[JIRA] Issue Comment Edited: (WEB-1379) I found myself logged in as somebody else..

Winter Ventura (JIRA) no-reply at lindenlab.cascadeo.com
Thu Nov 19 14:17:03 PST 2009


    [ http://jira.secondlife.com/browse/WEB-1379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=147738#action_147738 ] 

Winter Ventura edited comment on WEB-1379 at 11/19/09 2:15 PM:
---------------------------------------------------------------

Upgrading this to Showstopper, per the official definition:

{quote}*Showstopper*

*+ONLY the most severe, \*confirmed\* issues which demand immediate attention from Linden Lab.+* For example, inability for many Residents to login. IMPORTANT: Abusing this setting will cause revocation of Issue Tracker access. If in doubt, mark "Critical" instead.{quote}

emphasis added.

I'd say any situation which creates the potential for people who aren't me, to post things to the blogs AS me (profanity, threats, inappropriate images for example) and thereby effect a "frame-up", constitutes a "severe issue that demands immediate attention from Linden Lab".

While none of those things happened in this case, the potential is there, and the results are indistinguishable from an *ACTUAL* post by me. We also have no real understanding of EXACTLY how much access Meade may have had to my account. Could she have cashed out all my L$ on the lindex? Could she have changed my payment information on file? Could she have signed me up to buy 20 islands in the Land store, changed my email address or password, or possibly have cancelled my SL account?

This definitely warrants immediate and serious attention.

Reference: support ticket #4051-7035075

      was (Author: Winter Ventura):
    Upgrading this to Showstopper, per the official definition:

{quote}*Showstopper*

*+ONLY the most severe, \*confirmed\* issues which demand immediate attention from Linden Lab.+* For example, inability for many Residents to login. IMPORTANT: Abusing this setting will cause revocation of Issue Tracker access. If in doubt, mark "Critical" instead.{quote}

emphasis added.

I'd say any situation which creates the potential for people who aren't me, to post things to the blogs AS me (profanity, threats, inappropriate images for example) and thereby effect a "frame-up", constitutes a "severe issue that demands immediate attention from Linden Lab".

While none of those things happened in this case, the potential is there, and the results are indistinguishable from an *ACTUAL* post by me. We also have no real understanding of EXACTLY how much access Meade may have had to my account. Could she have cashed out all my L$ on the lindex? Could she have changed my payment information on file? Could she have signed me up to buy 20 islands in the Land store, changed my email address or password, or possibly have cancelled my SL account?

This definitely warrants immediate and serious attention.
  
> I found myself logged in as somebody else.. 
> --------------------------------------------
>
>                 Key: WEB-1379
>                 URL: http://jira.secondlife.com/browse/WEB-1379
>             Project: 3. Second Life Website - WEB
>          Issue Type: Bug
>          Components: blog.secondlife.com, secondlife.com
>            Reporter: meade paravane
>            Priority: Showstopper
>
> See https://blogs.secondlife.com/thread/4949? .
> I was logged in & browsing around. I replied to this thread and found that I was logged in as Winter Ventura - not as me!!  No clue at all if I did something to make this happen. I certainly wasn't trying to hack Winter's stuff! 
> If more instances of this occur, it should be bumped to showstopper. If this could be exploited and somebody could use it to get to www.secondlife.com, that would be really, really bad.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.secondlife.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the Jira-notify mailing list