[e-lang] [Fwd: Intermetaverse group in Second Life]
Martin Scheffler
martinscheffler at googlemail.com
Sun Feb 4 03:15:25 CST 2007
Re grey goo:
I think this attack could be prevented by some kind of pay-per-prim
scheme. (prims = primitives, the basic building block in second life)
For example each user collected to a server gets a 100 prim bucks. To
add a prim to the simulation, the user has to spend a number of prim
bucks. Prices for adding prims go up with the number of prims in the
simulation. When a single user does not have enough money to create
enough prims to kill the simulation, the grey goo attack is
impossible.
This could all run behind the scenes, a user would only get an error
message when he spent all his prim bucks.
There are a number of other security problems in SL that "griefers" can exploit:
Pushing: By applying a force on an avatar, the avatar can be shoved
away or even into orbit. This can be prevented by sitting on an
object.
Caging: An avatar is caught in a cage that blocks his movements. This
can be "solved" by sitting on an object and moving the object around.
Crowding(?): Scripting a number of objects to follow around an avatar.
For example a big rain cloud that goes wherever the avatar goes. This
probably only works on servers that allow adding objects to the scene.
The infamous penis attack
(http://www.boingboing.net/2006/12/21/second_life_griefers.html) was
probably done on land where creating objects was not enabled. I
imagine the penises are actually a part of the avatar of the attacker
- it is possible to spawn objects in a radius of 16 meters). Solution:
I guess the land owner could have ejected and banned the griefer from
the land.
The pushing and caging attacks could be prevented in a capability
system by simply revoking the right to apply a force to the avatar. I
don't know about the crowding attacks though. Totally disallowing
creation of objects on a server is not possible because the avatars
rely on that function to customize their looks.
Here's another nice article, including identity theft:
http://www.secretlair.com/index.php?/clickableculture/entry/second_life_griefers_set_big_brother_ablaze/
The Second Life Anti-Griefing Guild (SLAGG):
http://community.livejournal.com/slagg/
Martin
More information about the e-lang
mailing list