Recent Comments:
Security vulnerability allows Internet Explorer to be used to steal your Second Life password
Second Life Insider
Sep 18th 2007 2:20PM Finally announced on the linden blog.
Oh, and with further testing, Firefox doesn't actually result in the bug. Firefox will launch SL like a secondlife:// usually does, the flags get appended to the location address. IE on the other hand adds the flag to the program as if running it through a shortcut. However, I'm not sure in this case which behaviour can be seen as correct, it does mean the exploit is only effecting IE (unless someone goes and tests other browsers to see what happens, I'm not sure if SL binds to opera and the like).
Security vulnerability allows Internet Explorer to be used to steal your Second Life password
Second Life Insider
Sep 18th 2007 7:50AM Yeh, I know SL can do multi client (I use it myself time to time). I said when the exploit makes use of it, and if we ever get webpages on prims, then it'll turn into a griefer toy.
Funny thing is, ok, its existed for years and its only just been found, its been known about for a few days now. Yet, LL haven't acknowledged it, put out a warning or fix.
Security vulnerability allows Internet Explorer to be used to steal your Second Life password
Second Life Insider
Sep 18th 2007 5:13AM The fault isn't IE's at all. SL binds the URL prefix secondlife:// in both IE and Firefox. That's SL's action. The login uri and client flags are also that of SL, nothing of IE's.
Mozilla / Firefox does the exact same thing, though it has an extra security wrapper, in that it prompts you before launching SL. However, theres a handy little check box that can disable that warning and thus the exploit is just as viable. Why would it be disabled? If you're using SLurls a lot, then you end up making use of the secondlife:// links and would probably consider them safe.
So yeh, just because you're not using IE, don't consider yourself safe. Heavens forbid if this is still around when we get the web on prims and it gets coupled with multi client functionality, it'll end up launching a second client, log you off, and steal your password, a griefer's dream.
Loyalists cry over Devil May Cry on Xbox 360
Joystiq
Mar 23rd 2007 5:57AM This actually surprised me, but I can see where the fanboys are coming from. If I'd of forked out $600 for a PS3 with a few 'certain' exclusives being my reasoning (say, Metal Gear Solid, Final Fantasy, Devil May Cry...), when news of them going multi-platform hits I'd feel I'd wasted my money, and the fanboyism and anger drop giving me less reason to own the console, and rather than admit my own 'mistake', take it out by doing silly petitions like this.
I mean come on! Its against it being on the PC, when DMC3 (and its special edition) came out on it. Ok it'll be part of a simultaneous launch this time but god damn why didn't people complain then.
They're just throwing hissy fits because their beloved PS3 is losing the exclusives.
MGS is up in the air too in the rumour department (MGS2 came out on the original Xbox and PC, wouldn't be entirely unfaliable that the new one might be multi-platform too after the Cell hype), and after that comment from the french guy at SCEE FFXIII's exclusivity is also under speculation too.
Bah, let them do their silly petition. I bet most buy and play the game anyways. And if capcom start going more multiplatform then all the better for PS3 owners who might end up with Lost Planet and Dead Rising.
CopyBot anger rises
Second Life Insider
Nov 14th 2006 11:41AM First Comment here, ever.
I used the copybot myself when it first got released on libSL's SVN code repository, and its a bit overhyped.
Body Shape, Skins, Clothes, etc are all temporary copies, and are lost on relog. HUD attachments, and object contents (such as scripts) in attachments, are not copied.
Also, theres a number of bugs with it. If someone has unicode in their group title when the bot is around, the bot will crash. Also, IMing the bot the message "!quit" will log it off. However, this is for the original, libSL version. The modded version which Geforce Go is selling (and made by Prim Revolution, and that Baba (the original creator) is laughing about because he's responsible for destroying LL, etc) is barely any different from the version which was freely available.
However, now being closed source, and with an obvious username and password entry, theres fears (and rightly so) it could be stealing login info. This isn't confirmed, but might be happening.
Upon questioning GeForce on this matter, she replied that you should use an alt, and when I pointed out that alts are no longer free, she suggested lying on signup that you're a new user, to get a free alt. This is breaking TOS. Not to mention its been demoed on avatars therefore breaking DMCA (these avatars were not the creators of the original work).
Also, its based off libSL, which means selling it is breaking the open source license agreement.
Theres uproar over Robin Linden too for her post on the Linden blog, apparently OKing this, making it legal (Which its not).
Its all a big mess is what I'm trying to say. Its been responded too with far too much misinformation, but does potentially damage SL and its users BIGTIME. Its not (entirely) the fault of libSL, this was bound to be made one time or later, and WORSE versions could end up being made. However, selling the product and releasing it precompiled to the masses (whereas previously it took a little bit of work to make it, etc) is only going to cause havok. And with Robin Linden apparently saying it can't be fixed (ie, just giving up on the idea of even attempting to stop or break its use).... bah, the thing that annoys me most about all this is the general attitude of those involved.
