Apologies to group as I know that this is off topic but did not want this to go unanswered.
I am not the one that discovered the Quicktime link but it was easy to "prove". All you have to do is uninstall Quicktime on a Windows machine and you are invisible even testing with a ripper client that everyone else is being caught with. And by now everyone should know that I have taken a very strong stance against ripping and ripper clients and am not Neil. Jesse Barnett On Sun, Feb 28, 2010 at 11:43 PM, Tigro Spottystripes < tigrospottystri...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Without proofs that might have just as well have come from the butt of > Neil or some other person pissed at Skills for catching their customers > using malicious clients. > > On 1/3/2010 01:34, Miro wrote: > > I urge you to read the thread. There are details there. To quote on > > poster... > > https://blogs.secondlife.com/message/111885#111885 > > > > "I've learned from sources "close to the developer" just HOW this system > > works, Via your Media stream access, it accesses your computers AppData > > folder, searching for installations of identified "copybot" capable > > viewers, exploiting a function used by programs like flash player, > > quicktime, and others such as that, that check to see which version is > > on your system, telling you when you need to update. YOU DONT HAVE TO BE > > ON THE VIEWER TO BE DETECTED, ONLY HAVE TO HAVE INSTALLED IT AT ONE > > POINT..." > > > > And another > > https://blogs.secondlife.com/message/112121#112121 > > > > "IN the meantime, a few tests have been conducted that suggest abuse of > > port 80 via Quicktime and the Windows filesystem. > > > > 1) Disabling media and uninstalling quicktime seems to completely shut > > this system down, in regards to detecting alts. Existing avatar keys > > are still banned, but its "mysterious alt detection" begins to fail. > > > > 2) Only some hacked viewers are being detected, and fewer when in Linux. > > Further, whereas in Windows if you use a normal viewer but have a > > hacked one installed, it seems to pick you up (thus eliminating the > > bouncer analogy, unless you think it's also OK for the bouncer to go to > > your house and beat up your family), in Linux that function ceases to > work. > > > > 3) Alternative plugins that can handle quicktime functions, when forced > > to work on a fresh compile of a viewer build, seem to completely block > > all functions other than being added to the database while using a > > viewer that announces itself as Cryolife, Streetlife, etc. > > > > These all indicate scanning of Windows Application Data, app_data, or > > even Windows Registry entries without consent. Additionally, all of > > this explains why vanilla SL users using Mac OS are getting banned by > > the system; Mac OS handles the version updates for Quicktime rather than > > it having that capability enabled on itself, thus making it impossible > > for this system to function properly against the Mac OS. So, to > > prevent that from being noticed, Skills made all Mac OS users get the > > kill signal because their computers wont allow her/his/its Gemini system > > to access data on the machine. This way, Skills can just assert the > > person was "obviously" using a malicious viewer, defaming them to hide > > the inefficacy of the system itself." > > > > On 02/28/2010 11:02 PM, Tigro Spottystripes wrote: > > So, all that the scriptkiddies out there need to do to evade the all > > mighty Gemini CDS malicious client user detection system is to not have > > Quicktime installed? And LL is letting all their users run around with > > their machines open to attack by anyone? That doesn't sound plausible at > > all... > > > > On 1/3/2010 00:58, Maggie Leber (sl: Maggie Darwin) wrote: > >>>> On Sun, Feb 28, 2010 at 10:49 PM, Tigro Spottystripes > >>>> <tigrospottystri...@gmail.com> wrote: > >>>>> hm, i didn't thought he did collect IP addresses, but even if the > >>>>> system > >>>>> does catch IP addresses (which isn't such a big deal if you keep your > >>>>> machine safe) an IP address wouldn't be of any help identifying > >>>>> malicious clients, unless the malicious clients in question routed > >>>>> stuff > >>>>> thru a known proxy. > >>>> > >>>> Sounds to me like we're talking about a lot more than IP address. > >>>> There have been both remote file system reading and arbitrary code > >>>> execution vulnerabilities in Quicktime in the past. > >>>> > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges > >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.12 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkuLRf8ACgkQ8ZFfSrFHsmXijgCfR8yqNqXT9st0W3lYIK5gOLp+ > MyMAnjOcJ9xf/CkwIPKnHgH0/K6XLXRa > =NL2i > -----END PGP SIGNATURE----- > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges >
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
