RedZone Partially Broken

14 02 2011

As the GreenZone blog reported yesterday, the mobile alt scanner HUD in Redzone is broken. This from disgruntled spyware operators in the RedZone forum:

Rok wrote:
.Due to SOOooo Much drama created by griefers (Most of whom are banned), zRZ HUD alt scanning function will be disabled in-world for today. 2-12-11
Until reasonable security limits are put in place to disallow abuse. Apologies for the inconvenience.

im usually not the one to say it, but .. we should have been informed first.not just deactivate functions without prior warning.not cool …

Now we don’t know what part of the current maelstrom of protest by ordinary second life users caused this. Nor do we know of anyone who has been banned for such action (but we know zFire is a fibber). However, not so obvious is that RedZones all over the grid remain broken after zFire attempted to avoid the gaping security hole in his software we pointed out here.

Yesterday zFire released a new version of his software with a rushed out attempt to fix his clueless encryption. Sadly he did not test this very well. My first hint that something was broken was when I wandered a few sims that had been polluted with RedZone just last week. Try as I might, I could not seem to get scanned! I kept network monitors on, but there was simply no suspicious traffic at all.

A frantic search of 11 sims eventually turned up one that managed to scan me. Although just once, and I could not coax it into doing so again.

This support request seems to explain the problem. RedZone bones are remote monitoring prims that extend the range of a RedZone device beyond the normal 96 metre scan limit.

This from the RedZone forums shows why:

Unfortunately the bone is still not scanning, it is running and I can control the main unit with it, but it does not seem to detect avatars near it.

1. I put the scripts for the main unit into my prim
2. Deeded the object
3. Activated it
4. Rezzed a bone, and moved to a location in the same sim without taking into my inventory

Not sure if I have done things in the wrong order, or there is something actually wrong
webspinner
 

by zFire Xue » Mon Feb 14, 2011 3:17 am

Yes I need to fix the bone.

So it looks like you have to be close to a RedZone device to be scanned right now.

Don’t let your guard down. This problem will be fixed.

Not a good week for RedZone though

Advertisements

Actions

Information

8 responses

14 02 2011
zFire Xue

More bull from you.
RedZone is not broken, there was never any security hole.
I disabled zRZ HUDs because I needed to catch up on responding to questions and concerns. Are you claiming someone made me disable it? Or are you claiming the zRZ HUD had a security hole? Do explain. I would love to see what pictures and info you come up with on that one.
The RedZone still scans full sim. How would you know if you where scanned? =) You wouldn’t.

16 02 2011
Rooted

Nice error message when your server goes off line ZFire. Really gets to the ‘root’ of your security complacency.
No one like you should be allowed near anyone’s data.

16 02 2011
no2redzone

Hehe! Yes you noticed that one too.

To be honest, it only goes downhill from there!

14 02 2011
no2redzone

You really ought to try reading before opening your mouth. Look at what I said:

Now we don’t know what part of the current maelstrom of protest by ordinary second life users caused this.

As you know, the security hole lay in the hopelessly naïve way you put you accepted updates to your database. The proof of the seriousness of that problem is found in that:

1. You deleted all evidence from your forums that such a problem existed until you could deny it no longer; and
2. You rushed out an update to your software so quickly that people had not even updated the previous version before your new “fixed”[sic] version had to be rolled out.

By the way, I know you are not in a mood to thank me for the free security consultancy. Nevertheless you are welcome.

Now if you would just agree to make software that was legal, I would happily help you make it better still.

As for scanning full sims: something seems to be wrong on a large number of previously working RedZone sims. But I know you don’t like people knowing about the shortcomings of your software so you won’t admit it.

How would I know if I was scanned? Well to be honest, at this point I would be extremely surprised if I did not know. As I know rather more than you about security software, I think I would know.

Ah… but maybe you mean how would I know if my avatar was the subject of an lsl sensor which reported back from the sim server? Of course, I neither know nor care about that. Any Tom Dick or Harry can scan for avatars. What those sims are NOT doing is trying to exploit my parcel media (or any other such security hole) to make me send back packets to you with my IP address.

Oh well. Shouldn’t you be fixing your bones?

15 02 2011
Karen

“Oh well. Shouldn’t you be fixing your bones?”

15 02 2011
sezso

QUOTE:

I disabled zRZ HUDs because I needed to catch up on responding to questions and concerns.

——————————————————

So this shutdown was to create even more questions and concerns? hmmm.

15 02 2011
no2redzone

I love it, Karen 🙂

16 02 2011
Rooted

no2redzone
Re:You noticed that one too.

I sure did, and keep in mind that I am a techno-idiot with only the vaguest, novice level awareness and clue about these kinds of things. For me to notice and have a clue what that meant, it is really chilling to think someone who does not know better has our data (and it certainly is our data, however much of a right others might feel they have to it).

Thanks to people like you who do care about privacy and security, I understand much more about RZ than I could have understood by myself, and it does worry me a lot.

Thanks for your informative efforts on the wider SL community’s behalf.




%d bloggers like this: