<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
I need that feature for Second Life! Should we put in a Jira requesting
the "wipe" command? <span class="moz-smiley-s1"><span> :-) </span></span><br>
~Sean<br>
<br>
Stefan Andersson wrote:
<blockquote cite="mid:BLU134-W2581DD90241F73062D577CD5AC0@phx.gbl"
type="cite">
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>Hooray for Diva. I have considered blackhatting myself to
give ourselves a wakeup call. (I blogged about this)<br>
<br>
Best regards,<br>
Stefan Andersson<br>
Tribal Media AB<br>
<br>
<br>
<br>
<br>
> Date: Wed, 25 Feb 2009 13:32:11 -0800<br>
> From: <a class="moz-txt-link-abbreviated" href="mailto:diva@metaverseink.com">diva@metaverseink.com</a><br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:opensim-dev@lists.berlios.de">opensim-dev@lists.berlios.de</a><br>
> Subject: [Opensim-dev] DNCH (Re: User Authentication)<br>
> <br>
> People tend to be trusting and oblivious, which is great. And in
fact, <br>
> sh*&t only happens very seldom, statistically speaking.
However, it's <br>
> not great that people make plans, sometimes involving large
amounts of <br>
> money/time, under obliviousness with respect to security. We're
getting <br>
> close to 0.7, which is always a milestone in every project. 0.7
should <br>
> not ignore security completely, even if we are stuck with a client
that <br>
> wasn't designed for open systems.<br>
> <br>
> Being involved in the details of OpenSim, I feel a tension between
not <br>
> talking about security problems so not to scare people away and
not to <br>
> attract griefers; and talking about those problems because they
are <br>
> there and people should be informed about them so that they can
take <br>
> them into consideration when making plans, while we improve things
on <br>
> our end.<br>
> <br>
> So, in order to make these problems visible and tangible, and give
<br>
> everybody a reality check, I just hooked up a sim to OSGrid that
will <br>
> make bad things happen. Right now, it wipes out the inventory of
anyone <br>
> who visits. Don't worry, it waits for your command, so it's not so
<br>
> violent :-) The sim is called "DO NOT COME HERE" (DNCH). You can
find <br>
> it in the map.<br>
> WARNING: don't do this with your beloved main account(s), just
make an <br>
> alt if you want to experience the complete disappearance of
inventory <br>
> from under you.<br>
> <br>
> As we roll security into OpenSim, whatever bad things the DNCH sim
is <br>
> doing should not happen anymore. So, see it as a test for
security, and <br>
> that's how I will be using it. The very first thing we need to fix
is <br>
> this inventory vulnerability in open grids. Please know that it
exists, <br>
> and be sure that it will be fixed properly(*).<br>
> <br>
> Crista<br>
> <br>
> * By "properly" I mean without having to involve lawyers and sign <br>
> contracts between region/grid operators.<br>
> <br>
> _______________________________________________<br>
> Opensim-dev mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br>
> <a class="moz-txt-link-freetext" href="https://lists.berlios.de/mailman/listinfo/opensim-dev">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
Opensim-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a>
<a class="moz-txt-link-freetext" href="https://lists.berlios.de/mailman/listinfo/opensim-dev">https://lists.berlios.de/mailman/listinfo/opensim-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Sean Hennessee
Central Computing Support
Network & Academic Computing Services
UC Irvine
... . .- -. / .... . -. -. . ... ... . .</pre>
</body>
</html>