Theia Magic

Again, I don't think you're being paranoid at all. I find myself doing the exact same thing and researching every 'odd' looking media request that pops up.

We sort have to, this is all a bit new to us. We don't know what's 'safe' and what's not, and the only way we're going to learn is by asking questions and investigating.

__________________
⊱ღ One Big Blond Moment ღ⊰

Theia's Blog✔

Inara Pey

As per my earlier comment...and to add to it, if those with the technical understanding can give a step-by-step outline of what *typically* to look for (is it just "&", as Lloyd comments?), and the like, will happily add as much to any upcoming tutorial(s).

__________________

Kara Spengler

So somehow internet anonymizers will all just go away when people will want them more than ever?

Sione

DON'T USE THAT IT IS NOT SAFE

It's easily exploitable and will give you a false sense of security. It is being worked on right this minute.

Inhandra

I'm getting excited to see this patch going into a V2. The moment it hits an in-dev Snowstorm build, I know it'll be going into Kirstens. YAY!

Argent Stonecutter

I don't think that's the same guy, the Elf I'm thinking of has his own sandbox, and it's "inspired by" Ringworld Engineers. I can see Niven freaking out about it, but there's no actual Niven characters or species in it.

Also, Niven fails biology forever all over the place. Not that it stops me from enjoying his books. And I wish he'd written "Down in Flames" for real.

__________________
Argent Stonecutter -- Skyhook Station -- Coonspiracy Store

"And now I'm going to show you something really cool."


The previous is a cybernetic datum published - in direct contravention of DoD Regulation #229RR3X3 - as being conducive to the physical, psychological and/or social well-being of the population.

Lloyd Newman

Where did I say that "anonymizers will all just go away"? I don't think there's anything in IPv6 that prevent them from working, if they're coded properly. IPv6 has been around for TWELVE YEARS... the only reason it's higher profile NOW is that we ran out of IPv4 addresses in February.

Kara Spengler

Hmm, maybe using an alt to scout the terrain for you? If the stream sounds valid whitelist it on your main. If the stream is bad they have the ip of your alt but not you.

But if the stream changes and it is not a DJ handoff ... blacklist time!

Tonya Souther

Sione's right, of course, but I will add that if you put it in the blacklist or whitelist, it'll work just as expected. The problem is in what might happen if multiple requests are received too fast; answering the confirmation dialog might result in the wrong URL being allowed or denied.

Walker

Thank goodness I've got all the domains that bother me in my hosts file.

It was interesting to see what was being passed to RedZone really, and how fucking weak zFire's "encryption" is. Encyption in quotes because it's about as difficult to decipher as ROT13.

bronxelf

I'm so glad we use a single club stream.

(I have my own personal stream as well, but I use the club's stream when Im in there at the same time)

Sling Trebuchet

It is convenient for such a server operator to have a process to parse incoming requests with which to feed the database.
If it were believed that significant numbers of people were avoiding such URLs then it would be possible to encode a URL that did not have a query.
The supposed stream need not exist. The request for the 'invalid' URL may be picked up and parsed for the information encoded into it.
The IP-tracking 'stream' directed at the avatar may be replaced by an innocent actual stream after a short delay.


In any case, how on earth are people in general meant to know if a stream is safe or not?
It's not as if some process can examine a URL and determine that it is used for IP-tracking, much as one could examine website to determine if it contains or links to malware.

URL blacklists generated by activists are problematical
Some of it is guesswork
TO be effective for the community at large, there has to be (1) a way of making (nearly) everybody aware of the need for them and (2) a way of distributing them.


If such systems begin to use distributed and changing servers, then it's constant whack-a-mole. Domains are not expensive.
A change in domain for the same server won't be picked up by a URL list.
Known IPs would have to be monitored for what they are hosting.


The most sensible approach would be to monitor the sales and distribution channels for such services.
How could such a service gain sufficiently wide coverage and still remain a secret?

zFire has a problem with taking RZ off-world. If he distributes open scripts, he's totally screwed once the 'right' wrong people get them.
If he distributes NoMod scripts or objects, they are exposed to LL nuking in the asset servers.

__________________
Violation of your Data Privacy via the SL viewer and in-world objects within LL's control.
Please READ on this issue - It's not over! https://jira.secondlife.com/browse/VWR-24746
Second Life - "Your World, Some Random Nutter's Database."
!quit

Lloyd Newman

If I can ever figure out my software and get good enough at it... I'm gonna have a one-off Pierson's Puppeteer AV. Probably my favorite alien in all of SF.

Tonya Souther

Hm. Yes and no. How much intelligence does it take to sneak up on a leaf?

Casey Pelous

?? Can you explain more?

__________________
"I am not more than a lossy Human being, and think that we all are equals..." - Wasted Engineer

"Casey, I've already established that you have no idea what you are talking about." - Perphides

Lloyd Newman

How're your ribs?

Scylla Rhiadra

How? By contaminating the database?

Sione

Also about the parameters. Some SL TV's do use them for legitimate reasons. That being said, they should all use the same domain anyway and you should whitelist it.

Psyke Phaeton

The main aim of the bad people is to send information about you to their server. Therefore the longer the URL the more chance it contains your information.

For example:

http://111.111.111.111:8000/music

doesn't obviously contain any extra information that looks like it might be data about you. But

http://111.111.111.111:8000/music?id=123

becomes more suspicious. Is 123 a way of tracking you or is 123 a music selection from a larger collection? We don't know.

http://111.111.111.111:8000/music?m=2342hdd922adattaaaa8syd7stdfssfff&x=122dgf r
or
http://111.111.111.111:8000/music/2342hdd922adattaaaa8syd7stdfssfff

become even more suspicious. What is that data on the end of these?

You arent looking for ? and & but long strings of letters and symbols which might be obscuring data about you.

The longer the sequence of the URL after the first single / the more information it is potentially sending and therefore the more suspicious you should become.

If I look at the current URL for my post I am doing I see:

http://www.sluniverse.com/php/vb/newreply.php?do=newreply&p=1175291

This data on the end makes sense. I am doing a new reply and the post is number 1175291. I can therefore trust this. If I go to YouTube and play a video I see..

http://www.youtube.com/watch?v=NLmsiaN5dZM&feature=topvideos

This makes sense also. I am playing video NLmsiaN5dZM and I used the feature topvideos.

The question you ask is a) Is the length of the URL suspiciously long and b) Does data in the URL make sense or does it look suspiciously obscured.

Note: Use this post how ever you wish.

__________________

Sling Trebuchet

An anagram of "elf penis" is "feel nips".

"Flee snip" works too if an elf notices that a woman is holding scissors behind her back.

Kara Spengler

Saying all bad streams have a "&" gives you a false sense of security too since many web servers allow you to encode parameters in a virtual path. So the "&" would never exist.

edit: Or just put everything in one parameter so you only need the "?" and no "&".

Lloyd Newman

Psyke's post above goes into more detail... basically, "&" is an indication that information is being passed BACK to the URL in question.

Why would that be necessary for a legitimate media stream?

Argent Stonecutter

Have you read the new series, with Lerner? One of his better collaboration partners.

I've really been enjoying watching the Man-Kzin wars series throw Niven's biology snafus into sharp relief by trying to retcon them.

Walker

Because some media systems allow you to select different videos/music tracks, and query strings are a valid way of requesting customized data from a server.

ETA: Most obvious example: http://www.youtube.com/watch?v=ToPfT449jks

bronxelf

Simply because there's been SO many screencaps and I don't know who has what- can anyone shoot me the cap of where zF claims *HE* pulled RZ down from Marketplace the first time (with permission to publish it elsewhere)? If so, can you just send me a PM? Tankooooo.

(yes, I know Im on a deadline. Im writing, Im writing.)