I need that feature for Second Life! Should we put in a Jira requesting
the "wipe" command? :-)
~Sean
Stefan Andersson wrote:
Hooray for Diva. I have considered blackhatting myself to
give ourselves a wakeup call. (I blogged about this)
Best regards,
Stefan Andersson
Tribal Media AB
> Date: Wed, 25 Feb 2009 13:32:11 -0800
> From: [email protected]
> To: [email protected]
> Subject: [Opensim-dev] DNCH (Re: User Authentication)
>
> People tend to be trusting and oblivious, which is great. And in
fact,
> sh*&t only happens very seldom, statistically speaking.
However, it's
> not great that people make plans, sometimes involving large
amounts of
> money/time, under obliviousness with respect to security. We're
getting
> close to 0.7, which is always a milestone in every project. 0.7
should
> not ignore security completely, even if we are stuck with a client
that
> wasn't designed for open systems.
>
> Being involved in the details of OpenSim, I feel a tension between
not
> talking about security problems so not to scare people away and
not to
> attract griefers; and talking about those problems because they
are
> there and people should be informed about them so that they can
take
> them into consideration when making plans, while we improve things
on
> our end.
>
> So, in order to make these problems visible and tangible, and give
> everybody a reality check, I just hooked up a sim to OSGrid that
will
> make bad things happen. Right now, it wipes out the inventory of
anyone
> who visits. Don't worry, it waits for your command, so it's not so
> violent :-) The sim is called "DO NOT COME HERE" (DNCH). You can
find
> it in the map.
> WARNING: don't do this with your beloved main account(s), just
make an
> alt if you want to experience the complete disappearance of
inventory
> from under you.
>
> As we roll security into OpenSim, whatever bad things the DNCH sim
is
> doing should not happen anymore. So, see it as a test for
security, and
> that's how I will be using it. The very first thing we need to fix
is
> this inventory vulnerability in open grids. Please know that it
exists,
> and be sure that it will be fixed properly(*).
>
> Crista
>
> * By "properly" I mean without having to involve lawyers and sign
> contracts between region/grid operators.
>
> _______________________________________________
> Opensim-dev mailing list
> [email protected]
> https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
--
Sean Hennessee
Central Computing Support
Network & Academic Computing Services
UC Irvine
... . .- -. / .... . -. -. . ... ... . .
|
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
