Page 1 of 2 12 LastLast
Results 1 to 15 of 23

Thread: New OD tools seems dangerous

  1. #1
    gettin all wavy rwhunt99's Avatar
    Join Date
    May 2004
    Location
    Osceola, IN
    Posts
    213

    New OD tools seems dangerous

    I'm not a programmer or anything, but it seems to me that the new OD tools is setting up for hackers to come in and hack your computer, by allowing you to download directly into LW 2018 with out any protection or antiviral scanning? Maybe I'm wrong, just want to get someone who knows , their opinions. Providing hackers the SDK and then assuming there are no malicious people out there is not safe.

  2. #2
    Registered User
    Join Date
    Aug 2016
    Location
    a place
    Posts
    1,853
    sponsored by the foundry? kidding

    i dunno, possibly but i am sure oliver is a stand up guy.

  3. #3
    Luddites will be Luddites.

    If any of us are worth hacking, we've been hacked.

    This kind of 'old' thinking is why LW can't move along or become a modern app: everyone wants it to be like "the old one".

    Change is afoot.


    DON'T USE IT AND YOU WILL BE FINE. No need to warn the rest of us with such paranoia.

    Robert
    Robert Wilson, MA Deaf Ed.
    Indiana Deaf School
    This e-mail may contain information protected under the Family Educational Rights and Privacy Act.

  4. #4
    Registered User
    Join Date
    Aug 2016
    Location
    a place
    Posts
    1,853
    i guess so but at least there are people using lw right now and sure, some don’t like too much change. still good to have them.
    Last edited by gar26lw; 01-31-2018 at 07:20 AM.

  5. #5
    Super Member
    Join Date
    Sep 2003
    Location
    Barcelona
    Posts
    1,691
    I don't worry too much about any potential threat of the OD Tools. But in certain environments I can understand it could raise questions. Perhaps a better phrasing, specially a more cautious title, and probably a direct e-mail to the always responsive and open Oliver could satisfy your concerns way better than this thread.

    And yet, Robert, come on: it's a question. And he's asking a valid point with arguments. We can answer perfectly well, calmly, without shouting, and avoiding references to paranoia to deflect an attack that wasn't there to begin with. Sure we can. :-)

    It could be useful to know how the exchange of information from LightWave to the internet and back is dealt with, or the inner workings of such communications. And to be able to understand the possible threats and safeguards. Even to improve it. Why not? And yes, meanwhile one can use it or not. As a question and not a 'warning' works fine. Isn't it?
    Last edited by allabulle; 01-31-2018 at 08:51 AM.
    Salut!,
    Allabulle.

  6. #6
    gettin all wavy rwhunt99's Avatar
    Join Date
    May 2004
    Location
    Osceola, IN
    Posts
    213
    This is not about Oliver, I'm sure he is, this is about the way for hackers to get into your system and perform commands without your ability to control them. As I mentioned, I'm not a programmer and I would hope there are safeguards in place to prevent that kind of thing happening, but in today's environment, it isn't healthy to assume anything
    Last edited by rwhunt99; 01-31-2018 at 08:59 AM.

  7. #7
    Quote Originally Posted by rwhunt99 View Post
    This is not about Oliver, I'm sure he is, this is about the way for hackers to get into your system and perform commands without your ability to control them.
    I totally understand this. Here's whats going on, just so that it might shed some light.

    when you use the "instant download feature", the zip of the content, is downloaded to your machine, unzipped, and loaded... (scenes, objects,image, and plugins - for plugins, its a special case, as they only get added, NOT run - due to security concerns by myself even). The only security that you can really have in such case, is to make sure the content is curated. Thats why when you upload something, you dont see it right away. Thats because one of the admins will have to approve it, and with that, I mean checking the content. Once it is deemed safe, it should be approved and everyone should be able to see it themselves.

    So essentially, these are the security safeguards in place.

    1) the user has to be logged in (registerred) (easy to get around I guess)
    2) the content will be checked by one of the admins before it is actually seen by others (not really something you could get around, and hopefully we'll catch malicious things)
    3) you'd have to explicitely click on something to download, nothing is downloaded by "default"

    So in the end, is this 100% secure, probably not, but I am hoping with #2 we would be able to get most of it. To be perfectly honest, the nature of something like this, I dont know how else you could make it more secure, but of course, we are open to any ideas if they can be achieved.
    Oliver

    OD Tools Purchase Link: http://origamidigital.com/cart
    Vimeo Channel: https://vimeo.com/channels/850417
    Join ODRoot - https://www.odroot.com

  8. #8
    gettin all wavy rwhunt99's Avatar
    Join Date
    May 2004
    Location
    Osceola, IN
    Posts
    213
    Sorry, I thought I was asking an intelligent question, and you can safely ignore it and keep your head in the sand. I want to use it, but I want safely approved plugins, is that too much to ask? As the ignorant rush to use technology they don't fully understand, they get burned because they assume too much. Just like the use of those Fitbits have exposed far too much information to the enemy all the way down to soldiers names and where they are at any time and where installations are. Dumb unprotected use of technology is putting us in dangerous situations.

  9. #9
    gettin all wavy rwhunt99's Avatar
    Join Date
    May 2004
    Location
    Osceola, IN
    Posts
    213
    Thanks Oliver, perhaps I should have checked with you first, but I hope you understand it was/is a concern. I was curious how could we protect ourselves. I thought, from the way it was described in your announcement, it went directly into your system while you were live in app. This is good information I appreciate it!

  10. #10
    Goes bump in the night RebelHill's Avatar
    Join Date
    Nov 2003
    Location
    jersey
    Posts
    5,771
    Quote Originally Posted by rwhunt99 View Post
    I want safely approved plugins, is that too much to ask?
    Quid custodis custodit?
    LSR Surface and Rendering Tuts.
    RHiggit Rigging and Animation Tools
    RHA Animation Tutorials
    RHR Rigging Tutorials
    RHN Nodal Tutorials
    YT Vids Tuts for all

  11. #11
    Quote Originally Posted by rwhunt99 View Post
    Thanks Oliver, perhaps I should have checked with you first, but I hope you understand it was/is a concern. I was curious how could we protect ourselves. I thought, from the way it was described in your announcement, it went directly into your system while you were live in app. This is good information I appreciate it!
    I totally get your concern, and I share it, but yes.. content is being evaluated/approved BEFORE it gets posted on ODROOT.
    Oliver

    OD Tools Purchase Link: http://origamidigital.com/cart
    Vimeo Channel: https://vimeo.com/channels/850417
    Join ODRoot - https://www.odroot.com

  12. #12
    Founding member raymondtrace's Avatar
    Join Date
    May 2003
    Location
    Ohio
    Posts
    863
    Quote Originally Posted by rwhunt99 View Post
    ...with out any protection or antiviral scanning?
    Why are you not using antiviral scanning (or why are you using a malware detection program that does not monitor downloads or changes to the filesystem)?

    Providing hackers an SDK is no more dangerous than providing hackers the ability to run javascript in a browser.

    Concern is understandable with the ODRoot web page ( https://www.origamidigital.com/lwNews/#page3 ). Before downloading, you must check "I will use this software responsibly and acknowledge the risks" but there is no further description or explanation of risk. Further, the FAQ provides questionable instruction:
    "My virus software flags the application.exe ... Ignore the false flag and allow access, please remember to allow your firewall"

    There are privacy concerns that could be addressed by analyzing the traffic produced by this program but it is highly unlikely that anything from OD is "dangerous". Oliver has trust. ODRoot is what NewTek should have already done.

  13. #13
    Quote Originally Posted by raymondtrace View Post
    Why are you not using antiviral scanning (or why are you using a malware detection program that does not monitor downloads or changes to the filesystem)?

    Concern is understandable with the ODRoot web page ( https://www.origamidigital.com/lwNews/#page3 ). Before downloading, you must check "I will use this software responsibly and acknowledge the risks" but there is no further description or explanation of risk. Further, the FAQ provides questionable instruction:
    "My virus software flags the application.exe ... Ignore the false flag and allow access, please remember to allow your firewall"
    This is something that could, and will be better explained. Thanks for pointing that out. We'll add some of the points i mentioned above to the FAQ.

    Regarding an antiviral scanning or anything like that: Its always good for the user to do that, as as mentioned, since you are downloading content first (a zip), that then gets extracted (more files).. they should all be scanned automatically by your installed protection/antivirus scanner.

    So in that regard, its you are doing the same thing when you download any files off of the web, but with the added benefit, that in this case, its additionally curated by a 3rd party (us and our admins)
    Last edited by oliverhotz; 01-31-2018 at 09:38 AM.
    Oliver

    OD Tools Purchase Link: http://origamidigital.com/cart
    Vimeo Channel: https://vimeo.com/channels/850417
    Join ODRoot - https://www.odroot.com

  14. #14
    Good day,
    (This is Robert under the work id)
    Ya know, I get to see people making dumb use of technology daily. I get to see tech guys get hacked and they've no idea why.
    Cybersecurity for normal folks is virtually non-existent. It has been that way for a while. When big companies spending millions or billions on security still get hacked, its mostly hopeful that our firewalls and the like will do their jobs.

    Stay diligent, sure, but don't be surprised if all of your due diligence is for naught. For this, no panic mode is needed.


    Kudos to others for having made the case much more eloquently than I on this point.
    Robert Wilson, MA Deaf Ed.
    Indiana Deaf School
    This e-mail may contain information protected under the Family Educational Rights and Privacy Act.

  15. #15
    TrueArt Support
    Join Date
    Feb 2003
    Location
    Poland
    Posts
    7,900
    The all applications and operating systems (especially on smartphones), which automatically update, are vulnerable.
    Hacker can intercept router and replace new update file by special prepared executable which will be installed on your computer/smartphone by autoupdating code in application already installed on machine (and with permissions).
    Last edited by Sensei; 01-31-2018 at 11:24 AM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •