Emerald Site Security Broken! Data Mining Shocks Linden Lab!!!
by Pixeleen Mistral on 11/05/10 at 4:40 am
According to documents that appear to have been leaked from ModularSystems, the developers of the “Emerald” Second Life viewer have compiled a database of avatar names, IP addresses, and geo-location information for players who created Second Life accounts at the ModularSystems.com site. In addition, visitors to the developers’ land in the virtual world have been profiled in the database.
The leaked documents include e-mail exchanges, a partial dump of the secret database, php source code for portions of a “datamine” application, and a picture of the Emerald developers in a meeting with Linden Lab CEO M Linden, Linden legal council Marty Linden, and several other Second Life staff.
Emerald meeting M Linden, Marty Linden, Joe Linden, and others (click image for closeup view)
Unfortunately, pictures of a virtual meeting with top Linden leadership may not reassure the virtual world’s rank and file residents, as they consider the implications of leaked documents appearing on anonymous file sharing sites.
There is a strong sexual role play component to the Second Life game, and many players are sensitive to linkage of real life information and game accounts, particularly in the hands of third parties who may be less circumspect than Linden Lab. Several of the Emerald developers have “colorful” reputations which may also raise some eyebrows.
Is a database connecting avatars and IP addresses of concern? According to an e-mail exchange with second life resident Hazim Grazov [full text below], Linden Lab staff seemed to think so. Soft Linden said, “I’m working with a VP on how to best deal with this. This is extremely serious”.
avatar keys, names, and IP addresses collected both in-world and via RegAPI
Soft Linden’s concerns are echoed in an e-mail dated April 16th, in which Joe Linden tells Mr. Grazov, “We consider this a very serious event and have not finished our discussions with them as to next steps, privacy policy modifications, and communications with their users. I don’t know what the source of the file was, but if you know, I hope you will encourage them not to release it publicly.” Joe concludes by saying, “Thanks again for making us aware of this. Rest assured, we do not treat events like this lightly”.
However, it is unclear how seriously Linden Lab is treating the situation. This morning, the Herald contacted both Soft Linden and Joe Linden for comment. As we go to press 12 hours later, neither have replied and it is unknown what – if any – steps have been taken to limit the data collection.
Jcool410 searches for Tizzy
According to the leaked documents, several Emerald developers were able to run searches against the database. One document shows a user named Jcool410 performing a “datamine” search – but it appears that Jcool410 ‘s account had been compromised. Other documents list what are believed to be Jcool410’s passwords — apparently Jcool did not get the memo warning against using passwords found in the dictionary.
Welcome to Burbank!
Asked via Skype Saturday if there had been a breach of security at the modularsystems.com site, Jcool – who is known as Fractured Crystal in Second Life – declined to comment.
While it is possible that some of the documents have been fabricated, I can confirm at least two e-mail messages found in the Emerald Revealed documents are legitimate — both are chat messages that I sent to Fractured Crystal while he was offline and which were automatically forwarded to e-mail.
The news that Hazim Grazov raised questions about the Emerald developers’ data mining operation with Joe and Soft Linden will certainly lead to speculation that the recent Woodbury University Second Life ban was connected to the Emerald leaks. Mr. Grazov is known to have spent time with members of the Woodbury group in Second Life, and there was a confrontation between some members of the Woodbury faction and Fractured Crystal (a.k.a. Jcool410) shortly before Linden Lab removed the Soviet Woodbury sims and their leadership from the game.
As the Herald staff sifts through the Emerald Revealed documents, I am struck by the similarities between this confrontation and that of the Nicholas / Sephora mafia wars — the gameplay leaks out into the real world and website security breaches are used to score points against the other faction.
But are both sides treating this as just another game?
————————————————————————————–
Subject: Re: Someone told me you might want to see this RE Emerald…
Date: Fri, 16 Apr 2010 14:05:22 -0700
From: Joe Linden <joe@lindenlab.com>
To: Hazim Gazov <hazim.gazov@gmail.com>
Cc: Soft Linden <soft@lindenlab.com>
We consider this a very serious event and have not finished our discussions
with them as to next steps, privacy policy modifications, and communications
with their users.
I don’t know what the source of the file was, but if you know, I hope you
will encourage them not to release it publicly.
By the way, we determined that yours was the only voice account that had
been disabled. Is voice working for you again?
Thanks again for making us aware of this. Rest assured, we do not treat
events like this lightly.
Regards,
– Joe Miller
On Fri, Apr 16, 2010 at 1:36 PM, Hazim Gazov <hazim.gazov@gmail.com> wrote:
> I heard the explanation Jay gave as to why he had the info, and I don’t buy
> it.
>
> The database allowed administrators to quickly determine if a new account
>> was a alt account of a griefer that had previously attacked the sim. It also
>> stored the IP used on registration portal on the website when you register a
>> avatar because avatars created on that portal usually logged directly into
>> Emerald Point and were the fastest route for griefing the sim. After it was
>> demonstrated that this was a effective solution to the problem, several
>> nodes were placed in a few other sims for short periods of time
>>
>
> Since when do you need GeoIP functionality to determine if someone is an
> alt? From what I heard they had rather large GeoIP files used to obtain an
> approximate location from an IP address and had the code built into the
> system:
>
> From datemine.web.php:
>
>> $gi = geoip_open("geoip/GeoLiteCity.dat",GEOIP_STANDARD);
>> $giorg = geoip_open("geoip/GeoIPOrg.dat",GEOIP_STANDARD);
>> $giisp = geoip_open("geoip/GeoIPISP.dat",GEOIP_STANDARD);
>> $tip = $_GET['ip'];
>>
>> $record = geoip_record_by_addr($gi,$tip);
>>
>> /*$netspeed = geoip_country_id_by_addr($gi,$tip);
>> if ($netspeed == GEOIP_UNKNOWN_SPEED)$netspeed =
>> ‘Unknown’;
>> }else if ($netspeed == GEOIP_DIALUP_SPEED)$netspeed =
>> ‘Dailup’;
>> }else if ($netspeed == GEOIP_CABLEDSL_SPEED)$netspeed =
>> ‘Cable/DSL’;
>> }else if ($netspeed == GEOIP_CORPORATE_SPEED)$netspeed =
>> ‘Corporate’;
>> else $netspeed = ‘???’;*/
>>
>> $org = geoip_org_by_addr($giorg,$tip);
>> $isp = geoip_org_by_addr($giisp,$tip);
>>
>
> I sincerely hope something more than a slap on the wrist is doled out.
>
> I’ve also heard that my IP was sent as the person who "hacked" into their
> website, that’s bull and they should pony up some logs if they want to say
> that. I wouldn’t be surprised if they just pulled up the IP from that
> database.
>
> On Thu, Apr 15, 2010 at 11:32 PM, Hazim Gazov <hazim.gazov@gmail.com>wrote:
>
>> Unfortunately, I wasn’t the first one to get this, so I don’t think I can
>> do much to limit the sharing of it… however AFAIK very few people have one
>> with full IP addresses, most people have one with the last two blocks
>> censored.
>>
>>
>> On Thu, Apr 15, 2010 at 6:05 PM, Soft Linden <soft@lindenlab.com> wrote:
>>
>>> Yep, I see that, and I see the regapi collection. I’m working with a
>>> VP on how to best deal with this. This is extremely serious.
>>>
>>> Do you know how widely this has been spread, and could I trust you to
>>> limit further sharing?
>>>
>>> On Thu, Apr 15, 2010 at 12:25 PM, Hazim Gazov <hazim.gazov@gmail.com> wrote:
>>> > It’s being retained for the purpose of getting an SL user’s RL data
>>> > arbitrarily.
>>> >
>>> > On Thu, Apr 15, 2010 at 4:22 PM, Hazim Gazov <hazim.gazov@gmail.com> wrote:
>>> >>
>>> >> They’re not simply being retained, look at
>>> >> secondlifeutility/datamine.web.php
>>> >>
>>> >> On Thu, Apr 15, 2010 at 4:18 PM, Soft Linden <soft@lindenlab.com> wrote:
>>> >>>
>>> >>> I appreciate the heads up, Hazim, and I’m disappointed to see that the
>>> >>> IP addresses are being retained. I’ll let the appropriate Lindens
>>> >>> know.
>>> >>>
>>> >>> On Thu, Apr 15, 2010 at 11:57 AM, Hazim Gazov <hazim.gazov@gmail.com> wrote:
>>> >>> >
>>> >>> >
>>> >>> > ———- Forwarded message ———-
>>> >>> > From: Hazim Gazov <hazim.gazov@gmail.com>
>>> >>> > Date: Thu, Apr 15, 2010 at 3:50 PM
>>> >>> > Subject: Re: Someone told me you might want to see this RE Emerald…
>>> >>> > To: joe@lindenlab.com
>>> >>> >
>>> >>> >
>>> >>> > and I forgot the attachment, spectacular
>>> >>> >
>>> >>> > On Thu, Apr 15, 2010 at 3:49 PM, Hazim Gazov <hazim.gazov@gmail.com> wrote:
>>> >>> >>
>>> >>> >> Take a look at the SQL file and regapi/index.php at line 97…
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>
>>> >
>>> >
>>>
>>
>>
>
Hazim Gazov
May 11th, 2010
I’d like to use opportunity to announce that I am gay
Hazim Gazov
May 11th, 2010
Also, lol@ “Could I trust you to limit further sharing”, since you didn’t do anything about it and banned me instead, no.
holy_shit
May 11th, 2010
holy fucking shit. love the meeting pic. oh hey everyone, we’re lindens so stupid we are gonna post a sign that says “oh hey welcome dataminers, you’re also our tpv top pick we love you” pffffffffffft fucking pathetic.
Nidol
May 11th, 2010
The ball starts rolling…
Zercedes Mepp
May 11th, 2010
I’d like to use this opportunity to announce that I second your gayness and wish to join you sometime for a little romp in the sheets.. or behind a dumpster.
Simman Braveheart
May 11th, 2010
Oh man. OH MAN. This is interesting.
Kiddoh
May 11th, 2010
Fun times. ;D
But what’s going to happen next?
SamanthaE
May 11th, 2010
[Asked via Skype Saturday if there had been a breach of security at the modularsystems.com site, Jcool – who is known as Fractured Crystal in Second Life – declined to comment.]
///
of course he didnt comment he is a guilty as yellow snow. He’s a little boy trying to be tough I think.
Epacsten
May 11th, 2010
This whole situation leads me to believe that LL is no longer a reliable platform for me to hide my RL identity while spending lots of money and performing depraved sexual acts. I could lose my clients and subsequently my business.
I’m going to have to cut my losses and take out everything I have in SL.
Unless, of course, LL makes their viewer into a true closed source client instead of an open source pseudo server that allows this kind of situation to develop in the first place.
Calif
May 11th, 2010
ummm big news? what’s this got to do with emerald? It was a private project of the emerald sim owner who did statistics on his private sim, the application was hosted on his server, that’s all. LL was more “shocked” about Woodbury hacking the server.
Gundel Gaukelei
May 11th, 2010
GeoIP database is for free. You can get it there:
http://www.maxmind.com/app/ip-location
The free version already works pretty well. I’ve been working with the commercial version and its much more accurate.
Ah, btw, did you know Google, amongst others, is now mapping WIFI and that way relating WIFI MACs and SSIDs to locations? Did you know the MAC of your Notebook can be mapped even if you’re using WPA2 to encrypt the payload?
Expect geotracking to become even more accurate in the near future.
PS: not of any concern for you, if you’re of the “I’ve got nothing to hide” kind, telling everything on facebook & Co. already.
Hazim Gazov
May 11th, 2010
List of people who used the datamine:
Jcool410 : Fractured Crystal
arabella : Arabella Steadham
chalice : Chalice Yao
lordgreggreg : LordGregGreg Back
skills : Skills Hak
phox : Lonely Bluebird
zwagoth : Zwagoth Klaar
LBH : ???
Hazim Gazov
May 11th, 2010
@Calif
It affected anyone who registered using their regapi as well (as you can see from the screenshot). LL was not pleased about that.
Selkit Diller
May 11th, 2010
Yup. Time to set up a script to ban ModularSystems accounts on sight. What do you want to bet that those bots tie into this database? I’ve uninstalled Emerald, burned it clean off my system, am in the process of running a pretty thorough malware scan, and have changed my SL password.
And I seriously supported this lot deploying bots in the FN sandboxes? Not anymore they’re not. Until there’s a damn good explanation for the exodus in their staff, and now this leak, the bots are definitely unwelcome; Good chance that they could be an extension of this same harvesting op.
Hazim Gazov
May 11th, 2010
@Selkit
As far as scanning for malware and uninstalling Emerald, I wouldn’t really be concerned (unless you’re doing it on principle), but I have it on good authority that the majority of the people leaving emerald did so because of what was planned for the Onyx bots (more on that later).
Selkit Diller
May 11th, 2010
PS; If you want to keep Onyx bots out, here’s a simple script (That has the unfortunate side effect of banning Emerald staff on a ModularSystems account). Note that this script must be in an object set to the same group as your parcel (Or owned by you on your own land), and if the land is group owned, the object must be deeded to the group. Sorry Fractured, Phox, and others; I respected you lot until your group moderators proved they have all the sense of Dadaist art, and you lot got caught quietly pairing geolocated data to avatar names. If you think you have a good explanation for this whole fiasco, I’d love to hear it; Until then, your bots are unwelcome in my sandboxes, and I will be discouraging the use of Emerald on my staff.
To deploy the script, add it to an object, and deed it to the land’s group on group owned land, or simply own it on your own land. Please note that this has the side effect of banning ALL ModularSystems accounts, manned or bot. Keep that in mind if you choose to use it.
float RANGE = 96.0;
float REPTIME = 3.0; // seconds between checks
default
{
state_entry()
{
llSensorRepeat(“”,NULL_KEY,AGENT,RANGE,TWO_PI,REPTIME);
}
on_rez(integer moo)
{
llResetScript();
}
sensor(integer num)
{
integer i;
key det;
for(i=0;i<num;i++)
{
det = llDetectedKey(i);
if(llSubStringIndex(llKey2Name(det),"ModularSystems") != -1)
{
llTeleportAgentHome(det);
llAddToLandBanList(det,24.0);
llInstantMessage(det,"Sorry, but given the recent discovery that Emerald's staff have been pairing geolocated IPs to identifiable avatar names, we have no choice but to ban Onyx bots on a more than reasonable suspicion, that they may contribute to potential abuses and intrusions. If you are not an Onyx bot and are an actual user, please contact an (area) staffer to request a ban exemption.");
}
}
}
}
Selkit Diller
May 11th, 2010
@Hazim;
I have no reason to believe the Emerald client is safe at this stage; While my previous Emerald installation was a 1632 based source compile, I have no reason whatsoever to trust a compiled binary at this stage (I was forced to update to 1634 once server 1.38.4 rolled out). Quite simply, after having been disciplined in the Emerald chat for an “incident” that never approached the point of cursing, nevermind direct personal attacks, at someone not on the Emerald staff, fifteen minutes after the “incident” had come to a cold close, and now this revelation, I have no reason nor desire to trust Emerald or ModularSystems in any fashion whatsoever.
And suddenly, I am very glad I opted not to install CDS across the estates I manage. Now, I absolutely assure you, I will not be installing CDS.
Hazim Gazov
May 11th, 2010
So… I was bored and looking through my spam folder and I noticed some newsletter for recipes and bullcrap I didn’t remember signing up for.
I click it.
You signed up to receive this newsletter on 2010-04-26 23:05:17.0 EST from: 66.131.88.111
Huh, that’s not my netblock, lemme geoip that
GeoIP City Edition, Rev 0: CA, QC, Longueuil, N/A, 45.533298, -73.516701
That’s where ph0x lives. Why am I not surprised?
Idiots.
Kiddoh
May 11th, 2010
@Calif: The Woodbury Group had no knowledge of Hazim’s actions until several days after the entire group was nuked.
To put it simply… Woodbury didn’t hack your stupid server.
Tinfoil Hats Are Back In Style
May 11th, 2010
What I find even more shocking is that not a single Linden in attendance is using 2.0.
Selkit Diller
May 11th, 2010
@Tinfoil
Silly, don’cha know they only use that thing for PR purposes? The Lindens I’m acquainted with don’t even use it at all unless visibly on duty.
Tinfoil Hats Are Back In Style
May 11th, 2010
It particularly amuses me in light of a SL flogorum poster who has gone overboard in her support of 2.0 … quite possibly in the hopes of being hired as a Linden one day.
pefton
May 11th, 2010
@Hazim
the regapi doesn’t have anything to do with Emerald either, it is Modularsystems, get your facts straight
Hazim Gazov
May 11th, 2010
@pefton
Right, because emerald has nothing to do with modularsystems at all. It only uses a shitload of resources from it. and its mercurial repository is hosted there… and its bugtracker… and its forum.
Get where I’m going with this?
Hazim Gazov
May 11th, 2010
Oh, I forgot, the default starting point for people who register using it is also emerald point. Silly me for forgetting that.
Apple Mew
May 11th, 2010
Should probably make note: These IP addresses were collected using CDS, not the Emerald client or the Onyx bots.
Baloo Uriza
May 11th, 2010
Who didn’t see this coming, given the reputation of roughly half of the Modular staff…
The Avatar Formally Known As . . .
May 11th, 2010
As a side note, try doing something to Jcool that he don’t understand and your IP is banned from using Emerald viewer, lol.
Hazim Gazov
May 11th, 2010
@The Avatar
I don’t know about that… as far as I know, the only things he could really block you from accessing would be the client tag list, the login splash page and sending in error reports (who actually does that, anways?)
Noize
May 11th, 2010
Take a look at…
http://www.staticreality.us/slwiki/index.php?title=Fractured_Crystal
Hazim Gazov
May 11th, 2010
Crossproasting from the SLU thread….
Semi-complete list of sims that contain(ed?) datamine nodes:
INSILICO
INSILICO WEST
INSILICO EAST
INSILICO SOUTH
INSILICO NORTH
MindCandy
Mooloruem
Rhododendron Island
Emerald Point
Noize
May 11th, 2010
More users with CDS datamines…
* Akeyo / artoo Magneto – http://slurl.com/secondlife/AKEYO/128/128/22
* N-Core / nuria Augapfel
* Truth
* NotSoBad
* TonkTastic
* Magika
* La Galleria / Pamela Galli
* Dark Delights / Ishtara Rothschild
* AD Sport Skins / arzach Mill
* Chip N Dale / arzach Mill
* Heels
* Dark Delights
* DeeTaleZ
* GothiCatz
* Deviant
* Aeon Honi
* Desiree Karu
* Pretty much every fair/expo/lag feast
* Ayumi / Ayumi Shinn
* Maitreya / Onyx LeShelle
-I been harrassed by an emerald dev, after a week my account got cancelt for using copybot software. which is a bit incorrect..
-The Orginal CDS scripts Collects IP’s and puttng same IP’s with Account names together.
Hazim Gazov
May 11th, 2010
The CDS script and the Emerald datamine script are separate and as far as I know do not share databases. It is disingenuous to conflate the two.
Masami Kuramoto
May 11th, 2010
FYI: Emerald sends your avatar name to Modular Systems’ website during each login. The proof is in the code. Download the “compliant” rev. 1634 sources and see for yourself.
Noize
May 11th, 2010
Skills is in the emerald team too, the team could downgraded the datamine and sold it or its a upgraded version of the script…
About emerald! Anyone got the link to the SL forum where a guy claims that he used emerald with hex edited client tag to onyx got banned from the emerald sim plus he got harrassed and his alt names listed and all the stuff.
Hazim Gazov
May 11th, 2010
They could, but they didn’t. Besides, that wouldn’t even do anything for CDS because CDS is interested in UserAgents and the like.
Selkit Diller
May 11th, 2010
@Noize;
Devil’s advocate here for a moment. That “staticreality” link is a bit laughable for three reasons:
One, I’ve known Phox since… oh, 2006? Or was it 2005. As usual, while I will not at all deny Phox has a spotty past, I will clearly point out that his original forays into exploit research were to solve them (Albeit while quietly using them on the side; That, in itself, is not at all a sterling point). Despite knowing about it at the time, Phox was quite happily coexisting on the FurNation staff. The attitude of Linden Lab towards Phox’s attempts to help, did not exactly encourage him to continue trying to be helpful. Instead, he did much like other sites do regarding exploits the platform tries to sweep under the rug: He pulled the rug back.
Two, that site you’ve posted? It’s got a few brief (mostly inaccurate) articles regarding Fractured and Phox on it, coupled with an enormous sales pitch for some shitty SL griefing system. Not credible, when you’re pointing a finger going “OMFG BAD GUYS”.
Three? Conjecture and hearsay, facts doth not spring from. That site’s -full- of speculation. Maybe. So i herd they du thiz so they probly du thiz too.
No. That is not at all factual. That said? I still don’t trust Emerald. I’ve scrubbed my system of it, and unfortunately, if there is malware left behind (Complacent companies like Kaspersky or Panda or really, name any big AV provider), it’s doing a good job of hiding. That’s mostly what I get for trusting a binary even briefly, if it does happen, but then… it’d just be the icing on this whole cake.
Maybe Emerald’s crew have a quasi legitimate reason for doing this; Perhaps it’s an easy way to track people who’ve created accounts solely to grief Emerald Point as an OMFGHAETEMERALD measure. I’d surely welcome the ability to track visitors by IP address (or at least place short term IP bans to keep the really stupid wankers out; The smarter ones bypass those measures in a heartbeat), or maybe they have some other metric in place for innocuous purposes. However, they’ve done it without consent, I can’t really consider any legitimate reason why they need to keep long-term archives, and for that matter why they need to geolocate in the first place (Except maybe as an extra harassment/leverage measure, in an omgspai conspiracy sense).
It’s slimy that they’re archiving this, but by the same token; If you’re going to rail on at them, at least rail on at them factually and for the right reasons. That “wiki” you posted exists solely to smear Phox and Fractured, and sell shitty grieftools on the side.
All Seeing Eye
May 11th, 2010
Piss them of and watch your account be compromised too. Or rather piss them off and watch a few dozen randomly selected accounts be compromised in a display of force.
And so to make it worse and get more control over Linden Lab they have sent forth an army of bots that appear to be copybotting the entire grid and everything anyone is wearing. So now they can simply release all that content into the grid free to smash the economy too.
So wtf? Why are these people allowed to continue? Probably because if they were shut out of SL they would publish all the account names and passwords and identity info of hundreds of thousands of LL customers. That information would then cause a shitstorm of account theft and scare away all those mundanes the CEO is trying to lure in.
When will Linden Lab learn not to get in bed with this sort of people? LL has more staff to get rid of as well to finally clear them all out.
Oh? Did you still think this is serious business? Did you think all those millions of people that are now pissed at facebook over privacy want to come to SL where it is worse?
But hey the CEO would finally have what he needs to force everyone to use that new viewer of his. Maybe the CEO is paying those guys to do all this.
Oh SNAP! Maybe LL is going to pay modular systems to set up all that targeted advertising crap they recently surveyed about.
Well what can we say? This is the sort of shit that happens when a clueless noob dumbass is in charge.
Dave Bell
May 11th, 2010
I really don’t know who to trust on this.
It’s the sort of event that could explain why Linden Lab are blocking older versions of Emerald, and yet people have reported that they had no problem logging in to SL with well-known copybot viewers.
We seem to be in the middle of a process of adding features to the SL codebase, Servers and Viewers, that slow the whole process of just being in SL, so as to provide extra security checks against illicit copying. “If you have nothing to hide, you have nothing to fear.” Well, I’d like to be able to safely walk across a sim boundary without some disaster. Or is it my fault for not spending money on the latest hot gaming computer?
I’m not the sort of guy who can take published code, tweak a few little details, change the ID strings, and compile an own-use SL Viewer. I have to trust people over the software I use. Frankly, that’s a bit worrying when I see the apparent obsessions on the part of some Emerald developers. People might be breaking Copyright restrictions on content. This is so important that we have to spy on everyone.
It’s not that I disbelieve the claims that copybot programs can do naughty things with user account-name and password data. But I’m beginning to wish there were independent confirmation.
Oh God, do I have to go back to Viewer 2?
Gaara Sandalwood
May 11th, 2010
Just another day in SL.
Hazim Gazov
May 11th, 2010
@All Seeing Eye
Yes, when I pissed them off they disabled my vivox (voice) account and I had to ask joe linden and an employee of vivox personally to get it working again.
Abracapokus
May 11th, 2010
People have been saying for months that the folks behind Emerald were not to be trusted. We’ve pointed out how they add features just because they can without thinking if they should. They add things based on if it’s something they think people would like to have without asking if it is something people would really like others to have. They have shown they don’t really give a rat’s ass about people’s privacy. They evenly openly affiliated with griefing groups like Woodbury. All this and most still turn a blind eye and stuck your fingers in your ears going LALALALALA!
And why? Because they’ve convinced you LL is teh evil and given you a viewer with a little bit of teh shiny and you all roll over and go Oooooo… jiggly boobies… huhuhuh…
Now this comes out and everyone is SHOCKED!?!?!? No, not everyone. Not me. Not the ones who have been telling you for months not to use their viewer because they have the morals of hamsters. Hey, what’s that? /me pulls a falling scale from your eye.
LL knows all about their ‘spotty’ past and the fact that many of them have had multiple accounts BANNED by LL. Do you have any idea what you have to do in order to be permanently banned by LL? We are talking serious or extensive violations of the TOS, not just swearing on Help Island or shooting someone in a sandbox.
The only reason LL talks to them is because of YOU, yes YOU, the gullible and manipulated masses who continue to use their hacked viewer and think it’s the greatest thing since sliced toast (while it secretly sends your info to their site). If it weren’t for all of you they’d get the same reception from LL as Michael Moore at a Teabagger rally.
JuanFra
May 11th, 2010
En un foro anglófono cuya finalidad es hacer creer que el CDS es un sofisticadísimo sistema de detección me han borrado lo que sigue sin explicación alguna. La única norma que rompe mi mensaje es decir la verdad –que debe de ser considerado algo muy grave y peligroso, por lo visto–. Esto me ha decidido a informar de su existencia a varios medios, así como a publicarlo en otros medios de Internet por si acaso, para que todo el mundo conozca esta realidad cuanto antes. Además, lo amplío más cada vez que me sea borrado, pero siempre en el siguiente foro
Una de las pruebas que hace pensar a todo el mundo que LL no es trigo limpio tampoco en esto es que permite que el Gemini CDS haga lo que quiera a pesar de estar claramente infrigiendo normas del propio TOS (como poco). Evitar que ***nadie*** pueda copiar ***nada*** en SL es facilísimo: basta con programar desde el lado del server unos filtros que impidan que se pueda descargar a un ordenador nada que no cumpla unas determinadas condiciones(por ejemplo, que el owner y el creator sean el mismo avatar, aunque habría muchos otros filtros posibles en relación a los full perms). Si LL no hace esta sencilla operación de protección definitiva es porque de algún modo no le conviene, que a nadie le quepa ninguna duda. Algunas de sus facciones está queriendo ahora hacer que todos creamos que el CDS es un sofisticadísimo sistema de deteccion
Pero nada más lejos de la realidad 
Hay una explicacion muchísimo mas sencilla sobre cómo funciona el CDS. Si aplicamos la navaja de Occam seguro que muchos estarán de acuerdo en que es la más probable:
La mayoría de los visores con funciones ilegales han sido hechos por el mismo equipo de hackers aparentando ser distintas personas (incluso peleadas entre ellas, para dar más veracidad al engaño). Estos hackers venden sus visores ilegales trucados y con dichos visores, además de sacar el dinero a la gente en la venta, sin que ellos lo sepan les toman sus datos de nombre de avatar y password al conectarse (es extremadamente fácil de hacer y todos recordarán la cantidad de comentarios que se han leído en los foros acerca de que al conectarse siempre fallaban la primera vez con cada avatar nuevo, misteriosamente)
Estos datos van directamente a la base de datos que hoy se usa en el Gemini CDS, junto con el nombre del visor utilizado y alguna que otra información más.
Después este mismo equipo finge haber inventado un gran sistema de detección de visores ilegales (como el CDS) y cobra dinero también por utilizarlo, así como cobra dinero por quitar de esa base de datos los nombres de quienes lo paguen (sin hacerlo público, claro). Por cierto, en esa base de datos hay mucha gente que jamás ha usado un visor ilegal, pero que ha sido incluída ahí por Skills Hak para perjudicarlos por ser competidores peligrosos o gente de la que se quería vengar; como no tiene que demostrar nada puede hacerlo cuando le dé la gana. O sea, es todo un negocio pensado así ya de antemano desde el principio. Un negocio que LL debería abortar ahora mismo si es que no tiene nada que ver con dicho negocio, cosa que a cada segundo que pasa parece más y más lejana.
De ese modo es fácil comprender por qué y cómo los nombres están en esa base de datos y por qué puede saberse de antemano cuáles son todos los alters utilizados por la misma persona y por qué esa persona queda baneada automáticamente a través de cualquiera de sus nombres de avatar, aunque ya no utilice nunca más alguno de los visores ilegales por los cuales averiguaron sus datos.
Los expertos en estos temas aquí sabrán que lo que he dicho es muchísimo más fácil y simple de hacer que cualquier sistema de diálogo HTTP interno mediante scripts hacia el parcel multimedia
Por cierto, Y MUCHA ATENCION A ESTO, SEÑORES, he podido comprobar que una de las cosas para las que sí que funciona realmente el CDS es para enmascarar cualquier labor de copia ilegal que Skills Hak quiera realizar con su script en el terreno de quien lo instale (y tambien con bots no necesariamente en el mismo terreno)
El aparato permite copiar libre y constantemente al disco duro de Skills Hak y sus secuaces (algunos de ellos son Ash Qin, LukaStar Mattercaster, Cinndreia Messmer, GEMINIbot Inventor, Lonely Bluebird, Fractured Crystal, aunque hay muchos más) todo lo que se halle en el terreno que lo tenga instalado. Incluso cualquier cosa que se ponga después la detecta y la copia, ya que el CDS es también un genial copybot. Además, también permite que algunos visores ilegales fabricados por ella puedan conectarse a ese terreno sin ser detectados ni por LL.
¡Menudo negocio han hecho los dueños de tiendas dejándose engañar por hackers!
DD Les está bien empleado por creer ciegamente en algo que jamás les han mostrado ni demostrado y que encima perjudica a sus clientes actuales y a todos sus clientes potenciales.
Hazim Gazov
May 11th, 2010
@Abracapokus
Just a nitpick, Emerald pretty much hates WU.
Constance Maurer
May 11th, 2010
This really sucks. but who ever said a romp in the sheets
just send me a im. it would be way more interesting then this.
-rolls eyes-
Lord Greg -bows-
Has all ways been my fav
xoxoxo
All Seeing Eye
May 11th, 2010
hmmm just saw something else posted somewhere that made me think.
If these guys have all the Linden alts logged and released that information then things could go very bad for Linden Lab in a very short amount of time. So throw another extortion forest on the bonfire.
However publishing that data would be a positive public service to eliminate foul play by Lindens wouldn’t it.
X
May 11th, 2010
Somewhat related: Putting together a list of CDS users. Feel free to contribute.
Duma Blackheart
May 11th, 2010
I honestly don’t care if lindon laps would add more slots and other features to the regular viewer hey I’d go back but as for now no….
Noize
May 11th, 2010
Not to forget is, that MANY users handle that thread down like “For what they want my data, i got nothing interesting” or they just don’t care..
As long this Userbase don’t starts to THINK with ther own Brain it wont change much….
Pappy Enoch
May 11th, 2010
Oh my gawd. Now the whole fake world am a gonna find out that I are a hillbilly supermodel in Monaco, livin’ on Omar Sharif’s yacht and not a fat nekkid hillbilly man playin’ a fake hillbilly in SL.
Please don’t tell Omar…or it will be “overboard” for poor lil’ ol me.