Difference between revisions of "Security issues"

From Second Life Wiki
Jump to navigation Jump to search
(→‎Filing issues: Added necessary link)
m (Redirect to updated & maintained KB page)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Help|BugFixes=*|Misc=*}}
{{#Widget:Redirect|url=/knowledgebase/english/how-to-report-a-bug-r224/#Section__2}}
 
<noinclude>{{Help|BugFixes=*|Misc=*}}</noinclude>


Issues pertaining to the security of Second Life should be sent to Linden Lab via special mechanism described below.  Please help us keep Second Life secure by ensuring that possible security exploits aren't broadly advertised before a fix is available.
Issues pertaining to the security of Second Life should be sent to Linden Lab via special mechanism described below.  Please help us keep Second Life secure by ensuring that possible security exploits aren't broadly advertised before a fix is available.
Line 12: Line 14:
'''When reporting an exploit, please provide as much detail as possible''', Including the environment used (e.g. Windows XP Service Pack 2, Nvidia 6800 etc ) and the complete reproduction case. Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified.  Please report issues as soon as they are discovered!
'''When reporting an exploit, please provide as much detail as possible''', Including the environment used (e.g. Windows XP Service Pack 2, Nvidia 6800 etc ) and the complete reproduction case. Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified.  Please report issues as soon as they are discovered!


== Filing issues ==
'''Filing issues'''


There are two ways to file security reports:
There are two ways to file security reports:
*  In the SEC project on [http://jira.secondlife.com jira.secondlife.com] (PREFERRED). It's '''VERY IMPORTANT''' that you file issues in the SEC project, which is the only project set up so that only the reporter and Linden Lab can view the issue.
*  In the SEC project on [http://jira.secondlife.com jira.secondlife.com] (PREFERRED). It's '''VERY IMPORTANT''' that you file issues in the SEC project, which is the only project set up so that only the reporter and Linden Lab can view the issue.
*  Via email:  [mailto:security@lindenlab.com security@lindenlab.com]  
*  Via email:  [mailto:security@lindenlab.com security@lindenlab.com]


{{KBwarning|The SEC project (and security mailing list) is '''ONLY for reporting security exploits''' that might compromise a Residents identity or the Second Life Grid. All other requests including account issues and account security via this address will '''not''' be addressed.}}
{{KBwarning|The SEC project (and security mailing list) is '''ONLY for reporting security exploits''' that might compromise a Residents identity or the Second Life Grid. All other requests including account issues and account security via this address will '''not''' be addressed.}}
Line 23: Line 25:
*  If you believe your account has been breached please attempt to change your password immediately and also  [http://secondlife.com/community/support.php contact support].
*  If you believe your account has been breached please attempt to change your password immediately and also  [http://secondlife.com/community/support.php contact support].
*  If you are experiencing some other problem, please [http://secondlife.com/community/support.php contact support].
*  If you are experiencing some other problem, please [http://secondlife.com/community/support.php contact support].
*  See [[issue tracker]] for information about filing non-security issues.
*  See [[Bug Tracker]] for information about filing non-security issues.


[[Category:Bounties]] [[Category:Issue Tracker]]
[[Category:Bounties]] [[Category:Bug Tracker]]

Latest revision as of 16:17, 23 October 2024

Redirecting to http://community.secondlife.com/knowledgebase/english/how-to-report-a-bug-r224/#Section__2

Issues pertaining to the security of Second Life should be sent to Linden Lab via special mechanism described below. Please help us keep Second Life secure by ensuring that possible security exploits aren't broadly advertised before a fix is available.

So just what constitutes a security issue? If an issue poses any of the following threats to Second Life, its Residents or content, then it is an exploit and should be reported:

  • exposes real life Resident identity without consent
  • destroys content
  • permits unauthorized access to Second Life/Linden Lab resources
  • compromises a client or server host subjecting it to remote control

When reporting an exploit, please provide as much detail as possible, Including the environment used (e.g. Windows XP Service Pack 2, Nvidia 6800 etc ) and the complete reproduction case. Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified. Please report issues as soon as they are discovered!

Filing issues

There are two ways to file security reports:

  • In the SEC project on jira.secondlife.com (PREFERRED). It's VERY IMPORTANT that you file issues in the SEC project, which is the only project set up so that only the reporter and Linden Lab can view the issue.
  • Via email: security@lindenlab.com
KBwarning.png Warning: The SEC project (and security mailing list) is ONLY for reporting security exploits that might compromise a Residents identity or the Second Life Grid. All other requests including account issues and account security via this address will not be addressed.

For other issues:

  • If you believe your account has been breached please attempt to change your password immediately and also contact support.
  • If you are experiencing some other problem, please contact support.
  • See Bug Tracker for information about filing non-security issues.