[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

Discrete Dreamscape discrete.dreamscape at gmail.com
Sat Aug 21 08:24:20 PDT 2010


Actually, I prefer to remember him as:

1) The guy who hacked Emerald's servers before discovering the data
storage issue and

2) The active developer of a malicious viewer under the lolguise of
promoting exploit/bugfixing.

But hey, they keep antagonizing him, so of course this kind of thing continues.


Discrete


On Aug 21, 2010, at 11:10 AM, Brian McGroarty <soft at lindenlab.com> wrote:

> On Sat, Aug 21, 2010 at 7:46 AM, Discrete Dreamscape
> <discrete.dreamscape at gmail.com> wrote:
>> This was one person's decision, and was deliberately done for the sole
>> purpose of messing with the owner of the victim site (although I'd
>> hardly call the particular individual a victim). Regardless, the team
>> was pretty disappointed. The one person currently owns all parts of
>> Emerald's hosting, so it was their decision, albeit a ridiculous one.
>> They don't take the project seriously, and it's more than a little
>> embarrassing to the rest of the people associated with the team that
>> this kind of thing keeps happening, over and over again.
>
> Appreciated - it's helpful to have this put plainly and publicly.
>
> Am I right that the target server belongs to the guy who:
>
> 1) Was interviewed in a previous blog write-up about the IP & username
> database and geolocation tool that he sought to show was built up for
> Emerald Point visitors, Insilico visitors, and people creating
> accounts via the Modular Systems website?
>
> 2) Demonstrated that Emerald wasn't removing usernames from paths
> before embedding them in textures even after the team's first
> attempted fix?
>
> I know we already talked to the team and set some conditions after the
> first one. The second one's been explained as a mistake that Modular
> Systems would be willing to publicly acknowledge and correct - the
> potential for collecting usernames would have to be in the viewer's
> privacy policy otherwise, and it isn't to date. But that one of these
> incidents was history and the second was supposed to be a mistake made
> the hidden request activity all the more confusing.
>
> --
> Brian McGroarty | Linden Lab
> Sent from my Newton MP2100 via acoustic coupler


More information about the opensource-dev mailing list