Exploit reporting stats

By Catherine Winters | Published: August 15, 2006

On the Linden Blog, Brent Linden discusses the experimental exploit-reporting system launched in the wake of Cristiano Midnight’s discovery of (and subsequent suspension for publicizing) an exploit in which it was possible for any user to do Very Bad Things.

Under the experimental system, Brent is now paged every time someone used the SL bug report tool (Help > Report Bug) to report a bug flagged with “Exploit”. However, as he notes:

Since introducing the new Exploit hotline to Brent Linden, we’ve gotten 55 bugs marked ‘Exploit’ and only 6 have actually been issues considered exploits.

He goes on to list some of the examples of reports that Linden most definitely does not consider worth waking him up at 3am. Interestingly, a couple seem to actually be the result of honest confusion about a difficult-to-use feature, and not just ignorance on the part of the senders: “It says my parcel is full! 367/367 prims! This is an exploit, right?”

Ezhar Fairlight, Close Personal Friend to the management here at Omega Point, contributed this bit of smartassery:

So what you are saying is that whenever somebody files a bugreport under the category “exploit” you get alerted immediately? Isn’t that exploitable by itself? It leaves you vulnerable to a DoS attack on your sleep and thus your work performance. You should fix that exploit. Shall I file an exploit report about it? :)

Yes, good work, Ezhar. That will undoubtedly be much appreciated.

Related posts:

  1. Sally Linden on the “Residents” statistic
This entry was posted in Second Life. Bookmark the permalink. Both comments and trackbacks are currently closed.

6 Comments

  1. Talila Liu
    Posted August 15, 2006 at 5:13 pm | Permalink
  2. Talila Liu
    Posted August 15, 2006 at 5:13 pm | Permalink

    Erm yah, that didn’t work…

  3. Catherine Omega
    Posted August 15, 2006 at 6:30 pm | Permalink

    Talila, you’re doing it wrong!

  4. Brent Linden
    Posted August 15, 2006 at 8:47 pm | Permalink

    I sure love trackbacks, especially when they help educate (and help protect my beauty sleep)! Thanks for blogging about this, Catherine!

    I’m planning a blog on permissions and how they work (including nasty container permissions and next-owner madness). I was thinking about doing a class inworld, but this seems more scalable.

  5. Talila Liu
    Posted August 15, 2006 at 8:49 pm | Permalink

    I know I can’t type a stupid Emoticon Heart :( Cry *Heart Ezhar*

  6. Andy Tir
    Posted November 1, 2006 at 8:45 am | Permalink

    Ahem, reading this out and then following the rest via googling, going through stuff http://blog.secondlife.com/2006/08/14/when-an-exploit-isnt-an-exploit/ … Ahem, but Linden Labs were wong in first place — they didn’t put security bug reporting policy in first place, something like Mozilla does for years http://www.mozilla.org/projects/security/security-bugs-policy.html … Oh, yeah, they were busy…