You may recall that the Emerald viewer has been leaking potentially
privacy-infringing information - specifically, the directory to which
it's been installed, which in some cases includes usernames - in
encrypted form in baked textures. You may also recall that the
developers lied and said the issue was fixed, when really they just
leaked the same data but with stronger encryption to hide it better.

Well, it turns out that the Emerald developers have been using their
viewer to launch a Distributed Denial of Service attack on the website
of the person who discovered this[1]. The attack involved loading
about 1 MB of images and a whole bunch of dynamically-generated
content from the Emerald login screen displayed every time a user
opened Emerald to consume both bandwidth and server CPU time.[2] This
served no purpose other than to try and DoS the server - none of the
loaded content was visible or used. The Emerald developers have even
admitted as much, though they're trying to spin it interestingly[3].
(Their explanation is total bullshit - if they just wanted to make a
point about the number of Emerald users rather than attack the server,
loading a single file would do.)

Now, this is of course entirely in violation of the TPV policy, which
forbids certain content - including DoS attacks - within third party
viewers. The question is, does the Lab care and will they even remove
the viewer in question from the TPV directory?

[1] 
http://www.sluniverse.com/php/vb/general-sl-discussion/47885-emerald-problem-conspiracy-theory-3.html#post997824
[2] See http://pastebin.ca/1921405 for a copy of the actual code.
[3] http://blog.modularsystems.sl/2010/08/20/shenanigans/
_______________________________________________
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Reply via email to