Sunday, August 22, 2010

Alleged DoS Attack by Emerald, Development Team Member Resigns - UPDATE: Emerald Removed from Linden Labs' Third Party Directory Page

In recent days, Modular Systems, the developers of the popular Emerald Viewer, has come under the spotlight. Last week, one of their team, LordGrerGreg, resigned, citing abuses by the team, notably slipping in code that made the viewer vulnerable to intrusion, “Emerald is no longer what it was to me. I have been dedicating ... my time to the project for nearly two years now, and it’s been difficult to see it go the way it has.”

This news got less attention after a few days when Qarl Fizz, the former Qarl Linden, joined the team. With Qarl’s impressive resume, one of Second Life’s more enthusiastic supporters on the Linden Team and having worked on big-budget movies, this helped Modular System’s claim that LordGregGreg was simply a “minor ex-developer” whom had been unable to agree with his teammates, “You can be assured that Emerald will maintain it’s high standard of integrity, honesty and ethics that have contributed to it’s development.”

Then on August 20, news spread about the website of a rival viewer getting shut down because of action by Emerald viewer’s makers. People began charging Modular Systems of engaging in a Denial of Service attack, involving everyone online whom was using their viewer by using vulnerabilities in the code to make the unaware users’ computers part of the attack. Such a move would be clearly be a violation not just against the terms of service of just about every Internet service provider, but also against the law. Wikipedia stated, “they can be a serious federal crime under the National Information Infrastructure Protection Act of 1996 with penalties that include years of imprisonment.”

Modular Systems admitted to “shenanigans” on “a blog owned by a creator of a malicious viewer,” by denied they did such a move, “The method for doing this was to add links to the Emerald log in page linked to said blog. Each time anyone logged in, our page loaded up and also the other page loaded up – simply to show off our volume of traffic. This was not a DDoS. This was a poor attempt at boasting that failed miserably. Once we discovered this, these links were deleted and the dev concerned was disciplined.”

Today on Sunday August 22, Fractured Crystal made an announcement on the Modular Systems blog, admitting to supporting the code that made Emerald vulnerable and calling what happened on “this most recent incident” the result of tinkering with the viewer due to boredom and then forgetting about it.

Fractured Crystal had been scheduled, along with Emerald teammate Arabella Steadman, on the treet.tv show Tonight Live this evening at 6 PM SL time.

Events concerning Emerald have been developing quite rapidly. Second Life Newser postponed writing about earlier developments either due to time constraints or waiting for more news.

* * * * * * * *

UPDATE: Checking Linden Labs' Third Party Directory, Emerald is gone from the list.

Bixyl Shuftan

3 comments:

  1. Several people were very helpful in voulenteering links and sites they came across. Thank you.

    ReplyDelete
  2. I am sure that once the new team takes over and gets settled in, Emerald will returned to the TPV approved list, after they re-certify

    ReplyDelete
  3. they have made the requested adjustments and should be on soon

    ReplyDelete