My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

Movement fucks

By: a guest | Mar 21st, 2010 | Syntax: VIM | Size: 4.83 KB | Hits: 250 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1.  Mar 21, 2010 8:01 AM  in response to: Henry Darkthief
  2. Re: CDS & the ToS/CS
  3.  
  4. Henry.Darkthief wrote:
  5.  
  6.  
  7.  
  8. There's a couple of threads about this security system from Gemini called CDS. I've never had a problem with it as a visitor to sims. If its been present, I've not known it was there. However, my understanding is that if you use a viewer that is a known copybotter/griefer tool, it records you and adds your name to the ban list on all sims where it is used, regardless of who the owner of any one system is. Furthermore, this system is also able to somehow retrieve information about your alternate accounts, or alts.
  9.  
  10.  
  11.  
  12. No, it does not seem to be able to to this right at the moment.
  13.  
  14. All you need to do is install this ethernet sniffer called  Wireshark, and you can see what is being sent through your network. Not a  really big thing.
  15.  
  16. So if you TP into a simulator protected by the  CDS Relay, the viewer automatically connects to  apache2-blow.port-au-prince.dreamhost.com or to media.syscast.net  because it thinks there would be a video stream available.
  17.  
  18. The  whole Data transfered looks like this if you are using Emerald Viewer:
  19.  
  20. GET   /youtube.php?licensekey=LUVaF0YXSQxDAUVHXA1GAEhYTAFREw5eXENFEkMNQFwYFV0S&title=Gk8EUhgXHEknEkcV&licensedon=DEIBUw%3D%3D&tvowner=eBVbGUVASlFdVA%3D%3D&videoid=fEJbFhFEGFpYUxMRWRcUAUMKVVoGFlwVDhUSRkQLRgk%3D
  21.  
  22. HTTP/1.1Host: media.syscast.netUser-Agent: Mozilla/5.0  (Windows; U; Windows NT 6.1;  chrome://navigator/locale/navigator.properties; rv:1.8.1.21)  Gecko/20090305 SecondLife/Emerald Viewer (default skin)Accept:  text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Encoding:  gzip,deflateKeep-Alive: 300Connection: keep-aliveHTTP/1.1 200 OKDate:  Sat, 20 Mar 2010 22:23:55 GMTServer: ApacheX-Powered-By: PHP/5.2.10Vary:  Accept-EncodingContent-Encoding: gzipContent-Length: 147Keep-Alive:  timeout=2, max=100Connection: Keep-AliveContent-Type:  text/html..........E.;.. .D{..ljb.&
  23. p.~.U.k.....IaM1z.h.<q>M..I.V..)..../K..lt..*8...`9,...qU  .5....Kd...<.....{......._.[Rp.Blo`)`L.`K..~......!4..2.x.....
  24.  
  25. And  after a short while, fractions of seconds, this connection ist being  closed again. I do not know who runs that server hosted on  apache2-blow.port-au-prince.dreamhost.com, but you can easily do a whois  search to find the registrar of syscast.net, look at the e-mail address  provided as administrative contact and if you just visit that domain in  your browser, you can see that this server obviously is registered to  someone who is one of the CDS makers/sellers and who is also coding a  friends widget on igoogle.
  26.  
  27. However: This CDS System does not seem  to scan any hdd at the moment. It does not seem to be able to detect  installed bad viewers that are not being used currently. It does not  seem to be able to recognize alts.
  28.  
  29. All that this system does is  asking "what kind of viewer are you"? and if Mr. Scriptkiddie just has  installed Neil's "famous" copyviewer or something like that, the viewer  will answer "I am bad hax0r Viewer!!". And within Seconds, this Ava is  being banned from the sim.
  30.  
  31.  
  32. But if the viewer answers "I am an  ordinary 1.23.5 official Second Life Viewer" or "I am an Emerald  viewer", this Relay System just says "please come in, you are fine".
  33.  
  34. And  since the Viewer is OpenSource, all a criminal copier has to do is  changing the viewer signature to something official and recompile his  viewer. Or he just links those servers to 127.0.0.1 in his host file,  because the system can not ban all nonresponding agents - could just be a  bad connection...
  35.  
  36. So this CDS ban relay protection is just a  minimum protection. It just works against those dudes, that have wirtten  a "HA! I AM  ROBBING YOU" right on her forehead with a reddish pink  permanent marker before trying to loot other's pockets
  37.  
  38. To me,  paying about 8400 L$ or 30 US$ per year for this kind of protection  seems like wasting 30US$, but this is a decsion everyone must make on  his own.
  39.  
  40.  
  41. And yes, theoretically it is possible, that this  somehow hidden connections (they do not really interfere with ordinary  land video stream) could be used to break into other's computers using  one or another quicktime exploit (and there still are some...), using  "special" streams. Potentially dangerous, since there are probably  hundreds of this relays in the wild already. Hundreds of relays that  cause all viewers to connect to media.syscast.net and to  apache2-blow.port-au-prince.dreamhost.com automatically and to  communicate with that servers.
  42.  
  43. But to say it again: To me this  seems NOT to be the case right now. To me it seems this is system just a  database with browser signatures at the moment. Right now, this is not  more than a "What Browser are you?"... and if you know Firefox User  Agent Switcher, you know how reliable this information could be...
  44. Report Abuse
create new paste | create new version of this paste RAW Paste Data