[Opensim-users] Banning "bad" viewers was Re: Can this be done?

[Karen Palen]

Hmm, somehow your posts are coming with a really strange time stamp. I would guess that the local time zone on your machine is incorrect.

--- On Tue, 1/12/10, John Ward <jward at uci.edu> wrote:
> I understand that you see this as nothing.  We
> disagree on this point.  Not 
> being effective against a man-in-the-middle attack is not
> equivalent to doing 
> nothing.  Lots of security measures can be defeated by
> such attacks.  We still 
> make use of such techniques and layer them with others to
> shore up those deficiencies.

This is what I meant by an "arms race".

My central point remains that knowing the viewer ID string does nothing to prevent any such attack, this is simply one workaround.

Banning certain viewers for no reason though does adversely impact the users far more than it does the "bad guys". 

As someone else pointed out here if even one "badguy" figures out the workaround then it will be in the hands of every "script kiddie" within hours.

The essential feature of any weapon is that it hurt the enemy more than it hurts you. Hitler's V-2 rocket is the only historical exception to that rule that I know of.

Karen