Crime Wave Thwarted in Second Life

Ponca City, We Love You writes "The Mercury News reports that a vulnerability in the way Second Life protects a user's money has been identified. Risks for users are reportedly limited because the researchers say the flaw can be quickly patched. The flaw exploits a known problem with Apple's QuickTime - when a virtual character passes by an infected object planted by hackers, the Second Life software activates QuickTime so it can play the video or picture. Hackers can direct the Second Life software to a malicious Web site that then allows them to 'take over the user's avatar and force it to hand over its Linden cash. Second Life is recommending that users disable streaming video playback in the Second Life viewer except when you are attending a known and trusted venue.' The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

short answer - No

[timmarhy]

It's not real people. look after your actual life for a change....

Re:short answer - No

[sqrt(2)]

Yeah! I can't even imagine what kind of losers would spend that much time on a website [slashdot.org].

I've never actually seen this "Second" life, and I can't imagine why people would spend real money on it, but apparently a lot of people do. It must be worth it to them for the entertainment value.

Re:short answer - No

[ronadams]

Except that real money is involved in Second Life. There's more to it than just a game -- when money can be made and lost, the stakes and consequences are higher.

Is poker just a game?

[ToasterMonkey]

Yes, so is SL. Stop being dramatic. I lose money every time I spray my backyard with grass seed. I don't go around telling people "It's more than just lawn-care! ... It's another LIFE!"

Seriously, the consequences are as high as you want to set them. Throwing wads of money into the street has high stakes and consequences too.

Re:

[ronadams]

That's quite possibly the worst analogy and analysis I've ever read on Slashdot. The feces-eater-in-the-library post was more on-point than what you said.

My statement was that there is a difference between a game, which is strictly for entertainment, and a hybrid entertainment/business environment like SL, where some people are earning (or losing) significant profits. I never said anything dramatic. To use your first half-baked metaphor, ask a professional poker player if he considers his winnings, and

Wow.

[ToasterMonkey]

What a big surprise, more drama.

Now SL is a BUSINESS environment, huh? Sure, to the same extent that poker can be a business. You're horribly mistaken, Linden Lab is the business, SL is their game.
"Professional" poker players still play a game. It's still gambling, regardless of the skill or amount of money. Some may make a living off of the winnings, but the _game_ is not more serious or important to the rest of us because they do. It is purely entertainment. The same can be said for any professional

Re:

[Torvaun]

If they make their living off of it, it has ceased to be just a game for them. I'm not a professional poker player. To me, poker is a game. To them, poker is a source of income, maybe the primary source of income.

Now, I didn't see anyone claiming that SL was a business environment for Linden Labs. For them, it's clearly just a product. But it is being used as a business environment by many of the people in it. My analogy: Second Life is like an apartment building. Linden Labs is the landlord. But th

Re:

[sqrt(2)]

If I was spending real money on a hobby, I'd expect a reasonable amount of security. Don't even think farther than that. When you spend money online, don't you want it to be secure? That's the issue.

I'm sure there exists casual SL players. Probably some that play even less than you spend on slashdot. You can easily spend hours and sink tons of real money on any hobby, if people want to throw it away on a virtual world that's their business. Some people play WoW, I can't understand that either, but a lot of

Re:

[iminplaya]

HEY MODS! That's not flamebait! I fully agree with the parent. Real worlds and virtual worlds don't mix. Learn some perspective and stop trying to pretend one is the other. Man! This is getting creepy!

Re:short answer - No

[SJ2000]

"Real worlds and virtual worlds don't mix" Alert the eCommerce sites, eBay better shutdown now.
Can't have the virtual world mixing with reality can we?

Re:short answer - No

[iminplaya]

What kind of real items are you buying in Second Life? Furniture for your house? Food for your stomach? Yeah. That virtual steak sure was tasty. Clothes for the kids? He's not barefoot. He's got his shoes right there on his USB stick. Can't you see them? The frostbitten toes are just his imagination. IT"S A GAME! If somebody cheats, kick them off, undo, and move on. Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"? Oh, I can see the Nigerian scam now. There's 3000 dollars in un-collected "GO" money. If you send me just $49 and your credit card number and bank account number, I'll send it right to you in six to eight weeks. Will my get out of jail cards work when the cops mash my door down and bust me with my bag of weed? You are crazy.

Re:

[mstahl]

Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"?

That's the thing. Linden dollars are supposed to equate to real money. You buy them. Why you'd want to do that is beyond me but there it is.

Re:short answer - No

[walt-sjc]

Yes, Linden dollars do equate to real dollars. You can buy them, or you can create them by creating objects people buy or offering a service that other people pay for. Why do people buy? It's part of the game. Nearly every game out there costs money. Many are subscription. SL is similar. You can always play and not spend any real money at all. as most places to visit are free, and there is plenty of free items out there.

It's entertainment. People are willing to pay for entertainment.

Re:

[DaleGlass]

What kind of real items are you buying in Second Life?

SL works as a convenient paypal-like money transfer system. People pay me for programming projects through SL.

It's quite possible to make a living from it. I currently probably could live exclusively from SL.

Re:

[The One and Only]

There's a distinction between using SL as PayPal (a brilliant idea!) and actually keeping large L$ reserves in SL to "spend" on "goods" and "services" that only exist within Second Life itself. ("Services" usually being animated cybersex, and "goods" usually being cybersex animations.)

Re:

[DaleGlass]

Well, the definition of "large reserves of L$" varies quite widely. Things are cheap in SL. An expensive avatar might be $5. Usually much cheaper.

If you're interested in stuff (as in toys and not services of some sort) you can gather a huge heap of all sorts of things for $25.

"Goods" are far more than "cybersex animations", btw. Those generally include avatars, weapons, toys, clothes, utilities (RSS readers say), buildings, etc, etc. You want to live in a medieval castle? Or a house on a tree? A Stargate? A

Re:

[Just Some Guy]

What kind of real items are you buying in Second Life?

Money. SL lets you buy and sell real world currency. If someone has a credit card on file, you could use their character to buy quite a lot of money and transfer it to another user before trading limits kicked in. I'm sure there are no end of effective laundering schemes to get it back out cleanly.

Re:

[dbIII]

The problem with second life as I see it (and one reason why I don't play) is you can put arbitrary amounts of real money in and potentially get real money or real goods out. You can spend a lot on the game. I would be suprised if there are not a lot of govenments wondering how they could get a slice of this as taxes and police departments looking for a way to pounce on the first money launderer they can spot there (most likely with collatoral damage).

I prefer the Blizzard approach where they state up fro

Re:

[forgotten_my_nick]

> What kind of real items are you buying in Second Life?

Well within the game you are paying for designers, coders. However there are quite a few people in SL who take linden $ over real $ because it offers a level of anonymous access over paypal. Which is why you will find a lot of "web cam" services there.

Re:

[SJ2000]

I'm just tired of people's crap about SecondLife when all they appear to know about it is crap they read, experience it properly then I'll respect your opinion. If this isn't the case then speak up, currently your analogies don't even parallel was occurs in SecondLife. All I did was take apart your previous post and rebutted, not really much to it other then that. What didn't you understand? I'll rephrase it

Re:

[pnewhook]

Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?

*Guarantee*? No of course not - no one can guarantee nothing will ever happen. But expect reasonable care as any legitimate business should? Sure, why not?

The operators of SecondLife can no more guarantee that you will not get robbed in the game than the polititians and police can guarantee that I wont get robbed walking down the street.

Re:

[ILuvRamen]

I guess they modded you down cuz they couldn't find the "amen to that" mod category. I mean seriously, what are they gonna do, FDIC insure it? Give me a break.

Re:

[jonbryce]

If it was in Europe, they would almost certainly have to register as an electronic money issuer, just like Paypal Europe is (in Luxembourg). That does give some protection, but not as much as the FSCS guarantee, which the the equivalent of FDIC.

Re:

[darkhitman]

I could say the same [imdb.com] to you, Mr. Anderson...

Re:

[Lesrahpem]

It's not real people. look after your actual life for a change....

True, it is a game of sorts, but since Linden dollars can be directly converted into real world currency, and many people actually make money that way, this is an actual problem. This isn't like somebody stealing your stuff in Wow, this is more like someone stealing your poker chips at a casino.

This comes from a BLOG owner

[SmallFurryCreature]

Can I tell you a little secret about life? It is pointless.

You are born, you die. In between you have to work a lot of hours to... well to postpone the dying part or at least make the dying part less unpleasant.

Luckily, in the west we have become good enough at postponing death that we have some spare hours in our days. So we got to waste them, some watch sports, some have sex, some read books and some play games.

It is ALL useless.

Blogging got to rank near the top of most useless activities and as such you are in no position to critize second life players. You are a pot, so keep quiet about the color of kettles.

I wish people were a little bit more honest about their personal time wasters. Friend of mine follows all the soccer tournaments in the world, yet thinks playing games is a waste of time. Eheh.

Stop blogging mate and save the world or accept that you are wasting your time just as much as people who care about some silly online game.

Re:

[walt-sjc]

It's as pointless as any other video game, fiction book, movie, music, sporting event, party, etc.

Oh wait - maybe entertainment is not pointless. Maybe it lets us express ourselves, or enjoy our time outside of work. Maybe SL is a way to interact with people from different countries / cultures - playing together. Or you can spend your life working, eating, and sleeping and nothing else. I think SL is a little silly, but I feel the same about all video games.

Re:

[gmezero]

But in Second Life you are now socializing and possibly conducting business for your employer. Many companies are utilizing Second Life as a virtual meeting space to conduct international meetings.

Re:

[ElephanTS]

Can I tell you a little secret about life? It is pointless.

Ha! Such a good point, so rarely articulated. Is this the emptiness that chases all those useless retail purchases, looking for meaning where there is none to justify our slave existence?

Re:

[JustShootMe]

Comparing a blog to second life is a very good example of Not Getting the Point.

Re:

[syousef]

What you've demonstrated is that how pointless something is can be rather subjective. However there are tangible and long lived benefits from some behaviours that don't come from others.

For example spending 3 years playing computer games vs spending 3 years obtaining a degree. If you get pleasure out of the games you might not consider it a waste of time, but only one has a serious potential for enriching the rest of your life. If you study something you actually enjoy, it might set you up for years of maki

Re:

[CronoCloud]

Personally, I don't at all see the appeal of "second life". If you're going to be involved in something that is just like real life, but is not real life, and is an inferior low resolution copy to boot, why not just go to a park and watch the squirrels play?

Second LIfe is not like RL, for one, I can't fly in RL. Neither could I meet a tiny squirrel, hop in Ornithopters and shoot at each other. Or play En Garde with the squirrel, or go to a musical performance with the squirrel, or say build something real

an alternate, and more entertaining solution

[User 956]

Risks for users are reportedly limited because the researchers say the flaw can be quickly patched.

Yes, well, the other solution to this flaw is to simply spend all your money on entrance to the tentacle hentai simulator.

Re:

[CronoCloud]

Anonymous coward is telling the truth. I've seen one that someone made. Pictures? Wouldn't you like to know. :-) But this might be a location to check out:

http://slurl.com/secondlife/bel%20Highland/171/143/33 [slurl.com]

Should be near where you can get the baby unicorn. NSFW link:

http://www.secondlifeherald.com/slh/2007/09/afternoon-delig.html#more [secondlifeherald.com]

It might be a custom thing though so it might not actually be there.

Not-so-virtual

[Calydor]

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

Re:

[Credible]

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

That's not the test. The question is whether you can buy real currency with lindens.

Re:Not-so-virtual

[SJ2000]

Yes, you can using Linden Labs own exchange to turn US$ to L$ vice versa. Look on their website

Re:

[icepick72]

But I buy monopoly money with real money and there's no need to guarantee the safety of it because I've purchased play money. Linden dollars don't do anything either outside the context of a game. You have your virtual and real worlds mixed up.

Re:

[bob.appleyard]

No guarantee of safety? If someone steals your property (ie. the game or its fake money) would the poilce not deal with it as theft? It's exactly the same thing with Second Life, someone buys a product (game money) and that is taken from them without consent. Just because you don't value their property doesn't mean it has no value.

Re:

[The One and Only]

If someone steals your property (ie. the game or its fake money) would the poilce not deal with it as theft?

If it's less than a few thousand (real) dollars in value, probably not. They can't be arsed to deal with anything less than grand theft auto in most cities.

Re:

[Lodragandraoidh]

Linden dollars don't do anything either outside the context of a game.

Actually they do. You can sell your Lindens for Dollars (The current exchange rate is 266L per $1.) So if you have a successful online business there, you could make enough real dollars to live off of in the real world. Difficult, but not impossible. SL has a vibrant economy - Check out this link for specifics [secondlife.com].

That is aside from the personal networking, professional and career contacts you can make in SL that can equate to job offers

Re:Not-so-virtual

[cos(0)]

You can buy anything with currency. The real test might be, does the government have an interest in protecting the integrity of Linden currency to the extent of US currency?

Alternately, can one buy US currency with Linden currency? However, this test would merely cause theft of Linden currency to be a crime with "real" damages; it would not require the storage and management of currency to be as secure as with banks.

Re:

[walt-sjc]

As was said elsewhere, yes you can sell your Linden dollars in exchange for real US dollars.

Re:

[vertinox]

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

IANAL or an Economist but...

True, but the Linden dollars aren't insured nor backed by Federal Banking and SEC regulations.

If Linden folds or they decide to devalue their currency then you have no legal recourse. Since there is no physical or scarcity limitation to their currency, once cannot 'steal' it from you because it never left the linden servers and it most likle

Perspective anyone?

[uptownguy]

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

The hack raises tough questions for operators of amusement parks. Should the ski ball tent be as secure as banks and guarantee the safety of money and property that kids stuff in their po

Re:

[uptownguy]

You see, to me, the nature of the action being done is what makes it deserving or not deserving of protection. You, on the other hand, seem to be insisting that it's the interface that determines this. What justifies basing this determination on the nature of the interface rather than the nature of the transaction?

I agree completely with your premise -- I'm surprised at your conclusions.

The nature of the action being done here is entertainment. Amusement. Distraction. Think video arcade, think amusement

Re:

[uptownguy]

...re-reading what you wrote in response to what I wrote, it occurs to me that maybe, just maybe, you didn't understand I was being a little snarky. (I thought "little red tickets" and "ski ball" would give that away.) So let me be blunt:

Second Life [wikipedia.org] is [wikipedia.org] a game [wikipedia.org]

Opportunity

[raftpeople]

If the goal is simulating real life, the solution is: An Insurance Company!

Possibly, Lloyds of Linden?

Old recommendation, Quicktime prob killed soon

[AySz88]

If you take a look at the Second Life blog [secondlife.com], you'll see that the referenced recommendation was from a couple of days ago (November 30). A paragraph in the blog seems to say that if LL starts noticing exploits, they'll kill all QuickTime on the grid and maybe roll back exploit-induced transactions - expect this to happen soon.

We do have the ability to turn off all videos on the grid, but have instead chosen to respect the existing in-world content and experiences which rely on streaming video, as we know that many of you enjoy these. We do recommend that you employ caution when using QuickTime in Second Life, only enabling it in environments that you trust, and are familiar with.

We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker. This will include account termination and legal action if appropriate, as well as the appropriate assistance for affected Residents.

omgwtfbbq

[slyn]

Ummmmmmm...

Can someone explain to me why Quicktime is so fucked up? I'm dead serious, and I ask this as a mac user.

It seems like all the time there are new exploits for all different types of services (firefox exploits [slashdot.org], myspace exploits [eweek.com], this, etc.) with one thing in common: It's not [necessarily] the services fault, it's Quicktime's. Is there something about the architecture of Quicktime that makes it particularly exploit friendly? Or does it not do enough checking to see if the file is malicious? Is Quick

In a Related News Story

[poena.dare]

In a Related News Story... Police are still trying to explain how one million iPhones with infected copies of QuickTime have managed to induce their owners to foolishly hand large sums of cash to complete strangers. "What's especially troubling," confided one investigator, "is that we can't get 10 feet into an Apple Store before our team members are compromised!"

Re:

[gad_zuki!]

Im just blown away that quicktime doesnt have some kind of auto-updated, only itunes does. Ideally, Apple should be asking MS to put whatever patch they have into XP's auto updater like Adobe did when Flash had the vulnerability.

Real life banks are not secure.

[WK2]

Real life banks are not secure. They are just as likely to be hacked as any other web site. In the U.S., they are FDIC insured, though.

Re:

[twistah]

Well, that's true, but there are lot of regulations in the U.S dealing with bank security. Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA) which deals with customer information and several others must be complied with. Other countries have them too; for example, J-SOX is Japan's SOX equivalent. This means that the bank gets audited, often by two sets of outside auditors, which helps security at least somewhat. Most banks and credit unions also often go through penetration tests and vulnerability as

Re:

[Jugalator]

I don't know how I should best put this or if you're joking but -- no, bank web sites are usually more heavily scrutizined against attacks, and it seems successfully so. Bank sites should logically be major hacker targets, but the only way I use to see people "hack" themselves to find any bank account details here is by having people run a trojan in a mail in advance containing a keylogger. Or go to a web site set up to look like a bank site and have the user input the private details there. But in neither

Re:

[ronadams]

As a technical and web infrastructure consultant, I take offense to that remark. Any financial institution worth it's money takes very serious care in web security. Nothing is bulletproof, but to say that myspace.com and usbank.com, for example, are equivalent is absolute nonsense.

Oh, and the stuff the poster above me said is true enough as well.

guarantee the safety of money and property?

[timeOday]

For something like this that's easily classified as a bug, yes.

However, at some point they will encounter the gray areas, which are resolved by courts in real life - do they really want to go that route? For instance, are there "lemon laws" for in-game purchases, and contract law for in-game agreements? Take the whole "who owns Unix" debacle Novell and SCO have been engaged in. What if second-life outlaws resort to bartering with some other scarce resource besides money to circumvent all the rules?

SL's economy is a giant sinkhole anyway

[Carbon016]

As someone who has been quite directly involved in Second Life (or at least griefing it), I know SL pretty thoroughly, and I especially know there are two attractions to Second Life: sex and money. They're readily interchangeable, and they're the only reasons anyone uses it, despite claims to the contrary by media-whorish Linden Labs. You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim. News about security problems is common because there's so much money going through the system and a lot of people looking to exploit it, as well as a wealth of disorganized, terrible code.

A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately. Yes - there are Second Life banks, (multiple) Second Life stock exchanges, and all sorts of economic institutions: however, the operators of these venues often don't know the difference between an interest rate and their shoe so most people that end up dumping their funds into them lose all their money. Some people have thousands if not tens of thousands of dollars tied up in the game. As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it. So economic problems are pretty common. Guaranteeing anything is a difficult proposition for the companies running the games: most have simply said "the *unit of currency here* is not money, nothing is guaranteed" to avoid lawsuits when someone messes up and loses a grand because a sim went down. So it's a dangerous game and the only real winners in "investing" in Second Life are LL.

Re:

[SJ2000]

"Ginko Financial" was not a bank. The fact you can't recognize this means you know shit. The economy started going down hill because Linden Labs finally said they would obey the law and banned in-game gambling.

Re:

[Carbon016]

What exactly is your definition of a bank, then? Ginko provided deposit and withdrawal of currency and issued loans. Everyone from Reuters to Philip Linden [reuters.com] called it a bank. Regardless, any economy with such a capital system (the Lindens frequently mess with it without respect for economic consequences) will ultimately fail, content ban or not.

Re:

[SJ2000]

Bank in the legal sense. If it's not a legal bank it's not a bank

Re:

[G Fab]

Since when?

you're just adding to the normal definition ad hoc.

It was a bank. We all realize it wasn't FDIC insured and isn't the same as Bank of America. But go run to your dictionary and look up the word "bank", and you will realize that banks actually preexisted the laws in place today. A bank is where you store your money. In fact, a bank is just where you store anything.

I can have a bank of thumbtacks i my garage. It's a normal word that you should relax about.

The parent is right. Linden is profit

Re:

[G Fab]

Well, I agree with you to an extent.

However, the same could be said of people trusting American banks before reforms were enacted. You didn't have to use then and they were not associated with the government of the US. Of course, many did and were screwed, and eventually the people demanded the US government do what it had the power to do: reform the banks. And everyone was happier.

Linden makes a fortune off these shams. By screwing with the currency they are making money, pure and simple. Are these ba

Re:

[RichardX]

My most insincere apologies for undermining your point of view, but I use Second Life for reasons which do no include sex or money. To me, it's like Lego, but even more fun in many ways. You can build 3D objects, with an extremely limited toolkit where somehow the limitations make it more fun, and then you can give those objects behavior via scripting. Then it gets really fun when you share in those objects with other people you meet there.

Oh noes. What's that you say? There are furry tentacle-rape freaks o

Re:

[RichardX]

Yeah, before someone points it out, I typoed "not" for "no".. when will Slashdot get with the 1990's and add an 'edit' button?

Re:

[cruachan]

Well all this says is that you're a not very nice person who is obsessed by being an asshole (griefing), sex and money. Of course there are loads of people in SL doing the cybersex thing, and if that's what you go looking for then that's what you'll find. But it's a bit like going to Amsterdam, just touring the red light district, and then concluding everyone in Amsterdam is just interested in buying and selling sex.
Myself I run a quite profitable RP-orientated design business which nets me around USD$500

Re:SL's economy is a giant sinkhole anyway

[Jesrad]

"You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim."

In three years sent in Second Life I have not done any of this. I must some weird and very persistent aberration, then. Or maybe you're just wrong.

"As the Linden (the currency of Second Life) is not based on anything"

It is based on the USD, and maintained at a rather fixed rate by LindenLab acting as a central bank. It's not perfect, but it has worked remarkably well so far.

"Linden Labs simply dumps currency into the market whenever they feel like it."

No, they sell some L$ only when they rate drops under 265 L$ per 1 USD to maintain the rate, and they buy back the L$ when the rate goes higher than 266 L$ per 1 USD (though they apparently never have had to do that). That's not "whenever they feel like it".

"So economic problems are pretty common"

Err, no. The L$ has been exceptionnally steady ever since LL introduced the measures I pointed out above, and the vast majority of players have zero problems with it. Only those who want to play games with their money and that of other people are taking risks. You're obviously confusing economy with finance if you conflate financial institutions like the "banks" and "stock exchanges" with the economy itself. But then, that's to be expected on a technology-oriented website like /.

Re:

[ronadams]

Being some random griefer who sends flying phallic objects across the Metaverse doesn't make you an expert in anything except flying genitals. So let's step through your insolent propaganda point by point.

1. "...they're [sex and money] the only reasons anyone uses it [Second Life], despite claims to the contrary by media-whorish Linden Labs."
   Perhaps you're not aware of the number of corporate entities [blogs.com] using Second Life, not even for direct profit, but simply as a platform to deliver product information,

Re:

[ronadams]

Grow up, child.

It's been a while ...

[bdraschk]

since the last Second Life story, even on other online news sites who were big into that second life thing.

Isn't it dead already? Second Zombie?

The rules of the game

[mcrbids]

In the real world, we have real, physical rules that determine what we, the "users" have to live with. Cops and the like work within those rules but since they don't make the rules of the universe itself, represent (at best) a 2nd-rate answer.

That cops can't enforce the law 100% is due to the fact that they didn't make the universe; that onus belongs to either God or a random Higgs field.

Here, however, the programmers are god-like. They make the rules of the universe. All of it. Therefore, the onus DOES fal

No Snowcrash tag?

[GroeFaZ]

Is everyone still asleep from partying in their mom's basement?

Am I the only one who doesn't get it?

[lena_10326]

And to think I was concerned about a trojan getting installed on my PC that would steal my USD from my checking account rather than Lindens from my SL account. Sorry, I'll get with the program soon...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[lena_10326]

Lindens are exchangable with real money.

Is it one way or both ways? If it's one way then it hardly matters. Lindens could always be virtually refunded or replaced.

With real banks? Well... You'd need to make various hooks into the browser, intercept traffic from the browser and rewrite it, make a custom implementation for each bank -- to put it simply. It's a lot harder.

Or... just copy the username and password with a key logger. A general key logger is far simpler and stealing is a lot easier if you kno

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[lena_10326]

Key loggers don't work because many banks (certainly the ones I have used) require you enter part of passwords on the site these days, usually via a on screen display (via mouse clicking) and some require you do mouse clicks.

I have 8 accounts with 4 banks: US Bank, Bank of America, National City, and Capital Federal and none them work that way. They all require a user name (or id) and password to be typed. On the 2nd login screen for Bank of America, they display a special image I selected on signup that

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[lena_10326]

Banks have insurance, banks have additional power in the legal world to persue issues between different countries, reverse charges etc. Linden lab does not. On top of that, it does not have the information to investigate things themselves because they are not handling payments outside of Second life (their bill processor is, and if the person who is stealing the Linden is smart, he'll use one of the 3rd party sites to convert the money). The payment processor is under legal obligation to not provide them in

Thoughts?

[fozzmeister]

If your in a game and get killed, then someone takes all your money, obviously it's a crime in SL, but is it a crime in the real world too?

Re:

[Veinor]

Here's how I think it should be: If it's using in-game mechanics that were deliberately placed there by the game creators, then no; the game designers meant for you to be able to lose your money in this way If it's using exploits, bugs, hacks, then yes. If you lose at a slot machine, it's not illegal, but if the slots are rigged, or someone tampers with them to make them lose more, that's illegal.

Re:

[DeadChobi]

If you die in the game, you die for real!

is it a bank?

[bahwi]

If it's trying to represent a "second world" then is there a bank so the character does not carry linden "cash" with them? Because Banks do not protect cash once you've pulled it from an ATM, if you are robbed you are robbed. Gunpoint or buffer overflow. Now, if it's a bank transaction, then yes, they should attempt to protect it with a PIN or password or some other signature, but the players "avatar" should not be carrying it around.

Re:

[account_deleted]

Comment removed based on user account deletion

Why should they protect player's cash? Here's why

[L. J. Beauregard]

Should [virtual worlds] be as secure as banks and guarantee the safety of money and property that characters in the world possess?

Do they want their players to keep on playing, and spending that real cash on their Second Life subscriptions?

It gets worse. All QuickTime files now threats.

[Animats]

This isn't a Second Life problem. It affects all QuickTime players. QuickTime has a recently discovered vulnerability which allows it to be used as a way to inject executable content into the user's machine. This can attack far more than Second Life.

See US CERT Vulnerability Note VU#659761 -- Apple QuickTime RTSP Content-Type header stack buffer overflow [cert.org]. "Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. ... We are currently unaware of a practical solution to this problem.. ... "Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability. Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms."

CERT suggests disabling all the ways QuickTime can be launched:

• Block the rtsp:// protocol
• Disable the QuickTime ActiveX controls in Internet Explorer
• Disable the QuickTime plug-in for Mozilla-based browsers
• Disable file association for QuickTime files

This vulnerability was first published on November 23, 2007.

To those asking...

[achenaar]

"does anyone really play this thing?"
The answer is yes. A few. Enough.
When I first made my Second Life account one bored weekend many moons ago, I was just checking to see if any VR style system had anything going for it. I'd been wandering from one MMO to another looking for some escapism and mostly just finding frustrating grind fests and vacuous time wasters.
I was initially pretty unimpressed by the graphics but eventually I started to see *past* the visuals and started visiting classes to teach noobs

Problem...

[ToasterMonkey]

I can understand why people are attracted to this game. It does sound like a great place explore your creativity. However, there is a HUGE problem with SL.

When I was younger, I spent a lot of my time playing Doom, and Quake. I even made my own levels, and some models. My friends and I had tons of fun playing in our own creations. Everyone has access to modeling tools, and there are plenty of games and 3D worlds to share your creativity in. The problem with modding games is that there's a very steep le

You should turn streaming off by default, anyway.

[argent]

You should turn off streaming media and automatic loading of web profiles by default.

Not just because of this, but because it reduces the security of the SL client, in a number of ways.

First, there's vulnerabilities in the plugins and the browser software. Yes, they're using a pretty secure browser based on Gecko, without user-loaded or downloaded XUL components, but still these are complex programs that you really don't need. About the only web-based technology in SL that's reasonably safe is the new search... since it's generated by Linden Labs, and they have better avenues of attack. :)

Second, If you look at the Linden blog on this, you see that one of the messages reads:

Way to go LL, help griefers some more why dont you? Using video streaming to IP log griefers as they crash sims is one of the important ways to fight griefing and document who the real abusers are. Eliminating this ability only helps griefers, much as your stupid idea to enable people to hide groups. Far more than helping to get rid of griefing or give us more security features, you keep enabling griefing with your stupid decisions like this one.

There are SL "landowners" using streaming audio and video to track visitors by their IP address. This allows them to cross-reference addresses and identify players living in the same household, players with multiple accounts, people playing from work, and so on. And these kinds of "web-bugs" inside SL can not only get the "landowner" a pretty reliable ID for you (your account name), they can also distinguish whether users you're "verified" by a credit card or paypal.

This kind of tool is useful to track griefers, I guess, but anyone who "owns" land in SL can do it... including those charming guys with their spammy ad-farms. :)

Re:

[Deltaspectre]

On a weird side related note, after posting that I noticed Firestarter was flashing red and 16 attempts on various ports from an IP that resolves to slashdot.org were recorded... What gives for that?

Re:

[deftcoder]

Anti-spam thing.

Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).

They're ports commonly used by proxies and such.

Re:I'm sorry

[wertarbyte]

Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).

Set your packet filter to REJECT instead of DROP. Dropping packets i usually a bad idea and sounds like some kind of obscure desktop firewall in "stealth mode".

Re:

[deftcoder]

Or netfilter rules with a DROP policy. :)

I am only forced to use Windows at work. :/

Re:

[SJ2000]

Yes, thank the god of your choice. There is at least one sane person here...

Re:

[jibjibjib]

I am silly enough to pay money for entertainment. Is there a problem with that?

Re:

[DaleGlass]

I don't fork money, I earn it! My return from SL is very positive and approaches that of a job I could live on.

Re:

[CronoCloud]

I'll help you out. You post on Slasdot, you're a geek.

Second Life appeals to non-geeks, even more so than WoW. It also appeals to creative types, say the folks who are art students, jewelry designers, graphic designers.

When you played SL for those five minutes, what did you do? Did you try out the building and scripting tools? Did you try Googling for interesting stuff to do? Did you try the "head for a clump of green dots and see what's up game"? Did you talk to anyone at Orientation Island?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[legojenn]

You may notice that ~23% of all client sessions end uncleanly (crash), that's something to complain about.

I usually consider a crash SL's way of saying find something else to do.