as it is monitered and reviewed by lindens whatever department would handle this issue.

The live agent was giving you a load of crap, likely just to get rid of you.  Here is the first portion of the "Forum FAQ", which you can read all of here:

http://community.secondlife.com/t5/help/faqpage/faq-category-id/posting#posting

"The Second Life Forums are the best place to exchange ideas, advice and experiences in Second Life with other Second Life Residents.

Although moderators and Linden Lab employees will often read activity in the Forums, we will usually only comment only when a piece of content is flagged as inappropriate. This is not the right place to give Linden Lab product feedback."

 

Sorry, but here in the Forums, you are stuck with our opinions only.

Link to comment
Share on other sites
GothGirl Demonia

GothGirl Demonia

Posted
Posted

Either that or they don't know how to proxy correctly :3.

www.hidemyass.com Download it set it up properly, but do know that if another griefer uses the same IP address as you, you can easily get flagged as being their alt and banned from SL. VPN/Proxies, and often stick my connection through more than one server so tracking isn't so easy ;).

Voice System Error? No its called Voice Over Internet Provider, it is a seperate program provided by Vivox, and any company I hate to say it but stupid enough to give out information when you give your IP address and tell them you forgot your password or can't login and if they can reset it for you is stupid no offense.

I suggest if you are having these problems you do the following.

1. Remain Anonymous.
2. Dont PayPal others users they can get your name easily.
3. Don't use the same password across other services.
4. Don't use your SL name on facebook let alone provide any information to these companies Trolls will google you.
5. For the love of god don't use city of birth for your Secret Question, Mothers Birthdate etc.
6. User a serious password P@$$W0rDæ¿• for example.
7. Use a serious secret question and stress you will not forget it don't give out info to anyone trying to get your info. aka not a single answer More than one, don't use popular movies, Anime Characters ETC.
8. All Viewers that come from any Third Party can have a keylogger.
9. There are many Java Script/Cook Exploits so disable all this when you are not using it.
10. Disable Media.
11. Learn that your computer will get a Keylogger, or a Trojan at some point there is often no way to prevent this especially those running java they had a major security issue back aways with Google AD's being used to Phish information, but I detected it right when it happend no harm done in fact if the hacker got anything he got me giving him the birdy as my user name before I disconnected my internets.

Like seriously a lot of security compromises are the users fault but I have seen some at the fault of a company too.

Link to comment
Share on other sites
Abram Violet

Abram Violet

Posted
  • Author
Posted

GothGirl Demonia wrote:

Either that or they don't know how to proxy correctly :3.

Download it set it up properly, but do know that if another griefer uses the same IP address as you, you can easily get flagged as being their alt and banned from SL. VPN/Proxies, and often stick my connection through more than one server so tracking isn't so easy
;)
.

Voice System Error? No its called Voice Over Internet Provider, it is a seperate program provided by Vivox, and any company I hate to say it but stupid enough to give out information when you give your IP address and tell them you forgot your password or can't login and if they can reset it for you is stupid no offense.

I suggest if you are having these problems you do the following.

1. Remain Anonymous.

2. Dont PayPal others users they can get your name easily.

3. Don't use the same password across other services.

4. Don't use your SL name on facebook let alone provide any information to these companies Trolls will google you.

5. For the love of god don't use city of birth for your Secret Question, Mothers Birthdate etc.

6. User a serious password
¿• for example.

7. Use a serious secret question and stress you will not forget it don't give out info to anyone trying to get your info. aka not a single answer More than one, don't use popular movies, Anime Characters ETC.

8. All Viewers that come from any Third Party can have a keylogger.

9. There are many Java Script/Cook Exploits so disable all this when you are not using it.

10. Disable Media.

11. Learn that your computer will get a Keylogger, or a Trojan at some point there is often no way to prevent this especially those running java they had a major security issue back aways with Google AD's being used to Phish information, but I detected it right when it happend no harm done in fact if the hacker got anything he got me giving him the birdy as my user name before I disconnected my internets.

 

Like seriously a lot of security compromises are the users fault but I have seen some at the fault of a company too.

Don't worry about it. I found out the methods and programs they use and got in contact with the Lindens.

 

Message from Soft Linden:

Thank you for the heads up, Abram. We're talking to our voice vendor about this.

It's expected that peer-to-peer voice reveals an IP address when two people engage in a direct call. That's inherent in the way most voice services work, including Skype, Google Talk and similar. But we want to ensure the IP is not provided without both parties agreeing to be in the call.

 

-------------------------------------------------------

 

 

They are working on it! :matte-motes-big-grin:

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

Abram Violet wrote:

Don't worry about it. I found out the methods and programs they use and got in contact with the Lindens.

 

Message from Soft Linden:

Thank you for the heads up, Abram. We're talking to our voice vendor about this.

It's expected that peer-to-peer voice reveals an IP address when two people engage in a direct call. That's inherent in the way most voice services work, including Skype, Google Talk and similar. But we want to ensure the IP is not provided without both parties agreeing to be in the call.

 

-------------------------------------------------------

 

 

They are working on it! :matte-motes-big-grin:

Excellent!

What I am guessing is that when someone calls you it pings your computer and your computer is sending back a response regardless of whether or not you accept the call.

Someone with more expertise than me could probably confirm if this is the case.

Your computer should only ping back if and when you accept the call.

Link to comment
Share on other sites
Abram Violet

Abram Violet

Posted
  • Author
Posted

Perrie Juran wrote:

Abram Violet wrote:

Don't worry about it. I found out the methods and programs they use and got in contact with the Lindens.

 

Message from Soft Linden:

Thank you for the heads up, Abram. We're talking to our voice vendor about this.

It's expected that peer-to-peer voice reveals an IP address when two people engage in a direct call. That's inherent in the way most voice services work, including Skype, Google Talk and similar. But we want to ensure the IP is not provided without both parties agreeing to be in the call.

 

-------------------------------------------------------

 

 

They are working on it! :matte-motes-big-grin:

Excellent!

What I am guessing is that when someone calls you it pings your computer and your computer is sending back a response regardless of whether or not you accept the call.

Someone with more expertise than me could probably confirm if this is the case.

Your computer should only ping back if and when you accept the call.

It does it even if they don't send you voice calls too. They are able to retrieve even if you decline the calls as well.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 4362 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...