The Risk OF Using Third Party Viewers.

[GothGirl Demonia]

So over the last months since I have been hearing about users getting their accounts compromised I have been doing a lot of research on the griefer forums, and griefer networks basically mining information over the last months leading up to when my Second Life account was compromised, and when other players became compromised as well.

Anyways while looking at one of the griefer forums I found this snapshot I saw it last year it didn't mean anything to me until I finally put together the information posted online about the Goons hacking and compromising players accounts. After reading a Log posted on the SL Universe it now makes sense to me what they were talking about, and now I am like 100% sure that the owner of the Goon network is behind a lot of the attacks because I found this image on his forum site through google, at first I had no idea what it was now I know exactly what it is.

http://www.sluniverse.com/php/vb/general-sl-discussion/80414-hey-guys-kinggoon-users-gets.html This is the post which seems to be the truth based on the snapshot below.

http://imgur.com/c7reRd1 I have reposted it here for protection so no one has to go to the site, but this is what I found.

I also looked at a website which has been taken down but another Goon site, where the same person on the SLU post admit everything about what the Goons did with TPV's.

(Which this all leads to something very important here, and something Linden Lab must do, (IP Verification.)

If you check out the image I uploaded you can barely read some of the Admin features, basically what is happening is the goons are giving away Free CopyBot viewers to everyone who wants to break the TOS by CopyBotting merchants for example, or griefing, however the owner of the site, the high ranking people on the forum and coders have access to the Admin client, basically the admin client allows them to log others out who are on their viewer, as well as track them around the grid like what sim they are in, teleport the person home,  even obtain the persons session ID based on this snapshot which by using their viewers could compromise a lot of your Second Life privacy as well as other things like delete your sim using your session ID, I know some have complained about how griefers are banning people from their own estate before which they did not ban, or unbanning avatars, or even returning objects this could explain it right here.

Now some people might be familiar with the illegal viewers having a tool called a Message Builder.

Basically to my understanding a message builder is used ot preform messages from client to Second Life server, but a lot of these functions require a session ID of a user, the message builder is also listed as a Pack Builder, and also listed as King Circuits it would explain what these features can be used for if used wrong by griefers if someone was using their illegal viewer, or a compromised viewer and a griefer could obtain exact session ID's and such.

Another thing is that  while logged into second life with any viewer with the admin menu open I have noticed that if you look at someones profile, and click CSR, it asks for linden lab login ID and basically allows a user to login as a Linden Lab employee, its not like anyone could actually gain access to such, but just seeing the login screen and that a linden could login from any computer anywhere in the world made me start thinking.

Now this doesn't only go for people who are using "CopyBot Viewers" Unless you actually download the source code form FireStorm, or any viewer in the TPV directory, and understand enough to look through it all for Keyloggers, and Back-Doors & Compile it yourself , then there is always that risk there, I mean we all remember the incident with Emerald  a few years ago or something it could have been worse way worse. You see most people in Second Life who use TPV viewers from the directory usually just download & install.

Now it could happen, and I pray to god it never does a massive attack on thousands of Second Life users using Third Party Viewers from the TPV directory, maybe there is supposedly a safe-guard in place, who knows, what I know is Second Life is not secure anymore griefers are doing more than CopyBotting they are stealing payment information, compromising accounts, and they will likely try something big sooner or later someone will. 

This isn't Guild Wars, World OF Warcraft, or some MMO where the game company gives us a client and we all login using the same exact client This is Second Life, and the code is open sourced which is a good, and bad thing, I like that SL is open sourced. But at the same time I understand that Second Life needs to be made more secure just in-case anything like this ever occurs we all need Secondary authintication via IP Address & Email to help prevent anything like this its already happened and I know what I am talking about too I have spent months looking over lots of information and still looking over a lot of things.

Linden Lab, claims that once Items are purged from your inventory they can't be restored, so anyone who spends any money at all in SL, and uses any TPV beyond LL's viewer could be at risk their items get purged, or some major merchant has their inventory purged and LL can't restore.

This is exactly why we need the protection of Secondary Auth.

Hopefully these findings help some understand what is going on.

[RiiCassidy]

I don't see where you even mention legitimate tpv's. Seems like you're babling about copybots. And honestly they are so old that everyone and  their grandma knows' about it. However rather people use it is on them. We have more than enough TPV'S.

[TristanMercer]

Same old babble, same tiring excuses...all from the same resident.

 

ETA: I am NOT CLICKING on the img link. JPG's and PNG's can have code put into them, and this person may have them coded to steal information about my computer.  <----This is what we have come to expect from the OP, just sayin'.

This is our resident crybaby and complainer who bitches about everything. Perhaps they are going to need some cheese?

 

If you go to an illegitimate site and use a crappy viewer like that, then of course your account will be compromised. DUH!!!

 

COMMON SENSE! Now please stop posting about it. We are tired of the same old BS from you!

 

ETA: GothGirl, if you are so worried about your personal information and such...may I suggest that you turn off your computer, unplug it from the wall, then smash it to pieces. While you are at it, cut up your bank and credit cards too and only use cash.

[GothGirl Demonia]

---

TristanMercer wrote:

Same old babble, same tiring excuses...all from the same resident.

 

ETA: I am NOT CLICKING on the img link. JPG's and PNG's can have code put into them, and this person may have them coded to steal information about my computer.  <----This is what we have come to expect from the OP, just sayin'.

 

This is our resident crybaby and complainer who bitches about everything. Perhaps they are going to need some cheese?

 

If you go to an illegitimate site and use a crappy viewer like that, then of course your account will be compromised. DUH!!!

 

COMMON SENSE! Now please stop posting about it. We are tired of the same old BS from you!

 

ETA: GothGirl, if you are so worried about your personal information and such...may I suggest that you turn off your computer, unplug it from the wall, then smash it to pieces. While you are at it, cut up your bank and credit cards too and only use cash.

---

So basically you deny the fact that the Emerald incident ever happend which basically the same CopyBotting griefer who helped design Emerald was part of the development team over on goon forums for the bots themselves, and also affiliated with the person who makes the so caleld Anti Copy-Bot viewer detector in SL.

Basically Emerald was used as a Bot-Net to use its users computers to launch DDOS attacks on another site just google it.

What I am saying is precautions need to be taken by Linden Lab especially given this information I have managed to find that griefers are using admin based viewers along with their illegal viewers to control users clients, while this has only been detected on an illeigal viewer it could still happen with any of the viewers on the TPV approved list all it takes is one person to thrown in some malicious code, and this could be in there for weeks, even months before anyone finds out about it.

For example while using Emerald in the past before even being made aware of the exploits that were tossed into the client so that a user who btw I know of could read other peoples private messages, even talk in a two way PM if they want while some will doubt this becuase at the time I was just learning about this and didn't bother to snapshot yeah its things like this that make me itchy about all legit TPV"s.

It is just simply time that Linden Lab add secondary auth to protect users accounts in-case this ever occurs on a massive scale it already has happened, and not only does it help protect users but it limits griefers using throw away accounts with invalid emails too limits their choices.

Oh yes and if you are tired of reading instead of trolling posts there is an (X) button on the top of your browser I only spread the information for those interested in making Second Life better and more secure and with what I have found here it looks like it needs to be done. Also I post so that they go to the public search engine for those looking to play Second Life.

[Syo Emerald]

No GothGirl. LL isn't dumb. They won't ban third party viewers because that would kill SL instantly and I bet they know that pretty well, as they probably have numbers of viewer popularity.

Also not everybody falls for illegal viewers...which I just have the feeling is the case here with you.

[Deej Kasshiki]

Haters gonna hate.

TPVs are here to stay. They're more popular than LL viewers for a variety of reasons. LL will not alienate a huge portion of its playerbase by doing away with TPVs. OP should accept these facts and move on.

[Griffin Ceawlin]

---

Syo Emerald wrote:

Also not everybody falls for illegal viewers...which I just have the feeling is the case here with you.

---

She's admitted to having used at least one, I think. Although she was a "victim" then (as always).

[Syo Emerald]

---

Griffin Ceawlin wrote:

---

Syo Emerald wrote:

Also not everybody falls for illegal viewers...which I just have the feeling is the case here with you.

---

She's admitted to having used at least one, I think. Although she was a "victim" then (as always).

---

In every single post she has ever made, she is at least at some aspect the victim. I wait that she makes a thread about Gor and how she became a slave without her will. That could be a great follow-up thread to this one, because she could bash RLV (a third-party-viewer feature!) too in that one.

[TristanMercer]

You really are clueless! End of story. Everyone who reads these forums knows about your rants against LL, against TPV's and how they are all shady when in reality that is the furthest from the truth!

Emerald was used in a DDoS attack. No one is denying that. Plus it happened 2-3 years ago, maybe more? That incident alone CHANGED the way LL has looked at TPV's.

If you really think that someone is going to insert malicious code these days for a repeat of Emerald you are sadly mistaken.

You were hacked, who cares. I don't and I'm quite sure no one else does here either. You learned your lesson. This is NOT CAUSE for a re-hash of old topics to show how you think everyone is vulnerable. First it was you being hacked, Second it was the media player. Thirdly it is Redzone. Fourth is now copybot viewers.

I ask you one simple question. Do you think anyone really cares what you have to say when you have been biased and prejudicial towards just about every TPV and LL in these forums?

 

Edited for grammar and spelling.

[GothGirl Demonia]

---

Syo Emerald wrote:

No GothGirl. LL isn't dumb. They won't ban third party viewers because that would kill SL instantly and I bet they know that pretty well, as they probably have numbers of viewer popularity.

Also not everybody falls for illegal viewers...which I just have the feeling is the case here with you.

---

Not asking for Ban of TPV's, But saying that Linden Lab needs to add the secondary auth to prevent keylogging, and password Stealing. 

Why do you honestly think that Blizzard Entertainment ( World OF Warcraft) added authinticators, and why do you think that so many game companies like NCsoft is using Secondary Passwords, and IP Verification to protect consumers its because there are hackers out there who will try all types of methods to compromise a users account, Second Life being one of the easiest to possibly compromise users accounts via the following methods.

1. Phishing, I have got a lot of complaints from merchants and the goons sending fake phishing emails to their face book emails, and even information on botting griefers copybotting content posting it on a fakse marketplace link and sending it to merchants saying your store has been botted and trying to play a good citizen while if the merchant logs in their password gets stolen.

2. Brute Force, While I have never tried a Brute-Force attack experiment myself there are at least three videos detailing how to brute-froce peoples Second Life accounts.

3. Viewers with Malicious content, Second Life is Open Sourced, that means that approved TPV's could become compromised, I am not saying they will become compromised but simply saying the risk is always there because Linden Lab isn't actively developing them to my knowledge they are made by third parties.

Also as Second Life is open sourced it means that viewers can be designed by anyone just because a viewer isn't approved doesn't mean it will have spyware, keyloggers, or anything, In fact I know some Role-Play groups in Second Life who I used the viewer of before that was not on the approved list as well although I trust that there was no keylogger, and no it wasn't a theft based viewer either it was just for RP Enhancements and had add-on's that all the other TPV's don't have.

Now Personally since Late 2009, I have been using about over 20 Different viewers including Betas, and viewers friends have compiled not on the TPV list, and I never had an incident in Years until late 2012 when its likely that one of them was possibly compromised some how but it doesn't matter its over and done with although because of what happend and the lack of Linden Lab providing Secondary Auth's I believe that Linden Lab needs to add more security to login so that players do not have to worry about this.  (It is even possible that it wasn't my viewer although it happend about 3 days after an update I still had people trying to reset my password via email about 3-4 different times in 2012.)

Second Life users should not have to worry about these type of things such as Phishing, Viewer Password Stealing, or even compromise of the users computer aka a friend at someones house copy's their folder to flash drive goes to their house restores saved login information jacks account for example. What we need to add that second layer of security to players accounts is IP Verification, yes I have mention it about maybe 3-4 different times already. Every Game I play including EVE-Online gives me an IP Log of anyone who logs into my account, Second Life doesn't offer any security, any player back-up, any protection, and I feel becaues this is a Real Money game where players are trading virtual currency valued at Real Money we need the protections added for players.

Yes I have secured my SL accounts, and such but there is no way in hell I am putting over $300 into my account again until we get additional protection like all these other MMO companies offer, Passwords themselves are a thing of the past.

Also I understand that not everyone falls for illegal viewers, either I mean back 4 years ago I knew nothing about TPV's ever being in existance, I was the type of player who would listen to someone saying ah theres a better viewer than Linden Lab's viewer and they tell me its legal and I would login and check it out, but its not always an illegal viewer case of compromise either there are many ways to get an account compromised in an online game.

I Love TPV based viewers, But I would feel more safe even using a viewer on the TPV  list if Linden Lab would give me a choice of what IP addresses are allowed to login to my account and also make me have to verify it by email link then the hacker would have to both know my password, and my email password/have access to my computer just to login unless they piggy back a connection which isn't likely for what most kids I know do.

Also in response to another post players talking about GOR, GOR for the most part absolutely makes me sick because thats where all the Frigging copybot scumbags I knew came from. Yes I know that not all GOR is like this, I know some good Goreans, and I love gorean Merchants, and Fashion, but otuside of that I can't even stand to be around GOR because there is usually always someone connected to a CopyBot group there, yeah I see them everywhere yes I inspect content often, I inspect profiles, I look at groups yeah I was in a Gorean CopyBot group before without knowing it when I fist learn about it and totally disguested by the owner becaues of how old their account was and the fact they supported it and did nothing when I finally found out about it. And god the Merchant they actually abused at the time ripping off all their content and giving it to me ina Note-Card, Yeah I still have a snapshot of what they gave to me I was looking through all the logs going back ot 09 I saw it the other day.

I will give you a hint its the groups who do the big alliances thing..

http://i.imgur.com/ypuXXF1.jpg Oh btw this is how I knew that my group was Copybotting and when I finally found out about it all in 09 Just being part of that group without knowing form GOR really made me sick... Yeah exactly...

So I believe I have proved my point here, and I hope that Linden Lab will finally give us the Secondary Auth, for all users so we can all feel more safe and protected form any type of attack where it be TPV related, Phishing, or so on it would just help a lot.

[ImaTest1488314069]

---

Griffin Ceawlin wrote:

---

Syo Emerald wrote:

Also not everybody falls for illegal viewers...which I just have the feeling is the case here with you.

---

She's admitted to having used at least one, I think. Although she was a "victim" then (as always).

---

Actually, the posts have long since been removed, but she's admitted to using a few for copying purposes. I only know because she turned it into some tirade about how copybot viewers have a valid use. That, along with this thread, seem to be the main focus of her entire existance in sl.

Search for any copybot type thread, and you'll find her. Search for any phishing type thread, and you'll find her. There are very few she's never participated in, at least under this name. I am convinced she uses multiple names, though. I've no evidence, I simply base this opinion on having been here for ages and seeing at least two people say the exact same things in a span of only a couple years. Nearly word for word in every instance. That's not a coincidence, imo.

OP, seek help.

[Sean Heying]

You do not want secondary auth, you want 2 factor authentication. A litle keychain device that gives you a unique 6 digit code to type in every minute. Or a smartphone app that gives you a unique 8 digit code to type in each minute.

If you phrased your initial point without the TPV and griefer rubbish and just mentioned, hey my account is linked to my credit card. I am able to buy lindens, and sell them for cash. It would make sense to offer us two factor authentication to help reduce that danger should anyone ever guess my password is 12345 or maybe phish me.

You would get a far more positive response. Drop the TPV hate it's irrelevent to this discussion, go to the real thing you want without that clouding your words.

 

Optional two factor authentication is good and I would love the lab to include the option to use it. Especially now as smartphones can be used to generate the unique number.

 

 

Now what that has to do with "the risk of using TPVs" is beyond me. After all, a person using Linden Lab's official viewer is just as likely to fall for that phishing email that says:

Dear Resident,

We notices that an attempt to access your account was  made from recently China. As a safeguard of your protection we have locked your account.

To remove this lock please visit http://this.is.not.a.hacking.link.com/to/steal/your/moneys/you/canm/trust/us and enter your Username, Password and full credit card number, date of birth and passpaort number.

Make please a note that logging into your account before this is done we will have your IP banned to protect your assets and details financial.

Sincelery yours,

Londin Labs security devision

CA, America

 

[GothGirl Demonia]

---

Sean Heying wrote:

You do not want secondary auth, you want 2 factor authorisation.

If you phrased your initial point without the TPV and griefer rubbish and just mentioned, hey my account is linked to my credit card. I am able to buy lindens, and sell them for cash.

It would make sense to offer us two factor authentication to help reduce that

You would get a far more positive response.

Drop the TPV hate, go to the real thing you want without that clouding your words.

 

 

 

Two factor authentication = good, especially now as smartphones can be used to generate the unique number.

---

I agree Smart Phones are not a bad idea but also allowing Mobile/Email would be great too for those who don't use mobile phones it also as stated helps keep throw away griefer accounts off because they have to use a real email to verify.

TPV hate, I Absolutely Love Open Source Viewers, and TPV's used correctly TPV's are great such as the Approved TPV's however as Second Life is open sourced there are going to be some who use non approved TPV's even the BETA testers who release a new viewer have to test a non approved viewer before release of the viewer or getting it approved on the list.

All I am saying is that with any TPV, including illegal TPV's, or Malicious viewers there is always the risk that they can have a keylogger or become compromised evne the approved ones unless Linden Lab is manually checking all the code every release even then Linden Lab would have to compile the viewer themselves and release it themselves to know 100% for sure which is all I am saying.

As I have stated before in one of my posts or so debating about CopyBot, The CopyBot does have its uses compiled for illegal or legal use its a great tool, but I do not agree with the way Griefers like the goons abuse the CopyBot ripping off merchants. Even if a CopyBot has restrictions to respect owner permissions technically its still a CopyBot. 

OF Course with LL's new TOS use of CopyBot viewers which disrespect permissions were made illegal, but in other words I have used them for backing up some of my old builds which I still have on my PC, and to help against griefers with some of the tools they have which were not in TPV's listed on the approved list at the time some of the functions also still do not exist in approved TPV's because of the ability to grief others with them as well.

Either way all I am saying is As I showed in the Snapshot in (OP) and (Forum Post) on SLU, we need account Auth Verification bad via IP address white-listing, possibly make it work with Smart Phones & Mobile APP's not a bad idea, but also Link via email works just as good to help prevent account hijacking.

It would also be great if Linden Lab could actually restore Accounts especially those who are Premium, and or pay high tier fees to Linden Lab monthly.

[GothGirl Demonia]

---

Sean Heying wrote:

You do not want secondary auth, you want 2 factor authentication. A litle keychain device that gives you a unique 6 digit code to type in every minute. Or a smartphone app that gives you a unique 8 digit code to type in each minute.

If you phrased your initial point without the TPV and griefer rubbish and just mentioned,

hey my account is linked to my credit card. I am able to buy lindens, and sell them for cash. 

It would make sense to offer us two factor authentication to help reduce that danger should anyone ever guess my password is 12345 or maybe phish me.

You would get a far more positive response. 

Drop the TPV hate it's irrelevent to this discussion, go to the real thing you want without that clouding your words.

 

Optional two factor authentication is good and I would love the lab to include the option to use it. Especially now as smartphones can be used to generate the unique number.

 

 

Now what that has to do with "the risk of using TPVs" is beyond me. After all, a person using Linden Lab's official viewer is just as likely to fall for that phishing email that says:

Dear Resident,

We notices that an attempt to access your account was  made from recently China. As a safeguard of your protection we have locked your account.

To remove this lock please visit

http://this.is.not.a.hacking.link.com/to/steal/your/moneys/you/canm/trust/us

and enter your Username, Password and full credit card number, date of birth and passpaort number.

Make please a note that logging into your account before this is done we will have your IP banned to protect your assets and details financial.

Sincelery yours,

Londin Labs security devision

CA, America

 

---

Oh I agree I would love to see this feature.

Had Linden Lab have had it in place reguardless of how my account got compromised it would not have been ^^.

IP White-List like GuildWars 2 would be great aka if anyone else tries to login to your account at all you get a email telling you the persons IP trying to login and if you want to allow it or not.

OF Course a third step verification would also be to require ID Verification I wouldn't mind that too but in other countries that could be hard although the verification method via email could still provide them with some security while 3rd step could optionally be activated.

 

[Malanya]

---

TristanMercer wrote:

Same old babble, same tiring excuses...all from the same resident.

 

ETA: I am NOT CLICKING on the img link. JPG's and PNG's can have code put into them, and this person may have them coded to steal information about my computer.  <----This is what we have come to expect from the OP, just sayin'.

 

This is our resident crybaby and complainer who bitches about everything. Perhaps they are going to need some cheese?

 

If you go to an illegitimate site and use a crappy viewer like that, then of course your account will be compromised. DUH!!!

 

COMMON SENSE! Now please stop posting about it. We are tired of the same old BS from you!

 

ETA: GothGirl, if you are so worried about your personal information and such...may I suggest that you turn off your computer, unplug it from the wall, then smash it to pieces. While you are at it, cut up your bank and credit cards too and only use cash.

---

She also changes her story on each thread too. I D

She also changes her story on each thread too, seems she can't remember which drama story she had used in the previous post she made. This is almost similar to this post she made 2 days ago. http://community.secondlife.com/t5/General-Discussion-Forum/Would-it-be-possible/td-p/2043921

I can't understand why she constantly posts about griefing and security and then spits out ideas of how to do it, that's a swift move. I recall awhile ago, she had mentioned that there was some friendship gone wrong with a certain group of people.

 

I don't know why her posts stay here. As I stated in her thread 2 days ago all this obsession with griefing makes me really wonder about certain things..

 

Heck no I wouldn't click a link either from this person. I think your ETA is a good idea and I am not being rude or sarcastic, seriously this is a problem for someone to post the same stuff over and over and to actually give such ridiculous in depth details on how to...

[Malanya]

---

Syo Emerald wrote:

---

Griffin Ceawlin wrote:

---

Syo Emerald wrote:

Also not everybody falls for illegal viewers...which I just have the feeling is the case here with you.

---

She's admitted to having used at least one, I think. Although she was a "victim" then (as always).

---

In every single post she has ever made, she is at least at some aspect the victim. I wait that she makes a thread about Gor and how she became a slave without her will. That could be a great follow-up thread to this one, because she could bash RLV (a third-party-viewer feature!) too in that one.

---

She said she was "friends" with this group and she knew they did some unsavory things prior and they gave her the viewer. I don't see that as being a victim accepting candy from strangers and maybe it was someone getting mad and plan gone wrong. She also claimed she couldn't go in world anymore then 3 posts later she says she does.

[Suspiria Finucane]

 We wants it, we needs it. Must have the precious!

 

[Elisaisabel Munro]

i play dragon nest, vindictus, and both have second passwords. i dont know if this is a solution.... maybe it is more common steal your account by that kind of emails or saying ln world that you're from LL or something and offer to solve any problen you have, and ask you all your passwords....

[Syo Emerald]

I guess most accounts get stolen by something that can't be count as the fault of LL or one of the developers of the third party viewers. How I get to that idea? Well, I see daily how people lose their accounts in environments where something like a third party program doesn't exist and the original program doesn't have any major leaks.

Often its just bad luck, but at least half of the cases I suspect the true problem sitting behind the computer. Otherwise it wouldn't be usefull to send out faked emails and messages daily.

[Sassy Kenin]

Thanks for Article very informative good to stay updated:matte-motes-bashful:

[Blacky Braham]

I think the gal is on a fishing expedition, trying to garner any info about new copybots, viewerbots, hacks and /or cheats. She was hacked, hmm, maybe shouldnt download those unsavory viewers, she's used (by her own admission more than 20), thats a little suspect! If you ask me (and i know you didnt) this gal is a novice hacker trying to get her education up to snuff through forums, google search quests and the like. Get a Friggin Life, a real one not a Second one, HAHA!