[Opensim-dev] Is this anything to worry about?

Frisby, Adam adam at deepthink.com.au
Sun Apr 12 08:37:00 UTC 2009 

Just read that presentation, the guy missed most of the serious exploits out there.

The SL protocol by nature is very insecure - it's quite possible to spoof packets as if you were another avatar, as long as you are on a network that coincides with your target.

My advice to anyone doing anything which requires security and secrecy on the wider internet - run your OpenSim clients through a VPN, and rely on the VPN for your privacy - not the SL viewer/protocol.

Adam

> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
> bounces at lists.berlios.de] On Behalf Of Thomas Grimshaw
> Sent: Saturday, 11 April 2009 5:58 PM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] Is this anything to worry about?
> 
> Not to mention he uses phrases like "much more easier"..
> 
> The only thing that concerns me is the xml autologin exploit, but i'm
> guessing this has been fixed? Anyone care to try? =)
> 
> The rest of it is not a risk to the average end user, unless they let
> an
> attacker onto their computer physically.
> 
> ~T
> 
> Nebadon Izumi wrote:
> > after a quick glance, i would have to say this doesnt look like
> > anything to worry about, these are all well known issues, he doesnt
> > really spell anything out, he does quite a lot of assuming overall,
> > cant say i learned anything i didn't already know.
> >
> > Neb
> >
> > On Sat, Apr 11, 2009 at 1:45 PM, Colin B. Withers
> > <Colin.Withers at eumetsat.int <mailto:Colin.Withers at eumetsat.int>>
> wrote:
> >
> >     Hi,
> >
> >     Someone has sent me this link for a possible blog article.
> >     However, I don't think this would make a suitable article, but I
> >     would be interested in the views of any of the devs on the
> claimed
> >     vulnerabilities.
> >
> >
> >     http://www.blackhat.com/presentations/bh-europe-
> 08/Thumann/Presentation/bh-eu-08-thumann.pdf
> >
> >
> >     Rock
> >     _______________________________________________
> >     Opensim-dev mailing list
> >     Opensim-dev at lists.berlios.de <mailto:Opensim-
> dev at lists.berlios.de>
> >     https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
> >
> >
> > --
> > Nebadon Izumi @ http://osgrid.org
> > ---------------------------------------------------------------------
> ---
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> 
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev

More information about the Opensim-dev mailing list