Jump to content

BEWARE, NEW CONTENT THEFT AVAILABLE


You are about to reply to a thread that has been inactive for 3756 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Objects, animations, sounds and textures have always been easy to steal. There's not even a need for a "superspecial sekrit client" to do that. All that information does get transmitted to the client so it can be displayed. A lot of that information can be grabbed even by the most stupid moron on earth, and there isn't a thing LL can do to prevent that.

Scripts should be impossible to steal. The script itself never gets transmitted to the client, not in binary and certainly not in source. There have been bugs in the past that made it possible. Supposedly LL plugged these exploits.

Stealing objects with the original owner intact should also be impossible. When uploading anything, the creator gets set to whoever uploads the content. That's done server-side and thereforeshould be out of reach for a client.

While I have no doubts that there's plenty of exploits possible within SL, I find it a bit doubtful that even LL with their history of inaction would sit on their hands if it was possible to steal no-mod scripts. There's plenty of security relevant scripts out there. If someone would be able to steal, say, any of the in-world ATM scripts...

Link to comment
Share on other sites

Thank you, Jenni, for putting some detail on what I referred to as nonsense before I quit for the night yesterday. As you say, a LSL script is never transmitted to the client in any form, so there's nothing to capture.  The only hole in LL's armor was plugged a long time ago, and I doubt that there's another. This feels like another Chicken Little worry, propogated by someone with a magic cure-all for sale.  I'm not buying it.

Link to comment
Share on other sites

 


Rolig Loon wrote:

Thank you, Jenni, for putting some detail on what I referred to as nonsense before I quit for the night yesterday. As you say, a LSL script is never transmitted to the client in any form, so there's nothing to capture.  The only hole in LL's armor was plugged a long time ago, and I doubt that there's another. This feels like another Chicken Little worry, propogated by someone with a magic cure-all for sale.  I'm not buying it.

I'm not quite so confident.  Although I suspect this particular case is bogus, there is still the possibility of permissions being compromised server-side, enabling mod on a script, and then all bets are off.  This voodoo magic "hexing" sounds pretty improbable at this late date, but I wouldn't completely rule out the existence of some unauthenticated sneak path through the spaghetti of the permissions system.

 

One would hope, however, that the Lab would take such things seriously enough that anybody caught messing with script permissions (which should be trivial to trace, once discovered) would have much worse problems than a mere permaban to worry about.

I don't care so much about full-perm scripts in sexbeds and the ever-popular "I'm a loser" HUDs that have been the perennial targets.  It would seriously suck, however, if some cryptographically secure communications were compromised.  Just the prospect of denial-of-service attacks is bad enough, not to mention possible RL identity theft.

 

Link to comment
Share on other sites


Darkie Minotaur wrote:

Stay tuned for the next episode of  "Mega Paranoid vs. Super Paranoid" (although I haven't come to a conclusion who (
Ishtara 
or Concerned is which) :smileyhappy:

There is no paranoia on either side, so you can stuff your petty insults kiddo. The OP's intention was pretty clear and all but paranoid or worried. If someone wants to warn people of a dangerous website or download, they don't advertise the threat as "being available" or link to it.

As for my own intentions, I don't care what this viewer is capable of or not. People are being suckered into buying something that violates LL's 3PVP, no matter how much of the advertising promise holds true, and might phish for passwords in addition. For that reason alone, steps ought be taken against the website owner / scam artist and anbody who advertises this malware product.

Link to comment
Share on other sites


Qie Niangao wrote:

 I'm not quite so confident.  Although I suspect this particular case is bogus, there is still the
possibility
of permissions being compromised server-side, enabling mod on a script, and then all bets are off. ... 

Yes. There's an imporant and geeky distinction to be made between saying there are permission exploits/bugs that can give somebody mod perms to an asset (aka: can read script) and saying that any script can be copied/read via some ubertool.

Nobody (almost...) will argue that SL may have (or may have again, someday) insanely-serious permission bugs that are exploitable and that can be used for content theft.

Taking that and turning it into "this viewer can copy any script!" is a lot closer to nonsense...

Link to comment
Share on other sites

Totally irresponsible posting like this really winds me up.

First you post a link to a dodgy viewer in a Public Forum providing it with free advertising. Then you make this statement...

 


ConcernedCitizen wrote:

@Darrius

For a long time scripts have been able to be stolen and opened through long exhausting hours of determination through hexing the item (script). I myself do not know how to hex and nor have I tried, but people have been doing it for years now.

I'm sure people who were really good at what they do could build a client to steal scripts.

 

You quote this rubbish as if its fact, you are entitled to an opinion of course, but it needs to be presented as opinion.

As others have pointed out, if this were actually true, nothing would work... ATM machines, magic boxes, payment scripts, vendors, hunts, voting panels, the list goes on and on, according to your claim, all of these things could be 'rigged'. Why not precede this statement with ' I was under the impression...' or  provide the source of the information...  'My noob friend told me...'  this way readers have some means of gauging the validity of the information, instead of making these bold statements of  fact, which you have absolutely no evidence to support.

To be fair to you,  at this stage, you do claim that stealing a script takes 'long exhausting hours of determination'.

Then you say this...

 


ConcernedCitizen wrote:

You obviously have no knowledge of even the simplest of forms of stealing scripts. It's not nonsense, and they can easily steal any script they desire.

 

Brushing aside warnings like these is what makes you ignorant.

 

The long exhausting hours of determination have now gone it seems, now, not only is it apparently easy to easy steal any script one desires, but there are a range of methods for doing it ranging from the simplest upwards. Some other fool will now read this and when a similar debate arises, will be re quoting your fantasy as if its fact, another reader maybe is now having second thoughts about doing business here, and a third is downloading this TPV, while rubbing his hands at the thought of all the stuff he is going to steal, all because of this irresponsible garbage of a thread. 

These are community forums, we are all here to help each other, no one minds about people who don't know stuff we are all happy to help, but people who pretend they know stuff, well thats another story.

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 3756 days.

Please take a moment to consider if this thread is worth bumping.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...