Hooray for Diva. I have considered blackhatting myself to give ourselves a wakeup call. (I blogged about this)
Best regards, Stefan Andersson Tribal Media AB > Date: Wed, 25 Feb 2009 13:32:11 -0800 > From: [email protected] > To: [email protected] > Subject: [Opensim-dev] DNCH (Re: User Authentication) > > People tend to be trusting and oblivious, which is great. And in fact, > sh*&t only happens very seldom, statistically speaking. However, it's > not great that people make plans, sometimes involving large amounts of > money/time, under obliviousness with respect to security. We're getting > close to 0.7, which is always a milestone in every project. 0.7 should > not ignore security completely, even if we are stuck with a client that > wasn't designed for open systems. > > Being involved in the details of OpenSim, I feel a tension between not > talking about security problems so not to scare people away and not to > attract griefers; and talking about those problems because they are > there and people should be informed about them so that they can take > them into consideration when making plans, while we improve things on > our end. > > So, in order to make these problems visible and tangible, and give > everybody a reality check, I just hooked up a sim to OSGrid that will > make bad things happen. Right now, it wipes out the inventory of anyone > who visits. Don't worry, it waits for your command, so it's not so > violent :-) The sim is called "DO NOT COME HERE" (DNCH). You can find > it in the map. > WARNING: don't do this with your beloved main account(s), just make an > alt if you want to experience the complete disappearance of inventory > from under you. > > As we roll security into OpenSim, whatever bad things the DNCH sim is > doing should not happen anymore. So, see it as a test for security, and > that's how I will be using it. The very first thing we need to fix is > this inventory vulnerability in open grids. Please know that it exists, > and be sure that it will be fixed properly(*). > > Crista > > * By "properly" I mean without having to involve lawyers and sign > contracts between region/grid operators. > > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
