Linden Lab rounds up and ejects a bunch of copyright infringers

Bravo to Linden Lab - and good riddance to the low-lifes. Keep up the good work LL!

It's widely known that the Neil Life client is largely just a clone of ThugLyfe, so that pretty much cuts ThugLyfe off at the knees too. It's great that Linden Lab now has a way to trace and prosecute members of these griefer groups.

Firstly, parthalow, they caught them this particular time apparently by planting a 'bugged'; item that was a common target for IP theft. Then they waited, and performed a sweep after they had caught a reasonable quantity of people in their net. I hardly call that a means to trace and prosecute members of griefer groups.

Furthermore, from a legal standpoint it is unclear if circumventing the lab's client side enforcement of their permissions system actually equates to obtaining unauthorized access to protected computer systems, devices, or data. Whether or not a griefer can actually be sued for copyright infringement is up for debate as well. One could argue that copies of objects in SL are transmitted to users computers all the time. How is it even possible to copyright such material? It's not the same as software. Everyone who sees you open a computer program doesn't automagically have a copy on their hard drive. The web at large is still the wild west, very little legislation exists to govern it and the legislation that does is pretty ambiguous.

These vulnerabilities are really just the tip of the iceberg. I spent a few hours the other day auditing the Second Life viewer source code, for kicks, and I noticed some pretty consistent programming conventions that are prone to integer overflows during bounds checking - which could allow an attacker to execute arbitrary code on protected computer systems of second life users by allowing them to bypass bounds checking to exploit a stack or heap overflow. This means that if they're doing this in certain parts of the code, a remote attacker may be able to obtain full control over computers of second life users. More disconcerting, is the possibility that a vulnerability could exist that could be exploited as a sort of transitive second-order vulnerability, using the lab's servers to deliver malformed packets to victim viewers thus avoiding the need for a victim's IP address. That's pretty serious and you have to consider that administrators would be vulnerable too. After compromising an admins computer, gaining access to the LL extranet (http://osiris.lindenlab.com) would be trivial in most cases. I told LL execs about potential problems with their code - they're using signed integers for bounds checking and in some cases an attacker could control the value of at least one of them. I dunno if they moved on it though. It's whatever, if you wanna see what I got, you know where to find me.

-Codec

I would like to learn more about how the exploit worked and how the Linden attack was done (if you reply to me please click the reply button so I'll get an email notification)

Er, it looks like there's a LOT less here than meets the eye in the valiant service of Comrade Soft to the Motherland:

http://bit.ly/BtaWC

If he unbans everybody the next day, kinda pointless.

They got back on in a day or so? Meanwhile everyone following the rules has to wait weeks sans explanation when LL tries to ban someone else and bans your IP range.

According to Neil, they were unbanned. I haven't seen confirmation from LL or anyone else, just a lot of whining and self-justification on Neil's blog.

That's hardly a credible source unless someone is eager to downplay the message this sends to would-be thieves.