Friday, March 11, 2011

Change your password!

I Don't know how many of you watched the phoenix office hours when they announced their release of the media filter feature, but In it they state that they are neutral to redzone, I've always been suspicious of phoenix viewer and Don't use it myself, due to all the fiasco's that happened with Emerald and the retaining of the devs who didn't have their reputation spoiled by the emerald incident, So I've always been cautious about phoenix, So I haven't been considering it for use. anyhow did you feel their statements were neutral? while the speech was made to seem neutral I don't know if the tone was neutral throughout the speech made with stuff like Greenzone attacking redzone users. Greenzone is not an attack group but a protest group so when watching it with friends, I did have some nasty things to say but kept it to myself, however at the end of the speech and the Q&A on phoenix's media filter, they stated that they would be posting further info on the phoenix Blog at http://www.phoenixviewer.com/ there is a post titled "Media Filter" Dated Tue, 08 Mar 2011 that has a statement like this:

"""
I would kindly ask you to not discuss the Redzone debate in our in world support groups or contact our support people in its regard as it cripples our ability to provide support to our users who need it and has nothing to do with our project. Instead, discussions about Redzone should be taken to the Redzone Forums here:http://isellsl.ath.cx/madsci/forum/viewforum.php?f=8&sid=f38c40179f37209231be6a3f63c254eb.
"""

while It's not the intent to criticize phoenix in this blog post unfortunately some needs to be said, back when it was called Emerald I had suggested on their forums adding a media filter support and had to deal with trolls as a result. but the above statement, linking to the ISellSL forums and saying take the discussion here.... that was either Malicious or stupid and suggesting to take the discussion there kind of circumvents a good reason to have the media filter, but anyhow as said before the target of this blog post is not phoenix so I will not go into further detail about it, however when I first discovered redzone, I contacted theBoris Gothly and asked some questions about it as though a potential customer to confirm my suspicions, and then told him that it was a violation of privacy law, he got pissed off and after a while suggested I take it up with a rigged privacy poll they had at the same time, I stated I knew better than to sign up for your forums and why which lead to more bickering and cutting off the conversation but I always found it kind of suspicious that he was so up front about getting me to sign up for their forums to hit their privacy poll...

onto the next subject, back when emerald engaged in datamining they had linked the alt accounts of users within their own database along with IP's and some additional info, While I don't exactly like Alphaville, you can see a list of usernames that they had gathered information on(stripped of the info of course) here:

http://alphavilleherald.com/2010/05/emerald-devs-modular-systems-data-mine-tracks-16740-avatars.html

hit ctrl F if your browser doesn't flip out from huge name list and freeze and search for a name you know or a friend you may be concerned about but look at this too, search for linden, they've gathered data on the Lindens too, while Lindens can make themselves invisible to scripts, this isn't an always on functionality as they have managed to gather up info on various lindens

Well now as of Late and onto the point.... I got another link the other night:

http://no2redzone.wordpress.com/2011/03/10/zfire-xue-admits-he-hacks-sl-accounts/

give it a read through, this is exactly why I thought it would be stupid to sign up for an account on his forums, apparently one of those videos you can only display to certain people on youtube, or something of the like was discovered where zfire xue states something about getting into SL accounts.... but onto the point, it's his forum, whatever info you submit, can be viewed by zFire Xue, this includes IP address Forum Username password and anything else you submit, essentially you can sign up with a different name on the forums, and have it linked up to the IP redzone has logged, also apparently according to no2redzone blog zfire xue has been keeping record of the password his forum users use, and passwords that they have incorrectly typed in(we all know some people accidentally enter the wrong password on the wrong service), this way he can harvest the passwords of not only users who re-use passwords between many services, but also people who keep track of many passwords and occasionally enter the wrong one in the wrong service, or enter several passwords until they use the one they signed up for that service with.

what phoenix did, suggesting the argument goes to his forum, its really stupid, and anyone who took the advice, just the same, but now also I think if any redzone users have their secondlife accounts broken into, it serves them right, but with that all said, if there is password theft going on as suggested by no2redzone, how long do you think its going to be until he gets a linden detected by his redzone? bet lindens have alternate accounts, and I bet some of them use the same password between their home account and their work account, and login from both accounts at their home, now think of this, the Lindens on their off hours are like everyone else, hell some probably spend their time in SL doing what everyone else does, and some may even use the forums on the ISellSL website. Honestly, I think with Linden Labs turning their head up at the redzone issue by not banning zFire xue and theBoris Gothly, and the few others who have created spyware services like them, I think it's only a matter of time until someone gains administrative access who shouldnt have it, and I say this from personal experience. when setting up a network for a school 90% of the users of that network, used the same password in regards to every account it involved, and 90% of those users had obvious and easy to guess passwords, hell some users even had the same password with the teachers using obvious school supply related passwords.

Moral of the story...
Use a different password for everything! If you Accidentally type a password you use for something else into the wrong service, consider your account compromised and change your password!




EDIT:
Just got this link thought maybe everyone reading this should see:
http://alphavilleherald.com/2011/03/zf-redzone-security-breached-sl-passwords-compromised.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+AlphavilleHerald+%28Alphaville+Herald%29

EDIT+:
From:https://jira.secondlife.com/browse/VWR-24746?
WARNING:Potentially dangerous URL below
Google cache of "Knights of Mars" FAQ page: http://webcache.googleusercontent.com/search?q=cache:uhxAnqgoaDwJ:knightsofmars.com/kom/faq.php+knights+of+mars+faq&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com Note second item where it admits it violates SL TOS.

Now check out this photo of an error on that site: http://www.sluniverse.com/php/vb/attachments/general-sl-discussion/18823d1299953237-redzone-epic-thread-part-deux-zfirekom.jpg Note isellSL domain, which is also the host for RedZone.

@Unya Tigerfish - There's your confession.

EDIT++: added Note "Knights of Mars" URL is potentially dangerous
Kinda makes me wonder if zfire xue has already intruded on a linden account

No comments:

Post a Comment