AmerAaron Posted September 18, 2022 Share Posted September 18, 2022 Today I was at a rental office and noticed a few people hanging around the welcome area, thought nothing of it then suddenly and simultaneously my viewer (Latest Firestorm) opened up search and some offensive words appeared in the text box, aswell as a "create new group" window, with some errors appearing on the screen. I quickly left and closed out all these windows. It was quite a scary experience and I was only one click away from clicking the OK to create a random group at a 100l$ cost. I have no clue who or what cause it, as an experienced avatar, I never thought this was possible to control another users input in such a way. Link to comment Share on other sites More sharing options...
Rowan Amore Posted September 18, 2022 Share Posted September 18, 2022 11 minutes ago, AmerAaron said: Today I was at a rental office and noticed a few people hanging around the welcome area, thought nothing of it then suddenly and simultaneously my viewer (Latest Firestorm) opened up search and some offensive words appeared in the text box, aswell as a "create new group" window, with some errors appearing on the screen. I quickly left and closed out all these windows. It was quite a scary experience and I was only one click away from clicking the OK to create a random group at a 100l$ cost. I have no clue who or what cause it, as an experienced avatar, I never thought this was possible to control another users input in such a way. It does seem to be a new thing. Something @Linden Labor @Quartz Molemight want to look into. 1 4 Link to comment Share on other sites More sharing options...
Maitimo Posted September 18, 2022 Share Posted September 18, 2022 I wonder if there's a new vulnerability in the latest Firestorm that wasn't there before? Link to comment Share on other sites More sharing options...
Lindal Kidd Posted September 18, 2022 Share Posted September 18, 2022 This sounds like a variation of the "blue boxes of death" griefer attack...but it's worse in that it attempts to get you to pay out some money. (But I can't see how the griefer would benefit from that. Group creation fees go to LL.) Link to comment Share on other sites More sharing options...
Maitimo Posted September 18, 2022 Share Posted September 18, 2022 3 minutes ago, Lindal Kidd said: This sounds like a variation of the "blue boxes of death" griefer attack...but it's worse in that it attempts to get you to pay out some money. (But I can't see how the griefer would benefit from that. Group creation fees go to LL.) I wonder if the group is something offensive, and then the griefer can AR you for owning an offensive group... Link to comment Share on other sites More sharing options...
Scylla Rhiadra Posted September 18, 2022 Share Posted September 18, 2022 2 minutes ago, Maitimo said: I wonder if the group is something offensive, and then the griefer can AR you for owning an offensive group... That would be about as effective as trying to maim someone with a watermelon cannon. Still. This is concerning. 1 Link to comment Share on other sites More sharing options...
Charalyne Blackwood Posted September 18, 2022 Share Posted September 18, 2022 12 minutes ago, Scylla Rhiadra said: That would be about as effective as trying to maim someone with a watermelon cannon. Still. This is concerning. You can do some serious damage with a watermelon, those things get heavy! 1 Link to comment Share on other sites More sharing options...
AmerAaron Posted September 18, 2022 Author Share Posted September 18, 2022 It is still happening, I have just used an alt to go there, not sure if I am allowed to mention the region (Thorlaug) But they open your help browser, search your viewer menu for "cache location", attempt to create group and write "Youre a xxx" in search. I didn't stay around long as more things started happening in the search windows. I wish I was able to report it to linden labs but with noone to choose to report i'm at a loss to whether it's an object or person involved. *deletes cache and goes for coffee* 1 Link to comment Share on other sites More sharing options...
Charalyne Blackwood Posted September 18, 2022 Share Posted September 18, 2022 Makes me wonder what aspect of the viewer has the "backdoor" open? I'm hoping a fix is released soon in any case. 1 Link to comment Share on other sites More sharing options...
Lindal Kidd Posted September 18, 2022 Share Posted September 18, 2022 If they can find out your computer's cache file path, that's VERY concerning. 3 Link to comment Share on other sites More sharing options...
AmerAaron Posted September 18, 2022 Author Share Posted September 18, 2022 8 minutes ago, Lindal Kidd said: If they can find out your computer's cache file path, that's VERY concerning. Indeed, I'm hoping someone from Firestorm is made aware of this. I've rolled back to the previous version for now and changed my password. The official secondlife viewer seems a lot safer, there I just got spamed with a teleport request to a sandbox along with notice in local saying there are too many SLurls from an untrusted source that will be blocked for security. 1 Link to comment Share on other sites More sharing options...
Silent Mistwalker Posted September 18, 2022 Share Posted September 18, 2022 1 hour ago, AmerAaron said: It is still happening, I have just used an alt to go there, not sure if I am allowed to mention the region (Thorlaug) But they open your help browser, search your viewer menu for "cache location", attempt to create group and write "Youre a xxx" in search. I didn't stay around long as more things started happening in the search windows. I wish I was able to report it to linden labs but with noone to choose to report i'm at a loss to whether it's an object or person involved. *deletes cache and goes for coffee* Choose Governor Linden as the avatar you are reporting. This is in accordance with how LL wants us to report abuse when we don't have an avatar name. 1 1 Link to comment Share on other sites More sharing options...
bigmoe Whitfield Posted September 18, 2022 Share Posted September 18, 2022 @Whirly Fizzle 2 1 Link to comment Share on other sites More sharing options...
Whirly Fizzle Posted September 18, 2022 Share Posted September 18, 2022 2 minutes ago, bigmoe Whitfield said: @Whirly Fizzle Thanks. Yes this form of griefing has been popping up over the last few days. It uses media on a prim (MOAP) to open those floaters on your screen. If you disable media in the viewer, it will stop it. Linden Lab issued an emergency ModalHotfix viewer to fix this on Thursday: https://releasenotes.secondlife.com/viewer/6.6.4.575022.html Firestorm Viewer will have a new beta viewer out, hopefully tomorrow with the fix. To pick up the Firestorm Beta, please join the "Phoenix-Firestorm Preview Group" & the beta will be sent out in the group notice. This problem affects all viewers that don't yet have the Linden Lab patch. NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen. 5 18 Link to comment Share on other sites More sharing options...
Sammy Huntsman Posted September 18, 2022 Share Posted September 18, 2022 4 minutes ago, Whirly Fizzle said: Thanks. Yes this form of griefing has been popping up over the last few days. It uses media on a prim (MOAP) to open those floaters on your screen. If you disable media in the viewer, it will stop it. Linden Lab issued an emergency ModalHotfix viewer to fix this on Thursday: https://releasenotes.secondlife.com/viewer/6.6.4.575022.html Firestorm Viewer will have a new beta viewer out, hopefully tomorrow with the fix. To pick up the Firestorm Beta, please join the "Phoenix-Firestorm Preview Group" & the beta will be sent out in the group notice. This problem affects all viewers that don't yet have the Linden Lab patch. NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen. I think if they have found a backdoor or some sort of major bug like that. Think about how it could be used to actually hack into the user, by injecting scripts into. I mean you can have scripts in SL talk to scripts IRL. This is actually much scarier than I thought. 1 Link to comment Share on other sites More sharing options...
Scylla Rhiadra Posted September 18, 2022 Share Posted September 18, 2022 (edited) 10 minutes ago, Whirly Fizzle said: Thanks. Yes this form of griefing has been popping up over the last few days. It uses media on a prim (MOAP) to open those floaters on your screen. If you disable media in the viewer, it will stop it. Linden Lab issued an emergency ModalHotfix viewer to fix this on Thursday: https://releasenotes.secondlife.com/viewer/6.6.4.575022.html Firestorm Viewer will have a new beta viewer out, hopefully tomorrow with the fix. To pick up the Firestorm Beta, please join the "Phoenix-Firestorm Preview Group" & the beta will be sent out in the group notice. This problem affects all viewers that don't yet have the Linden Lab patch. NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen. Thanks Whirly! This is really useful. Question, though. After RedZone, many of us disabled media autoplay. Will that still protect us from this, or does this work around that solution? Edited September 18, 2022 by Scylla Rhiadra 1 4 Link to comment Share on other sites More sharing options...
Whirly Fizzle Posted September 18, 2022 Share Posted September 18, 2022 Just now, Sammy Huntsman said: I think if they have found a backdoor or some sort of major bug like that. Think about how it could be used to actually hack into the user, by injecting scripts into. I mean you can have scripts in SL talk to scripts IRL. This is actually much scarier than I thought. It's just a clever use of viewer media. Though it seems very scary, all that can be done on unpatched viewers is open up any viewer floater on your screen when the media loads, plus enter custom text into the search window or TOS window etc. Obviously I don't want to explain how it's done before everyone has the fix. I wish I could because then it would be less scary when you see what 's actually happening. All I will say is the media is not actually directing to an web page at all & it's actually using supported functions in the viewer. I'm surprised no griefer thought of using it this way before. So please don't worry - it's extremely annoying but ultimately harmless. I suspect LL patched it quickly because it was causing lots of worry to those that had been hit with it, understandably. 4 9 Link to comment Share on other sites More sharing options...
Whirly Fizzle Posted September 18, 2022 Share Posted September 18, 2022 1 minute ago, Scylla Rhiadra said: Question, though. After RedZone, many of us disabled media autoplay. Will that still protect us from this, or does this work around that solution? It will still load the floaters if autoplay is disabled, just not as quickly. 9 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 18, 2022 Share Posted September 18, 2022 At least they could do auto-shopping for us, but we'd probably just get auto-smut. 1 Link to comment Share on other sites More sharing options...
belindacarson Posted September 18, 2022 Share Posted September 18, 2022 (edited) personally, I jsut muted the bots spamming me, no ice that melts in warm weather meltdowns, or keyboard warriors to mention Edited September 18, 2022 by belindacarson wording edited fot the sensitive little dahlings on the forum Link to comment Share on other sites More sharing options...
Gabriele Graves Posted September 19, 2022 Share Posted September 19, 2022 I've always have media turned off since it was introduced. Seems I was right to do so. I don't feel as though I've missed out on anything crucial. 3 Link to comment Share on other sites More sharing options...
Qie Niangao Posted September 19, 2022 Share Posted September 19, 2022 17 hours ago, Whirly Fizzle said: NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen. 17 hours ago, Whirly Fizzle said: It will still load the floaters if autoplay is disabled, just not as quickly. At least at this location, at least on the patched Linden viewer (and Catznip without the patch), I find setting Media auto-play to "No" keeps the floaters off the screen, but they appear with either "Yes" or "Ask". Probably for similar reasons, the media filter on Firestorm appears to have no effect, which kinda makes sense because the problem behavior isn't associated with an external URL, and apparently arises at an earlier level than filtering or asking about a media source. Still, I'm surprised it works this way. 1 1 Link to comment Share on other sites More sharing options...
Ceka Cianci Posted September 19, 2022 Share Posted September 19, 2022 (edited) 20 hours ago, Whirly Fizzle said: It's just a clever use of viewer media. Though it seems very scary, all that can be done on unpatched viewers is open up any viewer floater on your screen when the media loads, plus enter custom text into the search window or TOS window etc. Obviously I don't want to explain how it's done before everyone has the fix. I wish I could because then it would be less scary when you see what 's actually happening. All I will say is the media is not actually directing to an web page at all & it's actually using supported functions in the viewer. I'm surprised no griefer thought of using it this way before. So please don't worry - it's extremely annoying but ultimately harmless. I suspect LL patched it quickly because it was causing lots of worry to those that had been hit with it, understandably. I had a feeling it had something to do with media on a prim.. I cut everything media related off yesterday and went there and didn't get a hit.. Will the media filters stop something like this or will it go passed those? ETA: Oh wait, I see the last part was answered already. Edited September 19, 2022 by Ceka Cianci Link to comment Share on other sites More sharing options...
Ceka Cianci Posted September 19, 2022 Share Posted September 19, 2022 5 hours ago, Gabriele Graves said: I've always have media turned off since it was introduced. Seems I was right to do so. I don't feel as though I've missed out on anything crucial. Ya I'm the same way, I only enable it for certain things and then disable it when I'm finished.. Those RZ days put me in the habit of that pretty quick.. hehehe 3 Link to comment Share on other sites More sharing options...
Silent Mistwalker Posted September 19, 2022 Share Posted September 19, 2022 44 minutes ago, Ceka Cianci said: cut everything media related off Mine's been that way ever since RZ. That will never change now. 4 Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now