-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 AFAIK only LL (and someone intercepting network communications) knows what channel some client is using
On 2/5/2010 18:42, Rob Nelson wrote: > The only way to reliably detect a client is if the client sends an MD5 > hash of the executable to the login server, and that function was > removed ages ago from the login process due to ease of spoofing. > > Requiring a unique login channel requires manual intervention to change > the login channel from the official LL channel to the unique one > required by the TPV, so malicious developers don't even have to lift a > finger in order to bypass detection. > > The entire system is flawed, and I'm sure LL knows this. > > On Sun, 2010-05-02 at 20:56 +0200, Carlo Wood wrote: >> On Sat, May 01, 2010 at 06:53:49PM -0400, Glen Canaday wrote: >>> Though WHY anyone wouldn't want to come HERE to talk about client >>> detection is far beyond my grasp. That's like AVG not wanting to talk to >>> Microsoft. >> >> Probably because it's a moronic asshole, who is only >> interested in making money with the product and doesn't >> care if 1% are false positives. Not until LL comes >> knocking on their door anyway. >> >> I guess that the only reasonable response (unless LL >> wants to get involved) is to find out how the detection >> works and write a patch that makes SURE it won't be >> detected (which then can be used by everyone, but malicious >> viewers will do this anyway, whether or not we do or not). >> >> So, how does this thing "detect" the mentioned "signature"? >> > > > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkvd8oIACgkQ8ZFfSrFHsmVIXQCfSTydZfbMH4c4CxpvwWmHqHcZ YJUAn2GTGUzLWRSU+uF3FMlh84UkOxpA =3u94 -----END PGP SIGNATURE----- _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
