InWorldz

Where your Dreams are our Vision!

It is currently Sun Apr 30, 2017 10:13 pm | All times are UTC - 6 hours
 Page 2 of 2 [ 16 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Information about the attack yesterday?
PostPosted: Mon Feb 07, 2011 1:14 pm 
User avatar

Joined: Wed Jul 28, 2010 11:48 am
Posts: 393
Location: Sweden
Thank you for the info. May I ask if it was the same person on these different sims and if that avatar is known by you?
Any news about the hacker threat a while ago? You said then that you knew the identity behind that and as I know there is a lot of speculation going on it might be wise to clear that out? Can there be a connection in any way?
Us


Offline
 Profile  
 
 Post subject: Re: Information about the attack yesterday?
PostPosted: Mon Feb 07, 2011 1:27 pm 
Admin

Joined: Tue Sep 08, 2009 7:44 pm
Posts: 4182
I dont believe this is connected to the other incident. And in that case we're still trying to figure out our options..

There's a lot to this stuff. It's not only legal fees etc which we will gladly pay to defend ourselves against future attacks, but it's also making sure that you're not bogged down for 3 months fighting a case while you're business is left stagnating. Evidence collected has to be solid and you need the people involved to agree to sign affidavits swearing the information they have is true.

Id love nothing more than to post everything I have as far as the website "hacking plot" goes on these message boards and let everyone see it. But that too can cause a legal battle with scummy people who will then try to slither their way out of what they said claiming "that wasn't me someone hacked my IM account(s)" or something else inane. This person in particular is hoping to make a financial gain by slandering our grid and they continue to do it on SL in public group chats bragging about what they've done,and I have copies of this too. Then they claim they've reported the problems they found to us and we've done nothing, which they haven't. We work with 2 white hats currently that can vouch for our responsiveness on security issues.

This person is trying to get in our systems and making claims to further their own interests. But until I get a go ahead from our lawyer my hands are tied. Unfortunately if the time we need to commit to the case is too great then I'll also have to find an alternative way to combat this problem.

I wish it were simpler.


Offline
 Profile  
 
 Post subject: Re: Information about the attack yesterday?
PostPosted: Mon Feb 07, 2011 1:38 pm 
User avatar

Joined: Sat Dec 19, 2009 3:57 pm
Posts: 327
so it could have been a bad ham. Winks! :hahah:



_________________
For my eternal friend, my dog, my companion who once was and shall always be in my heart. For you: Happily chase cars in eternal peace, my friend.
Image
Offline
 Profile  
 
 Post subject: Re: Information about the attack yesterday?
PostPosted: Mon Feb 07, 2011 2:09 pm 
Admin

Joined: Tue Sep 08, 2009 7:44 pm
Posts: 4182
In the tradition of transparency and an an attempt to try and ease some assumptions I will be posting the contents of an SL group chat on our forums with related information.


Offline
 Profile  
 
 Post subject: Re: Information about the attack yesterday?
PostPosted: Mon Feb 07, 2011 2:18 pm 
User avatar

Joined: Sun Apr 18, 2010 11:26 pm
Posts: 1230
*attempts to look only mildly interested as she paces*



_________________
Señora Residente
Vincit omnia veritas
Too much truth is uncouth ~F. Adams
Image
Offline
 Profile  
 
 Post subject: Re: Information about the attack yesterday?
PostPosted: Mon Feb 07, 2011 2:39 pm 
Admin

Joined: Tue Sep 08, 2009 7:44 pm
Posts: 4182
[2011/02/03 12:29] Casper (casper.warden): Pauline: Physics, yes. but scripting? not so
[2011/02/03 12:29] Casper (casper.warden): On inworldz. scripting sucks, yes
[2011/02/03 12:29] Rachel Darling: true, Pauline...but LL was a little company once as well...remember how bad it was here, for years
[2011/02/03 12:29] Pauline Darkfury: As the other grids grow, they have potentially got a lot of growing pains ahead of them, they might not turn out that different to LL by the time they have dealt with it all
[2011/02/03 12:29] Casper (casper.warden): but on Avination it's really good.. faster than SL's script engine
[2011/02/03 12:30] Pauline Darkfury: Ok, I just know a serious scripter whose ability I respect was lamenting some very basic stuff being missing from LSL on Inworldz
[2011/02/03 12:30] Rachel Darling: and the IW people, to be honest, seem to have a business model planned. They ARE making money, whatever their residents claim about them being unpaid
[2011/02/03 12:30] 2WAT Michigan: thats true, it is waaay less laggy and you can walk sccross sim boarders, little things like that will attract resdents over time
[2011/02/03 12:30] Casper (casper.warden): yes, that's because Inworldz is shit
[2011/02/03 12:31] Rachel Darling: we used to say SL was shit, but we still stayed. Here we are, in fact.
[2011/02/03 12:31] Rachel Darling: and we still crashed the OH hours...or at least I did
[2011/02/03 12:31] Constanza Amsterdam: i disagree Casper
[2011/02/03 12:31] StUdLeY Dexing: tied up to sl
[2011/02/03 12:31] Bavid Dailey: Less and less Rachel
[2011/02/03 12:31] StUdLeY Dexing: sl is still the s word
[2011/02/03 12:31] Casper (casper.warden): Inworldz still use XEngine, a crappy script engine which simply doesn't work
[2011/02/03 12:31] Pauline Darkfury: From what I can see there have been some very fundamental features missing from the basic LSL implementation for OpenSim. It's good to hear that one grid has got that going though
[2011/02/03 12:32] Bavid Dailey: the opens ource code didn't ahve a pgysics engine; each grid had to make , but whatever its own
[2011/02/03 12:32] Constanza Amsterdam: Casper when was the last time you were in IW?
[2011/02/03 12:32] Casper (casper.warden): last week, I exploited the login script on the website and got into 20 user accounts
[2011/02/03 12:32] Bavid Dailey: *but/buy
[2011/02/03 12:32] Casper (casper.warden): (which I told them about, and is now fixed)
[2011/02/03 12:33] StUdLeY Dexing: well bang goes inworlds secuirty measures reputation
[2011/02/03 12:33] Constanza Amsterdam: its fixed...... Studley....
[2011/02/03 12:33] StUdLeY Dexing: but even still
[2011/02/03 12:33] Rachel Darling: that's what they said about Microsoft too...but they seem to have gotten over it. ANd SL as well...remember the hacks there?
[2011/02/03 12:33] Casper (casper.warden): i've also been able to download scripts just by requesting them by UUID, the source for no mod scripts... inworldz is REALLY insecure, which is why despite many customers asking me to port CasperVend to inworldz, i will not
[2011/02/03 12:34] Rachel Darling: my point is, yes, they have some growing pains. But so does every company and software platform. Don't be so quick to dismiss it for the future
[2011/02/03 12:34] Constanza Amsterdam: same with SL, how many times has SL been hacked?
[2011/02/03 12:34] Constanza Amsterdam: i agree Rachel
[2011/02/03 12:34] Casper (casper.warden): my point is that there are better opensim grids out there
[2011/02/03 12:35] Constanza Amsterdam: like wich Casper?
[2011/02/03 12:35] Sweet Valentine: except when it comes to SL which has no growth for so so long then what?
[2011/02/03 12:35] Casper (casper.warden): Avination
[2011/02/03 12:35] Bavid Dailey: it depends on yr metrics, which this discussion makes clear
[2011/02/03 12:35] Constanza Amsterdam: avination? hahahahaha..... owned by one of the coders of Legion City Online ...........
[2011/02/03 12:35] Rachel Darling: it's just all a delicate balancing act. If LL messes up badly, if they keep messing up, an sudden exodus will create impetus for one or more of these developing grids to push past their growing pains and invest heavily in the new business
[2011/02/03 12:36] Casper (casper.warden): Yes, Constanza.
[2011/02/03 12:36] Sweet Valentine: until they have an exploit and get hacked Casper it happens to all eventiually
[2011/02/03 12:36] Pauline Darkfury: SL's growth has been approx 0 during a period where the RL economy has tanked badly. Managing to stay relatively static isn't such a bad achievemnt, tbh
[2011/02/03 12:36] Rachel Darling: Does Avination have open commerce and cashouts, Casper?
[2011/02/03 12:36] LФVIИG (loving.clarity): I put my money on whichever grid steps up and starts doing TV commercials. That's gonna be the one that skyrockets to the front of the growth race.
[2011/02/03 12:36] LФVIИG (loving.clarity): +
[2011/02/03 12:36] Casper (casper.warden): yes, Rachel
[2011/02/03 12:36] Rachel Darling: or Bavid?
[2011/02/03 12:36] Bavid Dailey: "Legin City Online"?
[2011/02/03 12:36] Bavid Dailey: Ye sit does
[2011/02/03 12:36] LФVIИG (loving.clarity): oops sorry. cat on the keyboard (+)
[2011/02/03 12:36] StUdLeY Dexing: lol loving
[2011/02/03 12:36] Rachel Darling: then it's one to watch
[2011/02/03 12:37] Constanza Amsterdam: read this: http://www.sluniverse.com/php/vb/other- ... e-yet.html
[2011/02/03 12:37] Casper (casper.warden): I'm not saying that it's bulletproof, Sweet. But the coders do at least have skill and sense... the exploits i've found in inworldz are schoolboy errors, like not checking php input for sql injections
[2011/02/03 12:37] Bavid Dailey: but severla grids support cashout via thrid party FX
[2011/02/03 12:37] Casper (casper.warden): Yes, i know a blogger got sand in her vagina about some past crap
[2011/02/03 12:37] Pauline Darkfury: Yeah, if another grid gets the investment and has the right people to make it work, the market could change a lot overnight
[2011/02/03 12:38] Rachel Darling: I won't invest in one who only deals with 3rd party cashout systems. If they can't support their own buyins and cashouts it's too risky, to me.
[2011/02/03 12:38] Casper (casper.warden): Avination does them directly
[2011/02/03 12:38] Rachel Darling: I agree, Pauline. Been thinking a while how much investment it would take
[2011/02/03 12:38] StUdLeY Dexing: as more virtual worlds are created the higher the chance linden will have a real competitor
[2011/02/03 12:38] Sweet Valentine: avination has cashout to US dollars as Sl?
[2011/02/03 12:38] Casper (casper.warden): Constanza Amsterdam: ever thought of forming your OWN opinions rather than using other people's?
[2011/02/03 12:39] Casper (casper.warden): Sweet: Yes
[2011/02/03 12:39] Pauline Darkfury: Well, that depends, Rachel. Something like VirWoX's OMC might be safer than a grid which is stretching to grow (if an investor gets cold feet, their currency could become worthless overnight)
[2011/02/03 12:39] Constanza Amsterdam: as a mather of fact Casper... i have been to all worlds including Avination
[2011/02/03 12:39] Sweet Valentine: oh LL i see your Kiss my arse sign coming so very soon
[2011/02/03 12:39] Casper (casper.warden): Constanza Amsterdam: but your argument was based on someone else throwing a fit because they only have half of the story about legend city online
[2011/02/03 12:40] Rachel Darling: the problem is, Pauline...if the VW itself doesn't explicitly support cashouts, then they could "turn it off" at any time. Of course any of them could do that, but if they actively support it and promote it, it's less likely
[2011/02/03 12:40] StUdLeY Dexing: whats this open3d (dont quote me) that phoenix have been on about like Constanza
[2011/02/03 12:40] Bavid Dailey: I agree with Pauline, uildign a FX rep isn't goign to be simply a matetr fo offerign it
[2011/02/03 12:40] Constanza Amsterdam: No i knew that fact before the posting on the slu forums already Casper
[2011/02/03 12:40] Rachel Darling: SpotOn3d. I have my questions about their business model, but they should be looked at
[2011/02/03 12:40] Constanza Amsterdam: i do my own investigation..... just google Legion City Online
[2011/02/03 12:40] StUdLeY Dexing: w/e the name is
[2011/02/03 12:40] Pauline Darkfury: Yup, but the grid can't turn off OMC even if they die completely
[2011/02/03 12:40] StUdLeY Dexing: ok thats it ty
[2011/02/03 12:40] Casper (casper.warden): so then you know that melanie was just a contracting developer to legend city online, who then got screwed over by them?
[2011/02/03 12:41] Pauline Darkfury: The only way the grid could take OMC with them would be if they were allowed to hold some of the funds behind it in-house
[2011/02/03 12:41] Constanza Amsterdam: and still its not a world i would invest in Casper.
[2011/02/03 12:41] Casper (casper.warden): That's your perogative
[2011/02/03 12:42] Pauline Darkfury: Right now, however, OMC just isn't as workable as L$ or other grid-specific currencies, you have to do a web login to authorise transactions
[2011/02/03 12:42] Bavid Dailey: Melanier was strigth up in my (limited) delaings with her
[2011/02/03 12:42] Constanza Amsterdam: yups, everyone makes his or her own choice.... no need to slam down any grid Casper
[2011/02/03 12:42] Sweet Valentine: Spoton looks very promising very
[2011/02/03 12:42] StUdLeY Dexing: its alot cheaper to rent land too
[2011/02/03 12:42] Bavid Dailey: But she did seem very focused on the RP market
[2011/02/03 12:42] Sweet Valentine: they already have so much done before even letting the cat out
[2011/02/03 12:42] Constanza Amsterdam: every grid has its own fails.... this also counts for SL
[2011/02/03 12:42] Casper (casper.warden): Constanza Amsterdam: I have hands-on experience with inworldz, I personally broke their security easily, i'm only stating fact, not preaching rumour and opinion like you are
[2011/02/03 12:42] Constanza Amsterdam: at least IW is fast enough to fix stuff
[2011/02/03 12:43] Casper (casper.warden): they're not
[2011/02/03 12:43] Casper (casper.warden): i found a group flaw months ago and reported it to them and they still haven't fixed it
[2011/02/03 12:43] Constanza Amsterdam: your opinion Casper
[2011/02/03 12:43] Casper (casper.warden): no, fact
[2011/02/03 12:43] StUdLeY Dexing: casper didnt u say u adressed it to them and they fixed the issue
[2011/02/03 12:43] Bavid Dailey: so of all the grids we talk only of Avination, Inworldz and now Spoton. is that it, in all the grids?
[2011/02/03 12:43] Constanza Amsterdam: he did Studley
[2011/02/03 12:43] Casper (casper.warden): StUdLeY: that was a different issue
[2011/02/03 12:43] Rachel Darling: I know the education market is looking into SpotOn3d. I don't like their content sales model though...this "double dip" thing, where content is delivered to muliple grids for the same price. Frankly I think they're missing the boat there...good for residents, but the same old pushback on merchants to provide more for less.
[2011/02/03 12:44] Casper (casper.warden): it's one of many security flaws i've found
[2011/02/03 12:44] StUdLeY Dexing: im just saying they fixed it for u
[2011/02/03 12:44] Constanza Amsterdam: no that was the security sissue Casper
[2011/02/03 12:44] Casper (casper.warden): they fixed the exploit that allowed me to login to people's accounts
[2011/02/03 12:44] Casper (casper.warden): they didn't fix the group bug that allows me to manipulate roles in any group without even being a member
[2011/02/03 12:44] Constanza Amsterdam: so they fixed it.....
[2011/02/03 12:44] StUdLeY Dexing: would of been a priority 1 case then
[2011/02/03 12:44] Constanza Amsterdam: so no need to slam them down.....
[2011/02/03 12:44] Pauline Darkfury: Personally, the ideal scenario for me is for 1 or 2 other grids to be enough of a threat to LL for the combination of sim pricing, policies, and so on, plus have a platform which basically fully measures up to LL. LL would then be forced to get competitive over sim pricing and other issues, plus to innovate with urgency. That would be the best thing that could happen to SL, and could push it on to new bigger and better growth
[2011/02/03 12:44] Constanza Amsterdam: you have your opinion and i have mine
[2011/02/03 12:45] Casper (casper.warden): and they didn't fix the exploit that allows me to download script source
[2011/02/03 12:45] Casper (casper.warden): like i said, i'm only stating fact
[2011/02/03 12:45] 愛 (ai.velde): /me noms popcorn.
[2011/02/03 12:45] StUdLeY Dexing: im all for virtual worlds that allow universal content creating
[2011/02/03 12:45] Constanza Amsterdam: gimme sime ai :P
[2011/02/03 12:45] Bavid Dailey: Pauline, I think Liden probably si just cobering operatison costs as it stands
[2011/02/03 12:45] StUdLeY Dexing: giving more rights to teh creator
[2011/02/03 12:45] 愛 (ai.velde): /me shares with Costanza. ;D
[2011/02/03 12:45] Rachel Darling: I hope so, Pauline...but my concern is that the Board of Directors has already had enough and SL is on it's "last chance" with them.
[2011/02/03 12:45] Constanza Amsterdam: ty!
[2011/02/03 12:45] Bavid Dailey: they have ahuge payroll
[2011/02/03 12:46] Rachel Darling: they will not be in investment mode with SL
[2011/02/03 12:46] Pauline Darkfury: Well, Phil has said that LL is profitable as-is
[2011/02/03 12:47] Bavid Dailey: he didn't say how much over that 1 c nett they make tho, and I bet it isn't much
[2011/02/03 12:47] Rachel Darling: especially in this business climate
[2011/02/03 12:47] Rachel Darling: profitable and "profitable enough" are two very different things to Investors
[2011/02/03 12:48] Pauline Darkfury: They are making approx US$2k/month per 8-core Xeon with 24GB RAM right now.
[2011/02/03 12:49] Bavid Dailey: think what M linden cost
[2011/02/03 12:49] Pauline Darkfury: I know how much data center space costs, and it's hard to put an exact figure on LL's hosting and bandwidth bill, but I think there's plenty of scope for profit for them at present
[2011/02/03 12:49] Pauline Darkfury: Their central DB servers and internal network costs can't be cheap, and their bandwidth bill will be large, but it looks viable on the face of it, without seeing the books and knowing the specifics of their setup in detail
[2011/02/03 12:49] Tanoshimi Tabak: my uneducated opinion is ... too many companies aim for high profits to satisfie the invest ..at the expence of the customer and employee ceo's bing paid unrealistic amoutns
[2011/02/03 12:49] Bavid Dailey: think what M linden cost
[2011/02/03 12:49] Rachel Darling: investors don't think about what they're making; they think about how much growth they have quarter over quarter. It's wrong and it's bad, but that's what it is now in this business climate
[2011/02/03 12:50] Dartagan Shepherd: Phil stated last years profit was $75M, this re-org is actually a sign of health ... get rid of the old hires, trim the fat, make room for a new CEO, which always does his own set of re-hires during his term, so this is actually a re-investment strategy
[2011/02/03 12:51] Pauline Darkfury: That's both an issue for LL, and for any other grid that wants to grow, unless the can find the golden investor that actually fully understands virtual worlds and is in it for the fun rather than the money
[2011/02/03 12:51] Pauline Darkfury: Yeah, most VCs don't give a damn about the business itself, it's just the ROI they want, plus a few specific demands they will make without properly knowing the needs of the business
[2011/02/03 12:51] Bavid Dailey: I was not convinced
[2011/02/03 12:52] Rachel Darling: That's the party line, Dart

Search this page http://webcache.googleusercontent.com/s ... google.com for casper warden.

Note the person is saying they have found exploits that we have no reports for and then is using that information against us to tarnish our name. We are already having a security person verify these claims to try and find anything. No luck yet, these may have been bugs that were previously fixed.

There is another conversation connecting this person to another entity that ele has, and connecting this whole thing to the post from before about someone wanting to hire people to hack our website.

I leave the conclusions to you.

Edit to add: Most importantly people need to get on with their lives and do work the right way, and the ethical way. You will never see me go and hack someone's systems without being asked to do so. Anyone is free to look at my linked in profile http://www.linkedin.com/pub/david-daeschler/8/56a/aa9 to see the work I've done and understand I'm not just some dumb idiot when it comes to security research. These people aren't doing anyone any good and eventually this stuff all comes out and makes them look bad.

I hold the white hats we use in very high regard. They have been professional and courteous and I would give them a shining recommendation to anyone wanting to hire them.


Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 2 of 2 [ 16 posts ]  Go to page Previous  1, 2


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Site Navigation