Difference between revisions of "Security issues"
Milo Linden (talk | contribs) |
Milo Linden (talk | contribs) m |
||
Line 1: | Line 1: | ||
Issues pertaining to the security of Second Life should be emailed to the Second Life Security mailing list | Issues pertaining to the security of Second Life should be emailed to the Second Life Security mailing list rather than posted on jira.secondlife.com. Emailing them directly to Linden Lab helps us keep Second Life secure! | ||
So just what constitutes a security issue? If an issue poses any of the following threats to Second Life, its Residents or content, then it is an exploit and should be reported: | '''So just what constitutes a security issue?''' If an issue poses any of the following threats to Second Life, its Residents or content, then it is an exploit and should be reported: | ||
* exposes real life resident identity without consent | * exposes real life resident identity without consent | ||
Line 8: | Line 8: | ||
* compromises a client or server host subjecting it to remote control | * compromises a client or server host subjecting it to remote control | ||
When reporting an exploit, please provide as much detail as possible, | '''When reporting an exploit, please provide as much detail as possible''', Including the environment used (e.g. Windows XP Service Pack 2, Nvidia 6800 etc ) and the complete reproduction case. Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified. We encourage you to submit security issues via email to [mailto:security@lindenlab.com security@lindenlab.com] as soon as they are discovered! | ||
'''Please read the NOTE: below before submitting.''' | |||
See [[issue tracker]] for information about filing other issues. | See [[issue tracker]] for information about filing other issues. |
Revision as of 09:29, 14 July 2007
Issues pertaining to the security of Second Life should be emailed to the Second Life Security mailing list rather than posted on jira.secondlife.com. Emailing them directly to Linden Lab helps us keep Second Life secure!
So just what constitutes a security issue? If an issue poses any of the following threats to Second Life, its Residents or content, then it is an exploit and should be reported:
- exposes real life resident identity without consent
- destroys content
- permits unauthorized access to Second Life/Linden Lab resources
- compromises a client or server host subjecting it to remote control
When reporting an exploit, please provide as much detail as possible, Including the environment used (e.g. Windows XP Service Pack 2, Nvidia 6800 etc ) and the complete reproduction case. Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified. We encourage you to submit security issues via email to security@lindenlab.com as soon as they are discovered!
Please read the NOTE: below before submitting.
See issue tracker for information about filing other issues.
NOTE:
This mailing list is for reporting security exploits that might compromise a residents identity or the Second Life Grid only, all other requests including account issues and account security via this address will not be addressed.
If you believe your account has been breached please attempt to change your password immediately and also contact support at the address below.
If you are experiencing some other problem, please contact support: