Oskar Linden: “Let’s talk about Monday. So, as you all are more than well aware, some of the tools in the experience tools project on Magnum got abused over the weekend (week 22). Monday morning (week 23) was pretty much fire drills all day. I rolled out of bed and logged in and BAM, even before my coffee.
We do take active griefing vectors seriously. [We] determined a fix for the issue. We got it tested and deployed Monday afternoon. The griefing exploit was unintentional.
The exp tools project was removed from the [release channel] grid this week. It lost its slot on Magnum [RC]because of other security issues, those that were addressed in this meeting actually. I want to thank all of you for the feedback you gave to Huseby last week.”
In a previous meeting a number of users brought up questions to Huseby Linden about how some misuses of the Advanced Creator/Experience Tools might create problems.
This exploit was possible because a permissions restriction within the features failed. It did not work as the Lindens expected. Oskar says, “We’re updating the test plans and the code to more precisely test these cases.”
Kelly Linden has already improved the logging from Advanced Creator/Experience Tools teleports. This was an immediately apparent deficiency revealed by the griefer attacks. We could not tell who or what was teleporting us. So, we could not mute or block it.
Kelly says, “If you get teleported it will tell you the name of the owner of the object that teleported you.”
Coyot Linden said this about emergency roll outs:
“Just to say this about these kinds of emergency rolls:
- We only do it when we have to
- We generally do it for you – to stop griefers and the like
- There is a price: everyone gets set back a week
- Except the one [package/project] that failed (EXP) which is likely to get set back at least two or three weeks.
Failed packages/projects have to go back to the drawing board and start the QA process from scratch. This does NOT mean all the code is trashed and rewritten. It means the base ideas and thinking about the project are reconsidered and adjusted. Then the existing code for the project is modified for the new ideas and thinking learned from the failed experience. Then the code passes through the entire QA process again.
Some people tried to find out if people got banned for the griefer attacks. The Lindens won’t comment on that subject. We can assume some accounts were closed. But, we’ll never know for sure.