zFire Xue Admits He Hacks SL Accounts

10 03 2011

An anonymous comment on this blog was too good to leave buried in the comments. Everyone take a look at this quickly, because as soon as zFire Xue spots this he will take the link down. Take copies if you can.

Youtube Video of zFire Xue Admitting to Hacking SL Accounts

In this video zFire Xue (the man behind the avatar) tells his girlfriend about a special HUD he has made her which has all the usual (now banned) features of RedZone in it for alt detection, geolocation etc. But also, it shows that he harvests possible Second Life passwords of the users of his website. They log in there with real SL names and sometimes type their SL password out of habit. zFire collects these passwords it seems, and this hud shows them for any user.

The key bit is where zFire says that in his tests he has found they sometimes indeed use SL passwords by accident.

zFire admits in this video to hacking the SL accounts of some of his customers.

Edit: Some people are asking how we know this is the real zFire as this was posted anonymously without evidence. Take a look at this video of the real zFire (Mike) and see if you agree that the voice and face in the video look the same.

Edit 2: Here is the transcript for anyone with difficulty accessing video. Thanks to people at SLUniverse for typing it up:

This webpage will let you look up basic information about a person at isellsl, as well as if and when they joined isellsl, if they own a RedZone, if they’re on anybody’s RedZone’s safe list, and if they ever got a RedZone demo… which those three things are more useful for me.

What’s useful for you is that this website will also predict people’s Second Life passwords. Now you know how that’s done? It does that based on incorrect passwords that they enter. A lot of times out of habit people of course enter their Second Life username and by habit enter their Second Life password occasionally.

All of the incorrect passwords that they’ve ever entered will be visible. Not everybody has one. Many of them do and in my tests many people have indeed entered their Second Life passwords. So that’s here.

A little useful thing I am also going to make it display are people’s real world locations. For us only, that will be very interesting. Nobody else can access this page at all; only me and ze. Anyway that is all for now. I do have another page I’m gonna make for you. But here’s this one for now.

Advertisements

Actions

Information

23 responses

10 03 2011
Florimel Enderfield

And the provenance of this video is?

We know that zFire does some stupid stuff, but that video seems to be too convenient.

10 03 2011
no2redzone

When he takes it down, this will provide evidence it is him.

Also anyone who has seen him RL should recognise him I think.

10 03 2011
Florimel Enderfield

Just went back to the video. The date it was uploaded is Aug 3, 2010. That’s old enough to be rather damning since it’s well before JIRA VWR-24746.

In any case, have a nice convenient download of the video sitting on my computer right now.

MD5 checksum of downloaded video is
0a948496a70bbd9f9de687c97d942077

Recording MD5 so if need to demonstrate, can show that I haven’t altered the file between now and whenever update/transmit to desired destination.

10 03 2011
no2redzone

Good idea Florimel, thanks.

10 03 2011
Redzone ate my hamster

So where are we having the party to celebrate the removal of zFire Xue from SL?

10 03 2011
Unya Tigerfish

And zFire removed it πŸ˜€

10 03 2011
Anastasia

And someone put it back up …. πŸ™‚

10 03 2011
Florimel Enderfield

Nice job Anastasia.

Unfortunately, it seems that either the video has gone through double compression, or that youtube is now doing a much better job of compression than it used to do.

Size of original video when I downloaded it is 16,371,096 bytes. The newly uploaded video is 6,201,606 bytes.

Having viewed both videos, I will state that the words spoken are exactly the same.

10 03 2011
OsamaBinLaden

Video is downloaded with FreeMake Video Downloader with default settings. I have no idea if it do any compression. Then uploaded again to YouTube. I don’t know it that upload adds any extra compression either. There is absolutely no alteration done by me!

10 03 2011
Wowlie Fowlie

Each person who reads this should be AR’ing zFire and pointing at this post, the video of him, and the new video, and specifically stating in the AR that this person has collected information about you and has stated that he will hack your account and/or reveal your RL location to another person.

10 03 2011
dejah

How do we AR him? I’d be happy to

10 03 2011
Wowlie Fowlie

Help->Report Abuse (in-game)

10 03 2011
dejah

Yes but that asks for location and other things that realy do not apply to somehting found on the web.

10 03 2011
Wowlie Fowlie

in the “location” field paste the URL of this post… no location is needed. Also put this post and supporting information in the body.

10 03 2011
Monkies

Before:

After:

10 03 2011
Monkies

Before:

After:

10 03 2011
Theia Magic

Thanks to Anastasia for reposting the video πŸ™‚

Just as no2redzone predicted, zFire deleted the video as soon as he woke up and saw it. Like we didn’t all see that coming, right?

His arrogance has been his continued downfall through all of this. It’s like the old saying- give a fool enough rope and they eventually hang themselves.

10 03 2011
Itazura

Please, everyone AR him until a Linden who knows what they are looking for can look at his account. LL keeps a record and can see each and every session you log into by IP, mac and volume serial all the way to the very first day you logged in. It is NOT that difficult for them to see if zFire has some sessions where he is “mysteriously” connected to some accounts by all three methods he should otherwise have no connection to.

They can then just as easily check THOSE accounts to see if they suddenly logged in from someplace halfway across the globe (aka zFire’s computer) for no apparent reason. An anomaly like that is NOT difficult for them to spot because unlike zFire, when it comes to tracking alts and hacked accounts, LL ACTUALLY KNOWS WHAT THEY ARE DOING!

10 03 2011
10 03 2011
Osama Bin Linden

10 03 2011
no2redzone

Thanks for all the comments and sorry I have not answered individually.

Evidence that this video is indeed zFire Mike is found in his own actions. The video – on youtube since august was ripped down today. Ok sure, that could be some elaborate hoax. But why did Mike also pull down all his youtube channels at the same time? That is the action of someone who knows he is guilty. I have a copy of both videos I linked to here. I just have to work out how to get them on youtube – not a site I ever used before!

And anyone saying “he doesn’t know how to use youtube?” … hey, I am a geek. I don;t have friends to share with πŸ˜‰ Or if I do, we do it with UUCP over a network made only from barbed wire fencing just for the fun of it.

11 03 2011
13 03 2011
Privacy War in SL *updated 3/13* « Acoustic Alchemy in Second Life

[…] – Hack or Cover-Up, zFire Xue admits to hacking SL accounts, followup […]




%d bloggers like this: