Server Security

[NatM]

Someone in RL told me that he was able to access Linden Lab servers and get screen shots of my avatar that were saved there.  I was emailed two of them and he said they were dated.   Is this possible? 

[Nalates Urriah]

Can you be a little more specific?

Each time I login I access the SL/LL servers. I can take pics and upload them to save the image in those servers. So, someone may just be yanking your chain.

There are LL servers like the web site that can be accessed with a standard browser. There are a number of API's that developers can use for various purposes.

There are various ways to stalk an avatar in SL. If you are being stalked file an Abuse Report. 

There are viewers with radar that allow them to jump their camera and only the camera to your avatar. So, they can appear to be getting pics without beng there.

[NatM]

He said something about pinging the website from the command prompt and then trying ip addresses in "My Network" then trying generic passwords if prompted.  Like pass@word or admin. 

[Lynda Klossovsky]

Really ?  go to command prompt and type in (without the "" ) "ping google.com" and see the answer you get on your screen,

thats a simple test to see if you have a connected internet connection...

The other bit could be a password sniffer...but it is possible they are still yanking your chain.

(ever thought of just changing your password ? )

[Peggy Paperdoll]

The easiest and first thing you should do is change your password.  If this person is guessing your password, then that's a pretty good indication that you don't have a very good password.  People seem to use passwords that easy for them to remember which in seldom a password that cannot be guessed by a determined stalker or griefer.  For instance a password with your favorite vacation spot is probably not a good one...........especially if you've told people how much you loved that vacation.  People who want to gain access to your account (or other private information) pay attention to details like that and will use it.  Pick a password that is random (not easy for you to remember and not easy to guess)....generally at least 8 characters long with both capital and lower case letters with numbers inserted and a symbol or two.  And, just to be a little more causious, change it regularly (again to some random set of letters, numbers and symbols).

 

I don't think anyone has hacked the LL servers (though that is possible).  Anyone hacking the servers are not going to be interested in taking pictures of your avatar and taunting you with them............they are going to be looking at something that will gain them some form of financial gain (such as CC information or indentity information).

[NatM]

Exact instructions were:

Ping lindens website from a command prompt

Get the IP address

go to My Network

Search for the IP address

When you get it try to access some of the servers listed

Once you get in you can search for your own avatar name

They keep logs of everything 90 days.  probably for legal reasons.

If you are prompted for a password try obvious ones like linden1 or pass@word or admin or administrator

 

I don't know if this is possible or would be considered a security breach but I certainly would consider it an invasion of my provacy since he claims to have gotten screen shots.  One entitled "last bitmap image" and the date and sim where it was taken.

 

[Lynda Klossovsky]

Did u try it yourself..? if so, what happened ?

You can also find info about this in your sl browser..

for example..scapoli sim is located at sim9124 agni.lindenlab.com 216.82.47.60:13003

so  you know the ip adress already...

[Persephone Emerald]

If this is true, that someone can get this information this way, this thread will probably be deleted as soon as a moderator sees it.  I suspect there are holes in Linden Lab security that they don't want people to know about.

[Lynda Klossovsky]

If you ping secondlife.com the ip is 216.82.2.17  its hardly a secret

but to get access to a server, it is possible, but you would really really need to know what you were doing...

some people earn a living that way..

[WolfBaginski Bearsfoot]

There are possible criminal charges here, for unauthorised access to a computer system. California State Law, US Federal Law, and if the perpetrator is in another country, that country's law. And it's not easy to prove.

But I'm not entirely sure that this is a Linden Lab server that the pics came from. The image is created by your machine, even if it gets uploaded to the asset servers for storage. How good is your own machine's security?

[Tahl]

What's being alluded to is that the secondlife server is a windows box with SMB file sharing open to the internet.

If that is true, LL would be the largest security joke on the planet.

 

I suspect it's not true and sadly can't check as I block SMB for my entire ISP, as many other ISPs do.

[w1zard]

@NatM - I think we are all eager to see the screen shots that you have.

If this is true that there is a hole, then it wouldnt take much for a clever hacker to exploit a SMB vul using metasploit 

It would most likley have to be this specific vulnerability as it affected a wide range of windows os's, which is quite old though..

Microsoft Security Bulletin MS08-067 – Critical

Vulnerability in Server Service Could Allow Remote Code Execution (958644)

see how its done: 



personally I think they just have an invis avatar and took screen shots of you to sh1* you up lol :matte-motes-big-grin-squint:

[NatM]

The picture is in a Word Doc. and I can figure out how to link it to this board.  It is basically just a screen shot showing where I was standing, It was the entire screen including the address bar at the top. 

Thanks for the input all. 

 

[Acheron Gloom]

I'm going to say its a 99.9% chance they're screwing with you

[Elite Runner]

Hacking into servers isn't a very good idea. Someone could get into critical information and hack into them, maybe creating an exploit that can distrupt services, like the Second Life Grid, that may cause regions to go down, people being logged out, asset servers going awhack and bringing the grid offline, and that could take many hours or days to recover...

[NatM]

I have a help desk ticket in with LL.  I'll let you know what they say.

If anything. 

 

Funny thing, I responded to the original email with the picture attachment.  When I went into my sent items there was a youtube video embedded in the body of the email about something called Metasploit.   It wasn't visible in the original email they sent and I did not add it when I replied. 

 

This just keeps getting stranger,

 

 

 

 

 

[NatM]

Never mind.  He's been running a collection script on my computer for months.

 

 

[Nalates Urriah]

The steps sound like a setup.

If they can get you to follow a set of steps that are for hacking a system, you may trip the intrusion detection and end up with problems of your own. Its like someone telling you to go in a bar, pull a gun, demand the money in cash register because it is so easy and big money. They just neglect to tell you it is a cop-bar and everyone in there has a gun.

Also, the Lindens deal with sophisticated hacking attempts everyday. Doing something as dumb as leaving a server password set to the default is highly unlikely. It could happen. I doubt it is the case.

The more I hear the more I think someone is just playing you.

[Nalates Urriah]

Most of the game and utility servers at LL run Debian Linux.

[Hope Dreier]

I would bet dollars to doughnuts that LL doesn't run Samba on it's Linux based servers.    My network indeed   ROFL.