[Opensim-dev] Is this anything to worry about?
Frisby, Adam
adam at deepthink.com.au
Sun Apr 12 08:37:00 UTC 2009
Just read that presentation, the guy missed most of the serious exploits out there.
The SL protocol by nature is very insecure - it's quite possible to spoof packets as if you were another avatar, as long as you are on a network that coincides with your target.
My advice to anyone doing anything which requires security and secrecy on the wider internet - run your OpenSim clients through a VPN, and rely on the VPN for your privacy - not the SL viewer/protocol.
Adam
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
> bounces at lists.berlios.de] On Behalf Of Thomas Grimshaw
> Sent: Saturday, 11 April 2009 5:58 PM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] Is this anything to worry about?
>
> Not to mention he uses phrases like "much more easier"..
>
> The only thing that concerns me is the xml autologin exploit, but i'm
> guessing this has been fixed? Anyone care to try? =)
>
> The rest of it is not a risk to the average end user, unless they let
> an
> attacker onto their computer physically.
>
> ~T
>
> Nebadon Izumi wrote:
> > after a quick glance, i would have to say this doesnt look like
> > anything to worry about, these are all well known issues, he doesnt
> > really spell anything out, he does quite a lot of assuming overall,
> > cant say i learned anything i didn't already know.
> >
> > Neb
> >
> > On Sat, Apr 11, 2009 at 1:45 PM, Colin B. Withers
> > <Colin.Withers at eumetsat.int <mailto:Colin.Withers at eumetsat.int>>
> wrote:
> >
> > Hi,
> >
> > Someone has sent me this link for a possible blog article.
> > However, I don't think this would make a suitable article, but I
> > would be interested in the views of any of the devs on the
> claimed
> > vulnerabilities.
> >
> >
> > http://www.blackhat.com/presentations/bh-europe-
> 08/Thumann/Presentation/bh-eu-08-thumann.pdf
> >
> >
> > Rock
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de <mailto:Opensim-
> dev at lists.berlios.de>
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
> >
> >
> > --
> > Nebadon Izumi @ http://osgrid.org
> > ---------------------------------------------------------------------
> ---
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
More information about the Opensim-dev
mailing list