Exploit reporting stats

Posted by & filed under Second Life.

On the Linden Blog, Brent Linden discusses the experimental exploit-reporting system launched in the wake of Cristiano Midnight’s discovery of (and subsequent suspension for publicizing) an exploit in which it was possible for any user to do Very Bad Things.

Under the experimental system, Brent is now paged every time someone used the SL bug report tool (Help > Report Bug) to report a bug flagged with “Exploit”. However, as he notes:

Since introducing the new Exploit hotline to Brent Linden, we’ve gotten 55 bugs marked ‘Exploit’ and only 6 have actually been issues considered exploits.

He goes on to list some of the examples of reports that Linden most definitely does not consider worth waking him up at 3am. Interestingly, a couple seem to actually be the result of honest confusion about a difficult-to-use feature, and not just ignorance on the part of the senders: “It says my parcel is full! 367/367 prims! This is an exploit, right?”

Ezhar Fairlight, Close Personal Friend to the management here at Omega Point, contributed this bit of smartassery:

So what you are saying is that whenever somebody files a bugreport under the category “exploit” you get alerted immediately? Isn’t that exploitable by itself? It leaves you vulnerable to a DoS attack on your sleep and thus your work performance. You should fix that exploit. Shall I file an exploit report about it? :)

Yes, good work, Ezhar. That will undoubtedly be much appreciated.

6 Responses to “Exploit reporting stats”

  1. Brent Linden

    I sure love trackbacks, especially when they help educate (and help protect my beauty sleep)! Thanks for blogging about this, Catherine!

    I’m planning a blog on permissions and how they work (including nasty container permissions and next-owner madness). I was thinking about doing a class inworld, but this seems more scalable.

  2. Talila Liu

    I know I can’t type a stupid Emoticon Heart :( Cry *Heart Ezhar*