Crime Wave Thwarted in Second Life

Ponca City, We Love You writes "The Mercury News reports that a vulnerability in the way Second Life protects a user's money has been identified. Risks for users are reportedly limited because the researchers say the flaw can be quickly patched. The flaw exploits a known problem with Apple's QuickTime - when a virtual character passes by an infected object planted by hackers, the Second Life software activates QuickTime so it can play the video or picture. Hackers can direct the Second Life software to a malicious Web site that then allows them to 'take over the user's avatar and force it to hand over its Linden cash. Second Life is recommending that users disable streaming video playback in the Second Life viewer except when you are attending a known and trusted venue.' The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

short answer - No

[timmarhy]

It's not real people. look after your actual life for a change....

Re:short answer - No

[sqrt(2)]

Yeah! I can't even imagine what kind of losers would spend that much time on a website.

I've never actually seen this "Second" life, and I can't imagine why people would spend real money on it, but apparently a lot of people do. It must be worth it to them for the entertainment value.

Re:short answer - No

[iminplaya]

HEY MODS! That's not flamebait! I fully agree with the parent. Real worlds and virtual worlds don't mix. Learn some perspective and stop trying to pretend one is the other. Man! This is getting creepy!

Re:short answer - No

[ILuvRamen]

I guess they modded you down cuz they couldn't find the "amen to that" mod category. I mean seriously, what are they gonna do, FDIC insure it? Give me a break.

Re:short answer - No

[SJ2000]

"Real worlds and virtual worlds don't mix" Alert the eCommerce sites, eBay better shutdown now.
Can't have the virtual world mixing with reality can we?

Re:short answer - No

[darkhitman]

I could say the same to you, Mr. Anderson...

Re:short answer - No

[iminplaya]

What kind of real items are you buying in Second Life? Furniture for your house? Food for your stomach? Yeah. That virtual steak sure was tasty. Clothes for the kids? He's not barefoot. He's got his shoes right there on his USB stick. Can't you see them? The frostbitten toes are just his imagination. IT"S A GAME! If somebody cheats, kick them off, undo, and move on. Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"? Oh, I can see the Nigerian scam now. There's 3000 dollars in un-collected "GO" money. If you send me just $49 and your credit card number and bank account number, I'll send it right to you in six to eight weeks. Will my get out of jail cards work when the cops mash my door down and bust me with my bag of weed? You are crazy.

Re:short answer - No

[timmarhy]

good thing i don't spend hours on slashdot.org then.

A lot of people are really stupid to you know, like this guy calling for virtual worlds to involve bank security and liability. only from bloggers i swear...

Re:short answer - No

[JustShootMe]

There's always a mod that mods these kinds of comments down as flamebait. It doesn't make them any less true.

Personally, I don't at all see the appeal of "second life". If you're going to be involved in something that is just like real life, but is not real life, and is an inferior low resolution copy to boot, why not just go to a park and watch the squirrels play?

Of course, I'm here commenting at 12:30 on a Sat. night, so I'm not exactly taking my own advice. But it's still good advice.

I start to think more and more that second life is just another manifestation of the ongoing trentd for Americans to retreat into their own little worlds and live in as much fantasy as possible. Probably because life sucks so much...

Re:short answer - No

[SJ2000]

How's this any different from downloading an MP3 of a website or even software? Your analogies show that you've probably played the game for around 15 minutes and never touched it again. Since I have time on my hands I'm going to show you why in ridiculous detail. "Food for your stomach" You can't eat using the features inbuilt into SecondLife, that's stupid. "He's got his shoes right there on his USB stick" Content is stored within the SecondLife service, of course this brings to light a whole new argument of who really owns/controls the 'property' "If somebody cheats..." Cheats? How the fuck do you cheat in SecondLife? That's like saying cheating in Flight Simulator, it's totally free-form gameplay controlled by the Linden Labs T.o.S "There's 3000 dollars in un-collected "GO" money" I'm gathering you mean Lindens, which equates to around US$15, of course I could be wrong you entire scenario from this point onwards is bizarre.

Re:short answer - No

[iminplaya]

"There's 3000 dollars in un-collected "GO" money" I'm gathering you mean Lindens, which equates to around US$15, of course I could be wrong you entire scenario from this point onwards is bizarre.

I guess you never played Monopoly. And judging by your reaction to my post, you seem to be the sensitive type with a thin skin and an inability to comprehend the "editorial" you. As for the rest of your post, I don't understand a word you said. It made no sense. Have fun playing "The Game". Look it up :-)

Welcome, welcome to "You bet your life. Say the secret woid and win a hundred dollars. It's something you always have with you."

Re:short answer - No

[SJ2000]

I'm just tired of people's crap about SecondLife when all they appear to know about it is crap they read, experience it properly then I'll respect your opinion. If this isn't the case then speak up, currently your analogies don't even parallel was occurs in SecondLife. All I did was take apart your previous post and rebutted, not really much to it other then that. What didn't you understand? I'll rephrase it

Re:short answer - No

[iminplaya]

What didn't you understand?

All of it. It didn't relate at all to what I was saying. I have no idea where to begin.

It not about SL in particular. It's the whole attempt to meld two totally unrelated things together. This is another rehash of, "Does virtual rape equate the real thing". Are you going to put people in a real prison for it? Are you going to tie up real public resources over what happened in a game? It's insanity. That aspect of it IS real. What happens in these games should stay there. When the computer is off the game doesn't exist except within the context of the itself. Oh Christ, now you got me into that outlandish concept. I quit! I'm going to get a real beer and get real drunk and throw up real vomit.

Re:short answer - No

[SJ2000]

"Does virtual rape equate the real thing". Are you going to put people in a real prison for it? Are you going to tie up real public resources over what happened in a game? It's insanity. What does this have anything to do with this topic? Of course we shouldn't arrest people for that crap, we're not talking about moral or ethical issues. This is an financial one. The fact is SecondLife is for entertainment and people pay money for that, stop going offtopic with other issues. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess? Probably but it'll never happen, too much administration and bureaucracy. They would shutdown the service if that occurred or radically change their business model to suit.

Re:short answer - No

[mstahl]

Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"?

That's the thing. Linden dollars are supposed to equate to real money. You buy them. Why you'd want to do that is beyond me but there it is.

Re:short answer - No

[walt-sjc]

Yes, Linden dollars do equate to real dollars. You can buy them, or you can create them by creating objects people buy or offering a service that other people pay for. Why do people buy? It's part of the game. Nearly every game out there costs money. Many are subscription. SL is similar. You can always play and not spend any real money at all. as most places to visit are free, and there is plenty of free items out there.

It's entertainment. People are willing to pay for entertainment.

Re:short answer - No

[ronadams]

Except that real money is involved in Second Life. There's more to it than just a game -- when money can be made and lost, the stakes and consequences are higher.

Re:short answer - No

[DaleGlass]

What kind of real items are you buying in Second Life?

SL works as a convenient paypal-like money transfer system. People pay me for programming projects through SL.

It's quite possible to make a living from it. I currently probably could live exclusively from SL.

Re:short answer - No

[sqrt(2)]

If I was spending real money on a hobby, I'd expect a reasonable amount of security. Don't even think farther than that. When you spend money online, don't you want it to be secure? That's the issue.

I'm sure there exists casual SL players. Probably some that play even less than you spend on slashdot. You can easily spend hours and sink tons of real money on any hobby, if people want to throw it away on a virtual world that's their business. Some people play WoW, I can't understand that either, but a lot of my friends play it and really enjoy it. It's worth the time and money to them because it's enjoyable. Wouldn't be to me, and I'm guessing not to you either, but that's why we're not WoW subscription holders. If I was though, I'd expect a certain degree of security when handling my transactions, credit card info, and account.

Re:short answer - No

[pnewhook]

Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?

*Guarantee*? No of course not - no one can guarantee nothing will ever happen. But expect reasonable care as any legitimate business should? Sure, why not?

The operators of SecondLife can no more guarantee that you will not get robbed in the game than the polititians and police can guarantee that I wont get robbed walking down the street.

Re:short answer - No

[CronoCloud]

Personally, I don't at all see the appeal of "second life". If you're going to be involved in something that is just like real life, but is not real life, and is an inferior low resolution copy to boot, why not just go to a park and watch the squirrels play?

Second LIfe is not like RL, for one, I can't fly in RL. Neither could I meet a tiny squirrel, hop in Ornithopters and shoot at each other. Or play En Garde with the squirrel, or go to a musical performance with the squirrel, or say build something really impressive, say a replica of the London Eye, with the squirrel.

Not that I have done any of that with a Squirrel in SL.

SL is what one makes of it.

Re:short answer - No

[Just+Some+Guy]

What kind of real items are you buying in Second Life?

Money. SL lets you buy and sell real world currency. If someone has a credit card on file, you could use their character to buy quite a lot of money and transfer it to another user before trading limits kicked in. I'm sure there are no end of effective laundering schemes to get it back out cleanly.

Re:short answer - No

[jonbryce]

If it was in Europe, they would almost certainly have to register as an electronic money issuer, just like Paypal Europe is (in Luxembourg). That does give some protection, but not as much as the FSCS guarantee, which the the equivalent of FDIC.

Re:short answer - No

[iminplaya]

Simon ese. Somos pocos pero locos

Re:short answer - No

[iminplaya]

I see SL (as in Savings and Loans) and start thinking there's lots of virtual Charles Keatings and John McCains out there :-)

Re:short answer - No

As far as I am aware, it is real. The money, anyways. Whatever your feelings are about people's choice of hobby, Linden Dollars have a very real transaction rate, and if people are getting their Linden "stuff" taken from them, it cost real money and it's worth real money, no matter how it's implemented.

What if you collect cars? What if somebody comes by and exploits a vulnerability in your system--you don't have security cameras. I guess everybody else on /. (from the responses I've seen) would say that you're sol because you spend all your time and money on a silly hobby and you should be doing something more worthwhile. I don't.

If "it" is worth money and "it" can transfer possession (be owned, stolen...), it doesn't matter what "it" is or how "it" is implemented. Folks are having real money stolen. So, it becomes a very large issue. Linden Labs is going to have to start thinking about what their policy should be on the issue, given the way in which they open real money to virtual theft. Or, stop integrating other vendor's products and vulnerabilities into their system :)

Re:short answer - No

[rhinokitty]

The way people should be thinking about this issue is simlar to the way online poker is thought about. It is the same difference, people playing a game and "gambling" real money. Nobody feels bad for a retiree who goes to Atlantic City and loses a thousand bucks at a craps table, nobody feels bad for a college student who blows his loans on online poker, and nobody should feel back for people getting suckered on Second Life. The money was already gone as soon as you gave it to Linden. Because you lost your play money, one way or another, it is still part of the game. The hackers who "stole" your play money are still "playing." You getting robbed of your play money is still part of the game, its just not the fun part.

Re:short answer - No

Paypal isn't even regulated is it? Maybe barely. Given that, Second Life will never be unless Linden Labs wants to.

Re:short answer - No

[had3l]

Except you can call the police if they are hacking into your machine. That is a federal offense.

Re:short answer - No

[Lesrahpem]

It's not real people. look after your actual life for a change....

True, it is a game of sorts, but since Linden dollars can be directly converted into real world currency, and many people actually make money that way, this is an actual problem. This isn't like somebody stealing your stuff in Wow, this is more like someone stealing your poker chips at a casino.

Re:short answer - No

[The+One+and+Only]

I spent a long time on Second Life--hours, even. It is crap and anyone who actually feels bad for losing their "Linden Dollars" is pathetic. (It's possible on SL to bootstrap from nothing and work your way up to having a considerable number of "Linden Dollars" without any talent at all, and I was halfway into doing so until I decided SL was a waste of time. And it's not exactly difficult either--I sort of fell into it by accident.)

Re:short answer - No

[The+One+and+Only]

There's a distinction between using SL as PayPal (a brilliant idea!) and actually keeping large L$ reserves in SL to "spend" on "goods" and "services" that only exist within Second Life itself. ("Services" usually being animated cybersex, and "goods" usually being cybersex animations.)

Re:short answer - No

[DaleGlass]

Well, the definition of "large reserves of L$" varies quite widely. Things are cheap in SL. An expensive avatar might be $5. Usually much cheaper.

If you're interested in stuff (as in toys and not services of some sort) you can gather a huge heap of all sorts of things for $25.

"Goods" are far more than "cybersex animations", btw. Those generally include avatars, weapons, toys, clothes, utilities (RSS readers say), buildings, etc, etc. You want to live in a medieval castle? Or a house on a tree? A Stargate? A lightsaber? There are lots of things like that available.

Building a house in SL is easy in theory and free unless you need to upload textures (no problem there, lots of free ones available). But it turns out that building a good looking one takes serious work, and if all you want is to have a virtual house on a virtual beach it's far easier to pay for it.

Re:short answer - No

[dbIII]

The problem with second life as I see it (and one reason why I don't play) is you can put arbitrary amounts of real money in and potentially get real money or real goods out. You can spend a lot on the game. I would be suprised if there are not a lot of govenments wondering how they could get a slice of this as taxes and police departments looking for a way to pounce on the first money launderer they can spot there (most likely with collatoral damage).

I prefer the Blizzard approach where they state up front that they own all the virtual gold and they will stop any attempts to make real cash from virtual property. It keeps the taxmen and law enforcement away and any "theft" has no real cash value and can most likely be replaced without offending anybody. Would second life give you large amounts of something that can be turned into real money just becuase you made a stupid mistake? Other MMOGs could do it without any real consequences because it's hard to turn it into anything with value outside of the game.

Re:short answer - No

[FuzzballtheGreat]

It seems like the number of "casual" Second Life players, as you call them, is actually diminishing. I know that over here (The Netherlands) a lot of companies, city councils, libraries and the like are really interested and spend quite a lot of money on being a presence in Second Life, thus trying to promote themselves. If there is so much money going around, on such a professional level no less, I would definitely like some security for my money (emphasis on "would", since I'm not a player myself). Then there's also the question of the casual users. I'm not sure what the general age of people on Second Life is, but it wouldn't hurt to put some security in place if only to protect the younger players, who might not know what they're doing.

Re:short answer - No

[jaxtherat]

Hmmm. Sounds awfully like a heroin addict's rant about how they're in control and no-one can judge them unless they are on heroin too.

Re:short answer - No

[Samarian+Hillbilly]

I'm not so sure, you could consider "hacking" just "part of the game" like it is in real life. How realistic do you want the game to be? I game that was totally "safe" wouldn't be much of a game. In the end I think it's an aesthetic question of playability and game boundaries, the users and creators have to decide what they want.

Re:short answer - No

[forgotten_my_nick]

> What kind of real items are you buying in Second Life?

Well within the game you are paying for designers, coders. However there are quite a few people in SL who take linden $ over real $ because it offers a level of anonymous access over paypal. Which is why you will find a lot of "web cam" services there.

Re:short answer - No

[Moderatbastard]

Alert the eCommerce sites, eBay better shutdown now.

Right, because those are so totally the same thing as some dumbass game. Drivel like that at "5 insightful". Shocking.

Re:short answer - No

[Some_Llama]

"Hmmm. Sounds awfully like a heroin addict's rant about how they're in control and no-one can judge them unless they are on heroin too."

Agreed, i'd much rather have someone who has never tried herion and has no idea of it's effects creating policy on the use and availability of herion than someone who has experienced it first hand. do you work for the government? Possibly in some facet of drug control policy?

Re:short answer - No

[jaxtherat]

I have (had) two friends who are (were) hardcore heroin junkies.

I (now) have two friends who are hardcore WoW and SL junkies.

I find their behaviour patterns disturbingly similar, and it scares the shit out of me, examples:

  1. spending all free time in pursuit of X
  2. spend all resources to maintain X in their life
  3. steal from friends and family to afford X
  4. repeatedly lose jobs because they keep cutting work because of X
  5. grow heavily depressed, aggressive and compulsive because of X
  6. rapidly develop health problems because of over-consumption of X
  7. social circle shift exclusively to those who are users of X

where X can be either heroin or a paid account of WoW or SL.

Next time, before you make some infantile statements about subjects you know nothing about, grow some balls, move out of your mom's basement and get a first life, fucktard.

No I don't work for the government, and no, I don't see anything inherently wrong with the recreational use of _some_ drugs, but I do see something wrong with statements like yours, especially since I had two friends die from heroin, and it didn't have anything to do with issues of government control or availability, but rather what repeated heavy use of strong opiates does to a person's mental and physical health when for them heroin becomes more precious than food/medicine.

Re:short answer - No

[Some_Llama]

"I have (had) two friends who are (were) hardcore heroin junkies."

Which mirrors the behavior of everyone everywhere. good point.

"Next time, before you make some infantile statements about subjects you know nothing about, grow some balls, move out of your mom's basement and get a first life, fucktard."

when you can accurately reflect my true lifestyle and converse rationally i might listen to your advice. I happen to know a lot about the subjects i speak of and your irrational response shows you are heavily emotionality invested in the issue so possibly are not open to rational discussion. I see a lot of the laws and prohibition surrounding drugs being driven by the same fears and feelings. It's actually sad.

"and it didn't have anything to do with issues of government control or availability,"

I would believe you except for the fact that if we substituted X for smoking or alcohol it wouldn't make any sense.

I feel bad for your loss if in fact you did lose someone do to their inability to control their habits, but why do I have to be punished for their actions?

Let's take all of your statements and change it to alcohol or smoking, hmm they don't make much sense do they.

an alternate, and more entertaining solution

[User+956]

Risks for users are reportedly limited because the researchers say the flaw can be quickly patched.

Yes, well, the other solution to this flaw is to simply spend all your money on entrance to the tentacle hentai simulator.

I'm sorry

[Deltaspectre]

I run the Linux client, perhaps you could deliver this streaming video.... so I can more easily turn it off.

Re:I'm sorry

[Deltaspectre]

On a weird side related note, after posting that I noticed Firestarter was flashing red and 16 attempts on various ports from an IP that resolves to slashdot.org were recorded... What gives for that?

Re:I'm sorry

[deftcoder]

Anti-spam thing.

Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).

They're ports commonly used by proxies and such.

Re:I'm sorry

[wertarbyte]

Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).

Set your packet filter to REJECT instead of DROP. Dropping packets i usually a bad idea and sounds like some kind of obscure desktop firewall in "stealth mode".

Re:I'm sorry

[deftcoder]

Or netfilter rules with a DROP policy. :)

I am only forced to use Windows at work. :/

Not-so-virtual

[Calydor]

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

Re:Not-so-virtual

[Credible]

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with. That's not the test. The question is whether you can buy real currency with lindens.

Re:Not-so-virtual

[icepick72]

But I buy monopoly money with real money and there's no need to guarantee the safety of it because I've purchased play money. Linden dollars don't do anything either outside the context of a game. You have your virtual and real worlds mixed up.

Re:Not-so-virtual

[cos(0)]

You can buy anything with currency. The real test might be, does the government have an interest in protecting the integrity of Linden currency to the extent of US currency?

Alternately, can one buy US currency with Linden currency? However, this test would merely cause theft of Linden currency to be a crime with "real" damages; it would not require the storage and management of currency to be as secure as with banks.

Re:Not-so-virtual

[SJ2000]

Yes, you can using Linden Labs own exchange to turn US$ to L$ vice versa. Look on their website

Re:Not-so-virtual

[bob.appleyard]

No guarantee of safety? If someone steals your property (ie. the game or its fake money) would the poilce not deal with it as theft? It's exactly the same thing with Second Life, someone buys a product (game money) and that is taken from them without consent. Just because you don't value their property doesn't mean it has no value.

Re:Not-so-virtual

[walt-sjc]

As was said elsewhere, yes you can sell your Linden dollars in exchange for real US dollars.

Re:Not-so-virtual

[vertinox]

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

IANAL or an Economist but...

True, but the Linden dollars aren't insured nor backed by Federal Banking and SEC regulations.

If Linden folds or they decide to devalue their currency then you have no legal recourse. Since there is no physical or scarcity limitation to their currency, once cannot 'steal' it from you because it never left the linden servers and it most likley still Linden property unless specified so in the contract or EULA.

Now, I remember something about how Linden EULA was very generous when it comes to ownership (someone please bring more details on this since I'm clueless how far this goes), but unless the contract specifically entails that Linden will insure the Linden dollar against theft or devaluation then you have little recourse other than good faith.

I suppose in the end you could sue Linden for a breach of contract and they could sue the thieves for violating the rules of conduct, but you couldn't directly sue the thieves (since you didn't have a contract with them) nor press charges since legally the Linden dollars is still in Lindens hands.

Now, I know banking and stock market works a bit the same but the reason they are different is because of the SEC and Federal Rules your bank and broker must play by or face legal action by the government. Linden does not.

Re:Not-so-virtual

Sure, when I buy a Monopoly game I pay real pounds for it. And if someone steals it, I expect the cops to arrest him.

I don't expect the cops to arrest him if he plays a game with me, and refuses to pay up when he lands on my hotel.

That's the difference!

Re:Not-so-virtual

[osu-neko]

Now, I remember something about how Linden EULA was very generous when it comes to ownership (someone please bring more details on this since I'm clueless how far this goes)...

Never quite understood why this is either a surprising or hard to understand issue for anyone, so let me put it into perspective relative to how LL sees SL. LL sees SL as the "3D Web".

Ownership? LL has as much legal claim to ownership for things you upload to their servers as any web hosting provider has to content you upload to their servers, which is to say, none whatsoever. This is not "very generous", this is merely standard operating procedure for an Internet service hosting provider, which is what LL is -- they're also software developers, but they give away the software, they make their money from hosting fees, commonly called "tier".

(Going on a complete tangent...) People are always asking what's the point of SL, which is rather like asking what's the point of WWW. It's a platform, not a monolithic thing you can talk about the point of. You can talk about the purpose or point of a particular website, but it just doesn't make sense to talk about the point of the WWW. People who don't see the point of SL are usually looking for something that doesn't exist, some mythical unifying objective that just isn't there. Like the web, it is what people make of it. Like the web, that means it's mostly pr0n. ;) But it's also corporate PR and financial deals and artistic collections and personal expressions and dancing hamsters and a million other things.

What's it for? It's a tool for making what you want. There's nothing in the tool that predestines a particular purpose, just a particular form, just as Apache doesn't limit your purpose, just the medium of its expression.

And for the "But it isn't real!" crowd: is the web real? I mean, a book or printed magazine page is real, but a webpage isn't, right? Therefore, people who spend time browsing the web, interacting on the web, playing games on the web, engaging in financial transactions on the web, it's all just make believe, right? Or wait, could it be that the lack of a physical manifestation of a thing doesn't necessarily invalidate it -- the same information may be equally valid whether printed on dead trees or not?

SL is neither more nor less real than the world wide web. If you're not familiar with SL but want some perspective on questions people ask or statements people make about it, understand that SL is a platform for publishing content, more rich in some ways but still that's what it is at the core. When people make statements about SL, and if you replace "SL" with "WWW" in the statement and find that it is now an utterly absurd statement, rest assured that it was utterly absurd to begin with, since the speaker was attempting to invest in SL some quality or other it doesn't actually posses, or assert it lacks some quality that other platforms, like the web, do possess, other than shear number of users. There are exceptions, but they are few, and someone making such a statement would need to explain what particular quality they're getting at that makes it an exception here, or they'd be making a half-baked argument.

Re:Not-so-virtual

[The+One+and+Only]

If someone steals your property (ie. the game or its fake money) would the poilce not deal with it as theft?

If it's less than a few thousand (real) dollars in value, probably not. They can't be arsed to deal with anything less than grand theft auto in most cities.

Re:Not-so-virtual

[Lodragandraoidh]

Linden dollars don't do anything either outside the context of a game.

Actually they do. You can sell your Lindens for Dollars (The current exchange rate is 266L per $1.) So if you have a successful online business there, you could make enough real dollars to live off of in the real world. Difficult, but not impossible. SL has a vibrant economy - Check out this link for specifics.

That is aside from the personal networking, professional and career contacts you can make in SL that can equate to job offers/contracts in the real world (writers, graphic artists, media developers and programmers in particular - but there are other fields, such as education [distance learning], music [live concerts streamed in SL], and many others that lend themselves to the environment).

Re:Not-so-virtual

[nevermore94]

But, the difference is that you can turn Lindens back into real money. Through making and selling things in game I have earned about $800 real US dollars worth of Lindens while never investing a single dime into the game. If any of that money had disappeared before I transferred it out I would be pretty P.O.ed. Therefore, I think I should reasonably be able to expect the same security I would expect from an online bank.

Old recommendation, Quicktime prob killed soon

[AySz88]

If you take a look at the Second Life blog, you'll see that the referenced recommendation was from a couple of days ago (November 30). A paragraph in the blog seems to say that if LL starts noticing exploits, they'll kill all QuickTime on the grid and maybe roll back exploit-induced transactions - expect this to happen soon.

We do have the ability to turn off all videos on the grid, but have instead chosen to respect the existing in-world content and experiences which rely on streaming video, as we know that many of you enjoy these. We do recommend that you employ caution when using QuickTime in Second Life, only enabling it in environments that you trust, and are familiar with.

We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker. This will include account termination and legal action if appropriate, as well as the appropriate assistance for affected Residents.

Re:Old recommendation, Quicktime prob killed soon

[gad_zuki!]

Im just blown away that quicktime doesnt have some kind of auto-updated, only itunes does. Ideally, Apple should be asking MS to put whatever patch they have into XP's auto updater like Adobe did when Flash had the vulnerability.

Re:Old recommendation, Quicktime prob killed soon

[JackMeyhoff]

They do, its called "Apple Software Update". I bet most people remove it.

Real life banks are not secure.

[WK2]

Real life banks are not secure. They are just as likely to be hacked as any other web site. In the U.S., they are FDIC insured, though.

Re:Real life banks are not secure.

[twistah]

Well, that's true, but there are lot of regulations in the U.S dealing with bank security. Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA) which deals with customer information and several others must be complied with. Other countries have them too; for example, J-SOX is Japan's SOX equivalent. This means that the bank gets audited, often by two sets of outside auditors, which helps security at least somewhat. Most banks and credit unions also often go through penetration tests and vulnerability assessments, if only to keep their examiners happy (as in, the NCUA, OTS, or whoever they happen to be chartered with.)

It's interesting to consider how these things may apply to Second Life and Linden Labs. At some point, some regulation must come into play. For example, if credit cards are processed, they must comply with the credit card industry's PCI standards. I am not saying compliance with these various regs is an answer to their problems, I just think it's interesting to consider how these apply to something non-traditional like SL.

Re:Real life banks are not secure.

[Jugalator]

I don't know how I should best put this or if you're joking but -- no, bank web sites are usually more heavily scrutizined against attacks, and it seems successfully so. Bank sites should logically be major hacker targets, but the only way I use to see people "hack" themselves to find any bank account details here is by having people run a trojan in a mail in advance containing a keylogger. Or go to a web site set up to look like a bank site and have the user input the private details there. But in neither of these cases is it really a bank security problem.

I must say I don't really recall a national bank here being attacked "for real", but I recall plenty of other categories of web sites.

Re:Real life banks are not secure.

[ronadams]

As a technical and web infrastructure consultant, I take offense to that remark. Any financial institution worth it's money takes very serious care in web security. Nothing is bulletproof, but to say that myspace.com and usbank.com, for example, are equivalent is absolute nonsense.

Oh, and the stuff the poster above me said is true enough as well.

Re:Real life banks are not secure.

This means that the bank gets audited, often by two sets of outside auditors, which helps security at least somewhat. Most banks and credit unions also often go through penetration tests and vulnerability assessments, if only to keep their examiners happy (as in, the NCUA, OTS, or whoever they happen to be chartered with.)

Auditing the bank will not help secure the customers PC. This is an exploid launched through a 3rd party movie player (Quicktime) installed on the customers PC, and the possibility of transferring the money comes from logging in as the customer - or piggybacking the customers own login. All online banking is suspectiple to at least the last one (One time codes supplied on paper as used by some banks protect for the first one).

fantastic

[ILuvRamen]

Well fan-fricken-tastic for them. Pardon me if I don't care since my 2 year old account just got stolen in SRO because of some idiotic glitch in the company's website or something. It let anyone change your account's password AND e-mail on file so you can't recover it. I was one of the richest people in the entire game. Basically all the famous high level people's accounts are trashed now so everyone's quitting and pissed and threatening to blow up all of South Korea etc. I wouldn't be surprised in the least of the entire game goes under now.
So what's the point of me telling you all this? Because this is what could have happened.

Scare mongering

[SJ2000]

This is simple scare mongering this article and it's no different to surfing around the web except it's in 3D and you walk around. Plus you can just turn off video streaming so go take your crap elsewhere. There has been NO suspected content as of yet to be said to have used the Quicktime Exploit in SecondLife, so no "crime wave" was thwarted. I'm tired of all the anti-SecondLife crap, it's a game which some people don't like, ok, get over it. Get back to your first fucking life which doesn't involve bagging out some stupid game. You want to bag out SecondLife? Do it on something with merit like the crap customer service, the crap uptime or pathetic reliability at least that has basis.

guarantee the safety of money and property?

[timeOday]

For something like this that's easily classified as a bug, yes.

However, at some point they will encounter the gray areas, which are resolved by courts in real life - do they really want to go that route? For instance, are there "lemon laws" for in-game purchases, and contract law for in-game agreements? Take the whole "who owns Unix" debacle Novell and SCO have been engaged in. What if second-life outlaws resort to bartering with some other scarce resource besides money to circumvent all the rules? Property is a nice concept, but it's still a made-up concept that is whatever it is defined to be, so policing it will be almost as messy as in real life.

Re:Cause?

[SJ2000]

Yes, thank the god of your choice. There is at least one sane person here...

SL's economy is a giant sinkhole anyway

[Carbon016]

As someone who has been quite directly involved in Second Life (or at least griefing it), I know SL pretty thoroughly, and I especially know there are two attractions to Second Life: sex and money. They're readily interchangeable, and they're the only reasons anyone uses it, despite claims to the contrary by media-whorish Linden Labs. You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim. News about security problems is common because there's so much money going through the system and a lot of people looking to exploit it, as well as a wealth of disorganized, terrible code.

A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately. Yes - there are Second Life banks, (multiple) Second Life stock exchanges, and all sorts of economic institutions: however, the operators of these venues often don't know the difference between an interest rate and their shoe so most people that end up dumping their funds into them lose all their money. Some people have thousands if not tens of thousands of dollars tied up in the game. As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it. So economic problems are pretty common. Guaranteeing anything is a difficult proposition for the companies running the games: most have simply said "the *unit of currency here* is not money, nothing is guaranteed" to avoid lawsuits when someone messes up and loses a grand because a sim went down. So it's a dangerous game and the only real winners in "investing" in Second Life are LL.

Re:SL's economy is a giant sinkhole anyway

[SJ2000]

"Ginko Financial" was not a bank. The fact you can't recognize this means you know shit. The economy started going down hill because Linden Labs finally said they would obey the law and banned in-game gambling.

Re:SL's economy is a giant sinkhole anyway

[RichardX]

My most insincere apologies for undermining your point of view, but I use Second Life for reasons which do no include sex or money. To me, it's like Lego, but even more fun in many ways. You can build 3D objects, with an extremely limited toolkit where somehow the limitations make it more fun, and then you can give those objects behavior via scripting. Then it gets really fun when you share in those objects with other people you meet there.

Oh noes. What's that you say? There are furry tentacle-rape freaks on SL? Guess what? I don't care. They don't bother me, and I don't bother them. Personally, I've had a lot of fun on SL which has had nothing to do with sex or money... but don't let my little anecdote get in the way of your rant.

Re:SL's economy is a giant sinkhole anyway

[Carbon016]

What exactly is your definition of a bank, then? Ginko provided deposit and withdrawal of currency and issued loans. Everyone from Reuters to Philip Linden called it a bank. Regardless, any economy with such a capital system (the Lindens frequently mess with it without respect for economic consequences) will ultimately fail, content ban or not.

Re:SL's economy is a giant sinkhole anyway

[RichardX]

Yeah, before someone points it out, I typoed "not" for "no".. when will Slashdot get with the 1990's and add an 'edit' button?

Re:SL's economy is a giant sinkhole anyway

[SJ2000]

Bank in the legal sense. If it's not a legal bank it's not a bank

Re:SL's economy is a giant sinkhole anyway

[timmarhy]

"Personally, I've had a lot of fun on SL which has had nothing to do with sex or money"

lies make baby jesus cry.

Re:SL's economy is a giant sinkhole anyway

[cruachan]

Well all this says is that you're a not very nice person who is obsessed by being an asshole (griefing), sex and money. Of course there are loads of people in SL doing the cybersex thing, and if that's what you go looking for then that's what you'll find. But it's a bit like going to Amsterdam, just touring the red light district, and then concluding everyone in Amsterdam is just interested in buying and selling sex.
Myself I run a quite profitable RP-orientated design business which nets me around USD$500 a month. I don't earn at real-life pay rates, but SL has basically replaced the time I used to spend playing other games and the like, so I now have entertainment that pays me :-). Most of the people I deal with are there for entertainment in various forms, and certainly not the cybersex obsessed griefers you hang with.

Re:SL's economy is a giant sinkhole anyway

[Jesrad]

"You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim."

In three years sent in Second Life I have not done any of this. I must some weird and very persistent aberration, then. Or maybe you're just wrong.

"As the Linden (the currency of Second Life) is not based on anything"

It is based on the USD, and maintained at a rather fixed rate by LindenLab acting as a central bank. It's not perfect, but it has worked remarkably well so far.

"Linden Labs simply dumps currency into the market whenever they feel like it."

No, they sell some L$ only when they rate drops under 265 L$ per 1 USD to maintain the rate, and they buy back the L$ when the rate goes higher than 266 L$ per 1 USD (though they apparently never have had to do that). That's not "whenever they feel like it".

"So economic problems are pretty common"

Err, no. The L$ has been exceptionnally steady ever since LL introduced the measures I pointed out above, and the vast majority of players have zero problems with it. Only those who want to play games with their money and that of other people are taking risks. You're obviously confusing economy with finance if you conflate financial institutions like the "banks" and "stock exchanges" with the economy itself. But then, that's to be expected on a technology-oriented website like /.

Re:SL's economy is a giant sinkhole anyway

[ronadams]

Being some random griefer who sends flying phallic objects across the Metaverse doesn't make you an expert in anything except flying genitals. So let's step through your insolent propaganda point by point.

1. "...they're [sex and money] the only reasons anyone uses it [Second Life], despite claims to the contrary by media-whorish Linden Labs."
   Perhaps you're not aware of the number of corporate entities using Second Life, not even for direct profit, but simply as a platform to deliver product information, such as Sun Microsystems, or the educational institutions using it as part of a prototype distance learning initiative, such as Bowling Green State University. Maybe you're not aware of the high-profile full-time businesses in Second Life, or the many, many articles reputable business publications have written noting the unique opportunities that exist in SL. There's much more than just sex and money. As in real life, there is entertainment, education, experimentation and economy. You know little about these because you spend all your time making the experience inconvenient for others.
2. "A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately."
   This was no surprise to anyone not stupid.
3. "As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it."
   A quick look through the SL Economy metrics and blogs shows you're full of it. There is an actual regulation to the currency in SL, you're just ignorant of it.
4. [Your last statements]
   Again, your ignorance shines through. Do you do any investing in the real world? Do you know what happens when you invest 100k in prime real estate in California and an earthquake devastates it? Unless you took out insurance of some kind with an organization who certainly makes more than they will ever put out (on a sidenote, there are investement insurers in SL), you are SOL. Linden is careful to use the terminology "unit of trade" for the Linden dollar, because the Metaverse is not a seperate governmental body, has no legal jurisdiction in the real world, and wants to avoid the IRS putting their grubby mitts any further in. If you are foolish enough to make an unwise investment in SL, then, just as in real life, you learn that a fool and his money are soon parted.

In conclusion, please know what the hell you're talking about before you respond. And stop griefing the Metaverse, it's obnoxious.

Re:SL's economy is a giant sinkhole anyway

[osu-neko]

Indeed. I'm reminded of that song, "The Internet is for Porn". One could take a look at the World Wide Web and make the same characterization about it as SL. People who rant about what SL is all about are like people who rant about what the WWW is all about -- they're both mind-bogglingly stupid. Neither platform is "all about" any one or two particular things. Both platforms allow you to deliver a lot of different content for a lot of different purposes. Sure, a lot of people do use it for said purposes, but a lot of people don't.

Re:SL's economy is a giant sinkhole anyway

[G+Fab]

Since when?

you're just adding to the normal definition ad hoc.

It was a bank. We all realize it wasn't FDIC insured and isn't the same as Bank of America. But go run to your dictionary and look up the word "bank", and you will realize that banks actually preexisted the laws in place today. A bank is where you store your money. In fact, a bank is just where you store anything.

I can have a bank of thumbtacks i my garage. It's a normal word that you should relax about.

The parent is right. Linden is profiting on the insecurities of the system. So long as the customers understand this going in, that's not a problem, but it's a sad hobby. Like gambling. It's not something I'm morally opposed to, but for those that abuse it and get screwed, I'm totally right to say it's a sad thing to do.

Re:SL's economy is a giant sinkhole anyway

[SJ2000]

If you're stupid enough to deposit money into this 'bank' with ridiculous interest obviously there is risk of you loosing your money I have no sympathy for people who lost money in such ventures. Banks like Ginko Financial are optional and are not associated with Linden Labs, you don't have to deposit money in them nor do you have to use them.

Re:SL's economy is a giant sinkhole anyway

[AlexMax2742]

"...they're [sex and money] the only reasons anyone uses it [Second Life], despite claims to the contrary by media-whorish Linden Labs." Perhaps you're not aware of the number of corporate entities using Second Life, not even for direct profit, but simply as a platform to deliver product information, such as Sun Microsystems, or the educational institutions using it as part of a prototype distance learning initiative, such as Bowling Green State University. Maybe you're not aware of the high-profile full-time businesses in Second Life, or the many, many articles reputable business publications have written noting the unique opportunities that exist in SL. There's much more than just sex and money. As in real life, there is entertainment, education, experimentation and economy. You know little about these because you spend all your time making the experience inconvenient for others.

Maybe when you people get...

"A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately." This was no surprise to anyone not stupid.

...your head out of your own ass...

"As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it." A quick look through the SL Economy metrics and blogs shows you're full of it. There is an actual regulation to the currency in SL, you're just ignorant of it.

...to the point where you don't bother with point by point rebuttles...

[Your last statements] Again, your ignorance shines through. Do you do any investing in the real world? Do you know what happens when you invest 100k in prime real estate in California and an earthquake devastates it? Unless you took out insurance of some kind with an organization who certainly makes more than they will ever put out (on a sidenote, there are investement insurers in SL), you are SOL. Linden is careful to use the terminology "unit of trade" for the Linden dollar, because the Metaverse is not a seperate governmental body, has no legal jurisdiction in the real world, and wants to avoid the IRS putting their grubby mitts any further in. If you are foolish enough to make an unwise investment in SL, then, just as in real life, you learn that a fool and his money are soon parted.

...to people who are trying to troll you...

In conclusion, please know what the hell you're talking about before you respond. And stop griefing the Metaverse, it's obnoxious.

...you faggot.

Re:SL's economy is a giant sinkhole anyway

[G+Fab]

Well, I agree with you to an extent.

However, the same could be said of people trusting American banks before reforms were enacted. You didn't have to use then and they were not associated with the government of the US. Of course, many did and were screwed, and eventually the people demanded the US government do what it had the power to do: reform the banks. And everyone was happier.

Linden makes a fortune off these shams. By screwing with the currency they are making money, pure and simple. Are these banks thieves? No. Is Linden a thief? No.

But they would be a better company if they helped their customers more here. They know what you know about how many people are losing money.

Is it illegal for Linden to do nothing about it? Nope. And I am not inclinced to really feel much sympathy for the people who make stupid decisions, but as these stupid decisions pile on and on, it affects society negatively.

I don't like when Casinos get some old lady's pension. Happens all the time and it affects society, so casinos support gambling addiction assistance efforts. Because they don't want feel too much wrath and because it's the decent thing to do.

Is Linden going to do the decent thing here? Probably not. Instead, they will insult their customers for Linden's shoddy product.

Re:SL's economy is a giant sinkhole anyway

[ronadams]

Grow up, child.

Re:SL's economy is a giant sinkhole anyway

Ah.. a greifer AND a troll.. how novel. Not. Your mom must be so very proud.. oops.. lookout shes right behind you telling you it's past your bedtime.

It's been a while ...

[bdraschk]

since the last Second Life story, even on other online news sites who were big into that second life thing.

Isn't it dead already? Second Zombie?

Re:It's been a while ...

[Kreigaffe]

It was never really that big to BEGIN with... it just happened to have three things going for it.

apparently, many writers are closet furries and so play second life.. and it's not a traditional game with, you know.. a purpose. or anything to do. so they could get away with raving about it at work as some sort of ultra-hip new thing. and finally, since nobody ever fucking heard about it, all you've got to go on is all this hyperbole bullshit speak and so until you actually take 15 seconds to look closer at the game, until you have some basis for judging it other than some complete deviant's testimony, it might sound neat.

omgwtfbbq

[slyn]

Ummmmmmm...

Can someone explain to me why Quicktime is so fucked up? I'm dead serious, and I ask this as a mac user.

It seems like all the time there are new exploits for all different types of services (firefox exploits, myspace exploits, this, etc.) with one thing in common: It's not [necessarily] the services fault, it's Quicktime's. Is there something about the architecture of Quicktime that makes it particularly exploit friendly? Or does it not do enough checking to see if the file is malicious? Is Quicktime crack-friendly on both platforms or is it a shitty port like iTunes for windows and thus mostly windows only exploits?

I tend not to use Quicktime because it takes to long to load movies, (unlike VLC, which "streams" them and so it begins playing them almost immediately), but if any more exploits begin showing up for Quicktime, I may seriously consider not using it at all.

Re:omgwtfbbq

It seems like all the time there are new exploits for all different types of services (firefox exploits [slashdot.org], myspace exploits [eweek.com], this, etc.) with one thing in common: It's not [necessarily] the services fault, it's Quicktime's.

The Firefox one and the Secondlife holes are actually the same hole in Quicktime, using different programs to launch Quicktime.

The rules of the game

[mcrbids]

In the real world, we have real, physical rules that determine what we, the "users" have to live with. Cops and the like work within those rules but since they don't make the rules of the universe itself, represent (at best) a 2nd-rate answer.

That cops can't enforce the law 100% is due to the fact that they didn't make the universe; that onus belongs to either God or a random Higgs field.

Here, however, the programmers are god-like. They make the rules of the universe. All of it. Therefore, the onus DOES fall on them. If they take money for goods that then get taken in a universe they otherwise control, shame on them.

It's little different than if you were a merchant and sold somebody a widget that was then stolen before delivery. Regardless of the mugger, you're still obligated to deliver the sold widget or return the money. The store you own is "your universe" and you are obligated to perform as expected within it.

Now, if, within the rules of the game, somebody swindles somebody else, then that onus belongs on either the sucker (buyer beware!) or the swindler (cradle-to-grave) but that's more of a political decision between the users of the game since the universal law of the universe/game has not been broken.

Re:an alternate, and more entertaining solution

It does exist, but it's free.

Re:Facts about Negroes and Chinks

Five dollars a day is actually a pretty decent wage in a lot of African countries.

whoplayssecondlife?

Odds are good that not only do more people play second life than browse slashdot, but doubtlessly a greater percentage of sl's population are actually employed in the IT industry (as opposed to simply whining about how shit isn't free on /.).

Second Life?

[catdevnull]

I am amazed by the number of people that actually participate in second life. If you're silly enough to fork over real money for "Lindens," you deserve to be parted with them in SL.

Re:Second Life?

[jibjibjib]

I am silly enough to pay money for entertainment. Is there a problem with that?

Re:Second Life?

[DaleGlass]

I don't fork money, I earn it! My return from SL is very positive and approaches that of a job I could live on.

Re:Facts about Negroes and Chinks

[iminplaya]

Chinese bosses pay Africans $5 a day...

But they're Linden dollars. They can buy you a nice juicy Linden T-bone. That'll put some meat on their bones.

No Exceptions.

[lordsid]

Having exceptions to the no streaming rule is silly until this exploit is fixed. The reason being is now hackers just need to get control of a "trusted" venue.

This comes from a BLOG owner

[SmallFurryCreature]

Can I tell you a little secret about life? It is pointless.

You are born, you die. In between you have to work a lot of hours to... well to postpone the dying part or at least make the dying part less unpleasant.

Luckily, in the west we have become good enough at postponing death that we have some spare hours in our days. So we got to waste them, some watch sports, some have sex, some read books and some play games.

It is ALL useless.

Blogging got to rank near the top of most useless activities and as such you are in no position to critize second life players. You are a pot, so keep quiet about the color of kettles.

I wish people were a little bit more honest about their personal time wasters. Friend of mine follows all the soccer tournaments in the world, yet thinks playing games is a waste of time. Eheh.

Stop blogging mate and save the world or accept that you are wasting your time just as much as people who care about some silly online game.

Re:This comes from a BLOG owner

[walt-sjc]

It's as pointless as any other video game, fiction book, movie, music, sporting event, party, etc.

Oh wait - maybe entertainment is not pointless. Maybe it lets us express ourselves, or enjoy our time outside of work. Maybe SL is a way to interact with people from different countries / cultures - playing together. Or you can spend your life working, eating, and sleeping and nothing else. I think SL is a little silly, but I feel the same about all video games.

Re:This comes from a BLOG owner

[gmezero]

But in Second Life you are now socializing and possibly conducting business for your employer. Many companies are utilizing Second Life as a virtual meeting space to conduct international meetings.

Re:This comes from a BLOG owner

[ElephanTS]

Can I tell you a little secret about life? It is pointless.

Ha! Such a good point, so rarely articulated. Is this the emptiness that chases all those useless retail purchases, looking for meaning where there is none to justify our slave existence?

Re:This comes from a BLOG owner

Second life as the theater of the absurd? Interesting.

Ionseco as a furry? The possibilities are infinite.

Re:This comes from a BLOG owner

You are right: from a scientific standpoint, life is just - born, live, die. But to call life a "waste" and to call it "pointless" is probably the saddest outlook on living that I have ever seen. Yes, I agree that many people do waste their time. But, there are so many good things out there. My friend who is a missionary and helps children in South Africa is *definitely* not wasting her time. I am engaged to be married, and, let me tell you, I am *definitely* not wasting time with the most beautiful, loving, godly woman I have ever known.

If you approach life from a standpoint of "what's the point," then, yeah, your life will be a waste. Quit giving up so easily. Sure you're going to die, but why not do something good until that happens instead of just rolling over and accepting it?

Re:This comes from a BLOG owner

Guess what, Mr. Sunshine!

You will get divorced from your "Godly" woman.

You will get depressed, because after the divorce, you will realize that life is indeed nothing but pain and death.

You will commit suicide, because death is preferable to pain.

Stuff those truths into your happy little "oh my beast-like fiancee is amaaaaaaazing" pipe and suck on it. That will "do some good".

Re:This comes from a BLOG owner

I'd rather be a crying little pussy than a faggy goth kid.

Re:This comes from a BLOG owner

[JustShootMe]

Comparing a blog to second life is a very good example of Not Getting the Point.

Re:This comes from a BLOG owner

Unfortunately, you're both!

Re:This comes from a BLOG owner

Life is 'You get born, you die, and stuff in-between'?

It must be depressing to be you.

People who leave a legacy in any way break that cycle.

Develop a cure for a disease, or build some really useful technology, or help people less fortunate than you, and the world will be a better place because of you...

Other examples: People who have kids break that cycle, or people who are religious feel they have broken that cycle.

Re:This comes from a BLOG owner

[syousef]

What you've demonstrated is that how pointless something is can be rather subjective. However there are tangible and long lived benefits from some behaviours that don't come from others.

For example spending 3 years playing computer games vs spending 3 years obtaining a degree. If you get pleasure out of the games you might not consider it a waste of time, but only one has a serious potential for enriching the rest of your life. If you study something you actually enjoy, it might set you up for years of making a living at something you enjoy. If you play a video game you enjoy for that long you're not that much better off in the end. One has contributed more to your life than pure entertainment.

So most people would say the games are pointless and don't contribute to your life beyond empty pleasure. (There are some exceptions. eg. playing with flight sims may lead to growing up to be a pilot etc). The other point is that if you spend every waking moment trying to better yourself you'll stress yourself out. Games help with that because it doesn't matter much - there aren't many consequeces beyond the game itself. Perhaps that's one of the appeals of virtual realities. The trouble is people get sucked into them and let their real lives suffer because the empty pleasure of the virtual reality is more fun in the short term. If the friend you were talking about skipped work most days to attend soccer games I think most people would agree it's a problem. If he checks on the soccer scores, it's not much harm. However yes he should be able to step back and realize that other people enjoy other things and even if it seems pointless to him it might not be to someone else.

I tried second life for a couple of weeks and found that pointless FOR ME. There was no goal within the game. The social relationships were a pale shadow of real life ones in terms of richness. The most fun thing was exploring virtual spaces and flying but even they got boring to me. I do see why people would say that. On the other hand I've had a neighbour I showed Jupiter in my telescope tell me that was pointless (and snicker that it was a waste of money). I have a better appreciation for Astronomy having studied it and so found it amazing. I've always considered learning and observing less pointless than other things. My point from all of this is I got something from it he couldn't. I can only assume others find something interesting in 2nd life that I don't because for me it is a total waste of time.

However saying all life is pointless is a complete cop out. You know for yourself what you consider enriching behaviour, that expands or realizes your potential and betters yourself. Saying who cares "life is pointless" and using that as an excuse not to try to do things that will enrich your life by your own subjective values is certainly not going to make for a happy, full or rich life.

Re:This comes from a BLOG owner

[Martian_Kyo]

Why is blogging more useless, or rather less useful, then participating in slashdot discussion?

If you made an interesting blog entry, resolving a problem or making some interesting point, people will stumble onto it, sometimes days, weeks or even years after you wrote it.

Again I disagree that blogging ranks in near top ten of most useless things. When blogging your giving back something, your opinion and sometimes valuable experiences, and what's better you're giving it back in an unobtrusive manner. If someone wants to read they can, nobody has to, unlike giving a your opinion in physical life (i don't like the term real life) where you have to find a victim who is willing to listen to you. Watching TV far above blogging in it uselessness. Hell, at times pondering and thinking is more useless then writing a blog. Keeping opinions to yourself is useless.

Here is what i think actually:
It is ALL useful (in its own way).

if it's ALL useless, then we could also argue that everything is equally useful, right?

I dislike these nihilistic totalitarian statements, that disregard details just so they can sound simple, impressive and definite.

Some say 'Devil is in the details' others say 'God is in the details'

What about saying, 'Life is in the details.'

or 'Second Life is in the details' (just to make this reply connect to the original article..somehow)

In a Related News Story

[poena.dare]

In a Related News Story... Police are still trying to explain how one million iPhones with infected copies of QuickTime have managed to induce their owners to foolishly hand large sums of cash to complete strangers. "What's especially troubling," confided one investigator, "is that we can't get 10 feet into an Apple Store before our team members are compromised!"

No Snowcrash tag?

[GroeFaZ]

Is everyone still asleep from partying in their mom's basement?

Am I the only one who doesn't get it?

[lena_10326]

And to think I was concerned about a trojan getting installed on my PC that would steal my USD from my checking account rather than Lindens from my SL account. Sorry, I'll get with the program soon...

Re:Am I the only one who doesn't get it?

[Ash-Fox]

And to think I was concerned about a trojan getting installed on my PC that would steal my USD from my checking account rather than Lindens from my SL account. Sorry, I'll get with the program soon...

Lindens are exchangable with real money.

Exploiting a system to obtain more normal currency is a lot harder than exploiting Second life. You know where the money is located in the Second life client, you know a 100% method to transfer funds to yourself etc.

With real banks? Well... You'd need to make various hooks into the browser, intercept traffic from the browser and rewrite it, make a custom implementation for each bank -- to put it simply. It's a lot harder.

Re:Am I the only one who doesn't get it?

[lena_10326]

Lindens are exchangable with real money.

Is it one way or both ways? If it's one way then it hardly matters. Lindens could always be virtually refunded or replaced.

With real banks? Well... You'd need to make various hooks into the browser, intercept traffic from the browser and rewrite it, make a custom implementation for each bank -- to put it simply. It's a lot harder.

Or... just copy the username and password with a key logger. A general key logger is far simpler and stealing is a lot easier if you know the login info. No need to write fancy browser hooks or "screen scraps" (parsing the HTML from inside the browser). Also, it's a trivial matter to build in some simple AI such as flagging key strokes after typing www.name-of-bank.com; or after typing www.name-of-bank -> mouse click; or www.name-of-bank.com -> TAB, TAB, TAB...

Re:Am I the only one who doesn't get it?

[Ash-Fox]

Is it one way or both ways? If it's one way then it hardly matters. Lindens could always be virtually refunded or replaced.

Both ways.

Or... just copy the username and password with a key logger. A general key logger is far simpler and stealing is a lot easier if you know the login info.

Key loggers don't work because many banks (certainly the ones I have used) require you enter part of passwords on the site these days, usually via a on screen display (via mouse clicking) and some require you do mouse clicks.

There is also the fact that when you exploit a 'real' bank, you are more likely to get caught and prosecuted, than if you do it through Second life, you can create a anonymous account, transfer the funds through the various payment websites before Linden lab has had the chance to catch on.

Linden lab also has far less power to go after people unfortunately.

Re:Am I the only one who doesn't get it?

[lena_10326]

Key loggers don't work because many banks (certainly the ones I have used) require you enter part of passwords on the site these days, usually via a on screen display (via mouse clicking) and some require you do mouse clicks.

I have 8 accounts with 4 banks: US Bank, Bank of America, National City, and Capital Federal and none them work that way. They all require a user name (or id) and password to be typed. On the 2nd login screen for Bank of America, they display a special image I selected on signup that proves they're not a phishing sight, which isn't useful against key loggers. If your banking websites work as you describe, then their websites are just implemented better than the 4 I listed.

There is also the fact that when you exploit a 'real' bank, you are more likely to get caught and prosecuted, than if you do it through Second life, you can create a anonymous account, transfer the funds through the various payment websites before Linden lab has had the chance to catch on.

Oh.. there are ways of exploiting them in relative safely. Change the address and order new cards. Phone activation will forward you to an operator because caller ID won't match, but you already got the answers to all the questions. Plus, caller ID could be faked with internet phones. Just punch in the number listed on the account. That might trick their system, but I'm not 100% sure.

With checking accounts, just change the address and reorder checks. Wait for the mail to come. There are ways to acquire an "anonymous" mail box.

With both, you could just wait a few days and change the addresses back to hide the changes, but only after the check/card orders are placed.

Also, stolen accounts can be leveraged against each other. Write bad checks against Victim Joe, deposit to Victim Bob's account, transfer cash from Victim Bob's account to a foreign account registered with fake information. Withdraw as cash. And, it would not be difficult to bribe a bank worker in Mexico, most of asia, and most of Africa. Lots of schemes are possible.

Linden lab also has far less power to go after people unfortunately.

No less power than a bank would. Robbery is robbery. No matter who is robbed.

Re:Am I the only one who doesn't get it?

[Ash-Fox]

have 8 accounts with 4 banks: US Bank, Bank of America, National City, and Capital Federal and none them work that way.

I guess American banks suck. I've lived in different countries and I can tell for certain that Poland, Germany and the UK banks do not operate that way.

Oh.. there are ways of exploiting them in relative safely. Change the address and order new cards. Phone activation will forward you to an operator because caller ID won't match, but you already got the answers to all the questions. Plus, caller ID could be faked with internet phones. Just punch in the number listed on the account. That might trick their system, but I'm not 100% sure.

I am pretty sure banks have very good systems for dealing with this. Linden lab does not. Additionally banks do not use caller ID, they use ANI (automatic number identification) which cannot be spoofed (at least not without the phone company's cooperation).

No less power than a bank would. Robbery is robbery. No matter who is robbed.

Banks have insurance, banks have additional power in the legal world to persue issues between different countries, reverse charges etc. Linden lab does not. On top of that, it does not have the information to investigate things themselves because they are not handling payments outside of Second life (their bill processor is, and if the person who is stealing the Linden is smart, he'll use one of the 3rd party sites to convert the money). The payment processor is under legal obligation to not provide them information and Linden lab is going to have a problem because they are not even handling the input/export of Lindens in this case.

I really do think it's easier to go after people in Second life than in 'real' banks. Linden lab doesn't even have a proper system for dealing with thieves (as many of us have seen in the past).

Also, stolen accounts can be leveraged against each other. Write bad checks against Victim Joe, deposit to Victim Bob's account, transfer cash from Victim Bob's account to a foreign account registered with fake information. Withdraw as cash. And, it would not be difficult to bribe a bank worker in Mexico, most of asia, and most of Africa.

Yeah.. That sounds really complicated. Compared to just being able to do it with TOR, a bit of scripting and a few click of a mouse to withdraw money without having to involve anyone. I still think the Second life method is more viable for a thief.

Re:Am I the only one who doesn't get it?

[lena_10326]

Banks have insurance, banks have additional power in the legal world to persue issues between different countries, reverse charges etc. Linden lab does not. On top of that, it does not have the information to investigate things themselves because they are not handling payments outside of Second life (their bill processor is, and if the person who is stealing the Linden is smart, he'll use one of the 3rd party sites to convert the money). The payment processor is under legal obligation to not provide them information and Linden lab is going to have a problem because they are not even handling the input/export of Lindens in this case.

On that point, I'll concede. You're right then.

Tag this "snowcrash"

[dino2gnt]

n/m

Re:Tag this "snowcrash"

if you lose cash you may be able to make some more... but when babel falls how the heck do you rebuild it. this snafoo is far to trivial to be labeled snowcrash...

Not surprising

[sixpacker]

SL is just a scammers' paraidse when it comes to money.
Especially all those scam banks just take your money and one day just disappear. The problem is LL doesn't do anything about this and nobody knows where the money goes.

A funny thing is an SL journal was interviewing a 22 year old kid from Denmark, who owned a scammish bank in SL.

Re:Not surprising

[Ash-Fox]

Especially all those scam banks just take your money and one day just disappear.

I only know of Ginko Financial that disappeared, and the reasoning for that was that they couldn't sustain their business model due to changes in Second life's policies that effected them on a huge scale.

Do a significant number of people play this?

[fortunato]

Seriously. I don't know anyone first hand who has a "second life" character. How does this MMO universe compare to say, WoW, or any other established MMO? I find it a little bit amazing that it gets all the press it does. I actually played for all of about 5 minutes before I realized it was really pretty boring. I just don't see the attraction myself, but different strokes for different folks I guess. Is it really such a significant online environment worthy of all the press it gets? I see a lot of news about it relatively often, but I wonder if its just not an environment more accessible to journalistic types rather than a notable or significant phenomenon. I would be truly interested to know the typical kinds of people that put a good chunk of time into it. While Wow, for example, seems to cater to just about anyone that plays any sort of computer/video games, Second Life would certainly seem to be an extreme niche sort of market to me. Of course I could just be old and no longer hip. ;)

Re:Do a significant number of people play this?

[CronoCloud]

I'll help you out. You post on Slasdot, you're a geek.

Second Life appeals to non-geeks, even more so than WoW. It also appeals to creative types, say the folks who are art students, jewelry designers, graphic designers.

When you played SL for those five minutes, what did you do? Did you try out the building and scripting tools? Did you try Googling for interesting stuff to do? Did you try the "head for a clump of green dots and see what's up game"? Did you talk to anyone at Orientation Island?

Re:Do a significant number of people play this?

[Monoliath]

I've always found that the only real problems I with second life...is the atrociously shitty graphics and world interface. The concept to me...is just an extension of the newer GTA Series. (I'm not sure which came first, I do apologize)

If a world engine much like Grand Theft Auto San Andreas was used, I think the game would attract many more 'serious' gamers.

Then again, perhaps this isn't feasible due to the size of the world within Second Life?

I agree with you though...I've tried getting into the game on a number of occasions, and I just can't bear using such horrible crappy controls / character movement combined with a doof-tard interface with vomit inducing graphics and object interfaces.

Re:Do a significant number of people play this?

[Ash-Fox]

If a world engine much like Grand Theft Auto San Andreas was used, I think the game would attract many more 'serious' gamers.

Most engines cannot handle large open spaces, this includes Valve's source engine. A lot of them do not support dynamic content and require a tonne of pre-rendering to get the effects and looks you desire - which second life just cannot do due to how dynamic the world is. Also, I wouldn't call Second life a game. It is not very attractive for the interests of a gamer in my opinion as it is meant to be more of the 80s/90s stereotypical virtual reality.

If you want to see some better graphics, I suggest you use the windlight client. Things look a lot better there, but, you will need a pretty beefy machine to handle it.

Re:Do a significant number of people play this?

[Monoliath]

Most engines cannot handle large open spaces, this includes Valve's source engine. A lot of them do not support dynamic content and require a tonne of pre-rendering to get the effects and looks you desire - which second life just cannot do due to how dynamic the world is.

Yeah, I figured this would have been one of the many reasons. Second Life already takes an ungodly amount of time to load, I find that valve's engine's aren't too bad though...well wait, nah you're right...Half Life II level load times were horrendous as well, give and take I guess.

Also, I wouldn't call Second life a game. It is not very attractive for the interests of a gamer in my opinion as it is meant to be more of the 80s/90s stereotypical virtual reality.

That is an interesting point, and perhaps I am expecting too much of a gaming style interface, thereby causing bias in my opinion of it's controls & interface If you want to see some better graphics, I suggest you use the windlight client. Things look a lot better there, but, you will need a pretty beefy machine to handle it.

I will give that a shot. What do you consider beefy? I'm running 1gig of PC3200 / 1.4 Gig Sempron / Ati Radeon All in Wonder Pro. --

The question remains...

[Stanislav_J]

I've never been able to figure out why it's called "Second Life" when most of the people there have no "first life" to speak of.....

Who cares about furries?

Why do we have a front page article about a bunch of fucking furries? You may as well talk about Furcadia as about Second Life.

Re:Facts about Negroes and Chinks

5 USD/day sounds pretty good in Africa for someone who probably never went to school and has zero marketable skills. For example - Indonesian maids get paid about the same or even less (USD100/month).

Just because it seems low compared to what you're used to doesn't mean they're extremely underpaid, it could mean you're overpaid ;). Demand and supply.

Anyway as more and more Africans get jobs and hopefully better infrastructure (education, utilities etc), maybe in the next generation or so jobs might not be "outsourced" to India, but Africa instead ;).

And would that be so bad for the Africans?

If the Africans don't like the Chinese (who are definitely not the least racist bunch - lookup gweilos, ang moh gui etc ;) ) they could either help themselves or get help from others like the Westerners.

Honestly

Zonk has to be a lame 2nd lifer/ no lifer himself to keep posting all this retarded crap about some obscure POS software that maybe 0.0001% of the world uses

Thoughts?

[fozzmeister]

If your in a game and get killed, then someone takes all your money, obviously it's a crime in SL, but is it a crime in the real world too?

Re:Thoughts?

nope, read the TOS some time, you'll see how wickedly evil it is, and how stupid most players are, taking SL for granted as if real laws apply.

it all comes down to this:

when you upload, when you create, when you transfer real money into SL.

It all belongs to linden labs, they own everything. it's all centralized on their physical property as well.

it may extend to real life if real money is being directly used or lost.

"wait, it is real money!"

it was. it's now credits that you bought that can basically be refunded at a lower value. it's LL's money. if you lose your purchased credits to someone else you trusted in the game, too bad, now they have more to refund and you dont.

So really you lost your money when you gave it to linden labs and there's not one god damned thing you can do about it.

great scam. the only other scam that's just as sneaky, yet more epic is that shitty game, furcadia, where you pay real money for a bunch of pixelated shit. it's hilarious. the people who thought this shit up have my respect.

Re:Thoughts?

[Veinor]

Here's how I think it should be: If it's using in-game mechanics that were deliberately placed there by the game creators, then no; the game designers meant for you to be able to lose your money in this way If it's using exploits, bugs, hacks, then yes. If you lose at a slot machine, it's not illegal, but if the slots are rigged, or someone tampers with them to make them lose more, that's illegal.

Re:Thoughts?

[DeadChobi]

If you die in the game, you die for real!

Re:an alternate, and more entertaining solution

[CronoCloud]

Anonymous coward is telling the truth. I've seen one that someone made. Pictures? Wouldn't you like to know. :-) But this might be a location to check out:

http://slurl.com/secondlife/bel%20Highland/171/143/33

Should be near where you can get the baby unicorn. NSFW link:

http://www.secondlifeherald.com/slh/2007/09/afternoon-delig.html#more

It might be a custom thing though so it might not actually be there.

HY MOOTYKIPS

nt

More details and video of exploitation

are available here: http://www.securityevaluators.com/sl/

Charles Stross: Halting State

[midgley]

A good novel. Covers some of this. It starts with a bank raid by a group of orcs with a dragon for fire support...

Sort of

Yeah, though I wouldnt compare it to WoW, which is the only MMO I can think of that has gotten publicity outside of gaming circles. Most people sign up, play for 5 minutes, realize the game, in 2007, has late 1990's graphics (even with the new windlight client, the graphics are still antiquated as fuck.) and offers nothing truly interesting.

The real entertainment is when you pick up a gun that sends other players flying off the grid and disconnecting.

otherwise, it's just drama and neko/furry sex.

the other valid use for it is interactive distance learning.

but LL only likes it when schools just pay for a sim and then dont do anything with it other than become another statistic they can point to and say "SEE? EDUCATIONAL INSTITUTIONS use us! see?! we're useful! pls invest in us." because if you actually make use of it, you get your money and your sim taken away. there was a school sim that went through that shit, then it was spun into the school plotting to destroy the game or some retarded shit so they look like they're taking initiative against "griefers"

Linden labs only cares about your money, providing an actual service for said money isnt in their agenda. and when people get scammed? they dont care, it isnt their problem. they know that most of the people who got ripped off will continue playing because they're addicted to the drama and strife. plus, the company gets a nice cut of that scammed money when it's exchanged.

So it's win-win for them.

Also, people argue the fact that there should be consequences for them being scammed..

really now? according to LL's flawed TOS, everything is theirs, nothing is actually owned by anyone but linden labs, the only thing stopping them from taking everyone's stuff is well, the will to make money, but if you ever turn on client debug info, and look at the tools the lindens get to use in the client itself, there are tools that can instantly take ownership of items a user "owns"

So basically, once you transfer your money to linden labs, its theirs, if you lose it inworld, it isnt their problem that you misspent your credited money that they havent lost at all.

Re:Sort of

[shentino]

Nice commentary on the TOS, and it squares well with AT&T's recent "censorship by termination" scandal. They bury that "we reserve the right to screw you over" crap where you can't see it, and honestly, who reads the TOS? Companies like LL and microsoft COUNT on you not reading the TOS. If we actually DID, we might not buy it...I mean, like Visual Studio, for instance. There's a clause in Foxpro that says "duplicates the functionality of Microsoft Access, nor in the reasonable opinion of Microsoft, compete with same". This is a non-compete clause. If you bought VS or Foxpro to invent a new database system, and then Microsoft came around. Sure, reading the TOS is a smart move, but it doesn't really help if you hate what you find. Companies are greedy, and their crappy TOS is only used to cover their asses and make their otherwise unethical conduct perfectly legal. "Reserve the right to terminate at will" just means that they can blow your brains out Gestapo style for being critical of the Fuhrer by yanking your account. Heck, if you're judge, jury, and prosecutor, you can pretty much sit pretty and there's not a damn thing your customers can do about it unless they forgo your services entirely. "sole discretion" just means that "we don't have to be fair, we're only going to look out for our own hides and if it hurts you or isn't fair, TOUGH SHIT WE DON'T CARE" What the american public needs to do is grow a backbone and go on a hunger strike for a minute and REALLY START HURTING SALES.

is it a bank?

[bahwi]

If it's trying to represent a "second world" then is there a bank so the character does not carry linden "cash" with them? Because Banks do not protect cash once you've pulled it from an ATM, if you are robbed you are robbed. Gunpoint or buffer overflow. Now, if it's a bank transaction, then yes, they should attempt to protect it with a PIN or password or some other signature, but the players "avatar" should not be carrying it around.

Re:is it a bank?

[Ash-Fox]

Most people do not want to use banks in Second life, after the most popular one, Ginko financial, died and took peoples' money with it.

Perspective anyone?

[uptownguy]

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

The hack raises tough questions for operators of amusement parks. Should the ski ball tent be as secure as banks and guarantee the safety of money and property that kids stuff in their pockets?

Considering that you buy little red tickets with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

Come on. Get some perspective.

Re:Perspective anyone?

[osu-neko]

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

The hack raises tough questions for operators of amusement parks. Should the ski ball tent be as secure as banks and guarantee the safety of money and property that kids stuff in their pockets?

Considering that you buy little red tickets with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

Come on. Get some perspective.

The hack raises tough questions for operators of websites. Should the day-trading site be as secure as banks and guarentee the safety of money and property that investors in the market trade?

Considering you buy stocks with real money, then yes. ..

Okay, let's get some perspective, as you say. Which analogy presented above is more relevant?

I'll accept yours is if you can answer, why is it that if service is provided through a 2D viewer (e.g. a web browser), entities dealing in financial transactions are expected to be secure, but if service is provided through a 3D viewer (e.g. any VR software like SL), entities dealing with financial transactions should be exempted from such concerns? What is it about the addition of a third dimension to the software interface that should absolve service providers of financial responsibility?

You see, to me, the nature of the action being done is what makes it deserving or not deserving of protection. You, on the other hand, seem to be insisting that it's the interface that determines this. What justifies basing this determination on the nature of the interface rather than the nature of the transaction?

Re:Perspective anyone?

[uptownguy]

You see, to me, the nature of the action being done is what makes it deserving or not deserving of protection. You, on the other hand, seem to be insisting that it's the interface that determines this. What justifies basing this determination on the nature of the interface rather than the nature of the transaction?

I agree completely with your premise -- I'm surprised at your conclusions.

The nature of the action being done here is entertainment. Amusement. Distraction. Think video arcade, think amusement park -- which is why I used the example of a carnival and the analogy of the little red ticket. Second Life is a video game. A distraction in the same way that the county fair is a distraction.

For what it's worth, I said nothing at all about the nature of the interface. In fact, the examples I gave -- amusement park -- little red tickets -- were all real-world examples. That was my point: Just because this is "the Internet" and "something new" -- it isn't really new or unique. We understand when you exchange your cash for red tickets at the amusement park that if they get lost or stolen, well, those things happen. We get it with the real-world example. I was trying to bring that back to something online. 2D, 3D, real life. It doesn't really matter. It is the thing itself, not the interface, that determines how we should respond. And second life is a GAME.

...so, my question for you is this: Did you really, really, fundamentally misunderstand what I was trying to say and we are both agreeing here? Or were you trying to make a much deeper point? If so, you will need to clarify -- because when you brought up day trading and stocks and all the rest, it felt out-of-place. Bring it home for me...

Re:Perspective anyone?

[uptownguy]

...re-reading what you wrote in response to what I wrote, it occurs to me that maybe, just maybe, you didn't understand I was being a little snarky. (I thought "little red tickets" and "ski ball" would give that away.) So let me be blunt:

Second Life is a game

Why should they protect player's cash? Here's why

[L.+J.+Beauregard]

Should [virtual worlds] be as secure as banks and guarantee the safety of money and property that characters in the world possess?

Do they want their players to keep on playing, and spending that real cash on their Second Life subscriptions?

It gets worse. All QuickTime files now threats.

[Animats]

This isn't a Second Life problem. It affects all QuickTime players. QuickTime has a recently discovered vulnerability which allows it to be used as a way to inject executable content into the user's machine. This can attack far more than Second Life.

See US CERT Vulnerability Note VU#659761 -- Apple QuickTime RTSP Content-Type header stack buffer overflow. "Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. ... We are currently unaware of a practical solution to this problem.. ... "Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability. Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms."

CERT suggests disabling all the ways QuickTime can be launched:

• Block the rtsp:// protocol
• Disable the QuickTime ActiveX controls in Internet Explorer
• Disable the QuickTime plug-in for Mozilla-based browsers
• Disable file association for QuickTime files

This vulnerability was first published on November 23, 2007.

Re:It gets worse. All QuickTime files now threats.

[KDEWolf]

I was *amazed* how people can't notice it. Incredible how many people do not THINK about what they read, before saying anything... Good I saw your post when decided to say about the Quicktime issue.

Snow Crash, anyone?

[lessa]

Life imitates art (or is this still at the stage of art imitates art?). Remember how in Snow Crash, you could get a virus from your avatar accepting data from another avatar? This sounds very similar.

Opportunity

[raftpeople]

If the goal is simulating real life, the solution is: An Insurance Company!

Possibly, Lloyds of Linden?

To those asking...

[achenaar]

"does anyone really play this thing?"
The answer is yes. A few. Enough.
When I first made my Second Life account one bored weekend many moons ago, I was just checking to see if any VR style system had anything going for it. I'd been wandering from one MMO to another looking for some escapism and mostly just finding frustrating grind fests and vacuous time wasters.
I was initially pretty unimpressed by the graphics but eventually I started to see *past* the visuals and started visiting classes to teach noobs how to get along in SL. (Thanks again Bob Bunderfeld)
Then it clicked. It wasn't about playing a game any more. It was literally a creative medium.
Take, for example, WOW. I liked it, it was fun. Smiting hordes of enemies, chatting to the other players. Good times were had by all. But the investment of time weighed in heavily and I realised that if I wanted to have any of the perks that high level characters get I'd need to play the damn thing every hour of my life for weeks.
When I started in SL I was a huge noob with respect to how the system worked but I had other skills. I wasn't too bad at 3d modelling (lightwave, maya et al) and I'm a pretty decent coder. The thing I found is that I could use those skills to help form my identity in SL. I started out building models of things, then tried my hand at scripting. Before long I'd built a fairly decent smoke machine that I went around selling to club owners for their dancefloors.
I started writing scripts for commission and I made a bit of money from it. Not huge dough but enough to make me feel like I was spending my time having fun/being productive at the same time.
There's a lot more to SL than 3d IM, although for a lot of people that's all they'll use it for. You can build and script and texture and sell and buy all sorts of things.
For instance, my missus makes horses in SL (Hoof It!) to sell to folks and together we've made some pretty neat products. She builds the horses and textures them and I script them so they can be ridden and rear up and poo and make noises and suchlike.
Try doing that in WOW.
Seriously though, if you've got some free time, just give it an hour or two and you might find quite a lot to love about Second Life.

Regards,

Achenaar

Re:To those asking...

[cjstaples]

I concur with the depiction above; for those who attempt to enjoy SL - and not simply log in to screw around there (pun not intended) - there are plenty of things to see and do... enough even for some to make some kind of living out of the proceeds (thus some seriousness needs to be applied to the question of in-world monetary security). Also, SL is vastly more fulfilling if you can contribute, whether in time, effort or activity. I'm glad to hear of Achenaar's SL experience and would eagerly second his recommendation. SL is not for everyone - and I wish it was for a few less people :D - but I'm yet another of its members and supporters.

Re:It gets worse: Got the patch right here!

The obvious solution for Windows users is to uninstall the QuickTime player and replace it with QuickTime Alternative, which comes with the K-Lite Mega Codec Pack.

http://www.codecguide.com/about_mega.htm

QuickTime has always been trashware: An invasive, unreliable resource hog, and in Windows it steals file associations and kills (among other things) user access to U.S. Patent office graphic files. Worst. Media. Player. Ever.

There is absolutely no excuse for Linden using this crap, unless perhaps they are paid by Apple. They can and should dump QuickTime in favor of any FOSS media player -
unless of course that would cost them more in lost revenue from Apple, than in lost revenue from SL losers.

Second life is really pointless ...

At work someone was asked to give a seminar in Second Life. I thought this was a weird idea but was tasked with setting things up. This was my first exposure to Second Life (I knew that it existed etc.). I explored a bit but within about 10 minutes I realised that I would never come back. It was the most juvenile pointless waste of time I have witnessed in many, many years. Way worse than Facebook etc. I recommended that we not participate in the seminar.

If this is representative of our "cyber" future I'll happily stay unencumbered by a second life.

SecondLife Statistics

[SJ2000]

Current Economic Statistics http://secondlife.com/whatis/economy_stats.php

Latest Service Stats http://blog.secondlife.com/2007/10/29/september-2007-service-quality-metrics-posted/

Aggregate Economic Statistics http://blog.secondlife.com/2007/10/15/september-2007-economic-key-metrics/

You may notice that ~23% of all client sessions end uncleanly (crash), that's something to complain about.

Re:SecondLife Statistics

[legojenn]

You may notice that ~23% of all client sessions end uncleanly (crash), that's something to complain about.

I usually consider a crash SL's way of saying find something else to do.

Easy answer: just say NO to Quicktime

Wow... ANOTHER Quicktime exploit?

Kind of makes you question that claim Apple makes ad nauseum about how "secure" they are. Seeing as how they hold 2% of the computer market, it appears their security model is exclusively provided by obscurity.

Also... Quicktime on Windows has ALWAYS been a buggy piece of garbage. I'd be tempted to use their iTunes service, but sadly it requires the installation of Apple-created software. Um... no thanks. SteveJob doesn't have enough money to PAY me to use Apple software.

And let's not even get started on "Leoptard, it just werks".

I don't know about writing code, but it seems Apple's true skill lies in writing lies and anti-MS FUD.

Browser, not bank.

[cavebison]

The answer to the question is simply no.

The Second Life client software is basically a browser. If the fault is in the QT player, then it's like a hacker setting up a site to exploit your browser vulnerabilities. Browsers aren't held responsible for loss, so why should the SL client software?

Virtual Worlds can be profitable, not pointless.

It's an entertainment industry. It even has its own financial markets in some cases. See my blog for examples as to what I mean.

http://dragonsbite.blogspot.com/

-Maelstrom Baphomet

You should turn streaming off by default, anyway.

[argent]

You should turn off streaming media and automatic loading of web profiles by default.

Not just because of this, but because it reduces the security of the SL client, in a number of ways.

First, there's vulnerabilities in the plugins and the browser software. Yes, they're using a pretty secure browser based on Gecko, without user-loaded or downloaded XUL components, but still these are complex programs that you really don't need. About the only web-based technology in SL that's reasonably safe is the new search... since it's generated by Linden Labs, and they have better avenues of attack. :)

Second, If you look at the Linden blog on this, you see that one of the messages reads:

Way to go LL, help griefers some more why dont you? Using video streaming to IP log griefers as they crash sims is one of the important ways to fight griefing and document who the real abusers are. Eliminating this ability only helps griefers, much as your stupid idea to enable people to hide groups. Far more than helping to get rid of griefing or give us more security features, you keep enabling griefing with your stupid decisions like this one.

There are SL "landowners" using streaming audio and video to track visitors by their IP address. This allows them to cross-reference addresses and identify players living in the same household, players with multiple accounts, people playing from work, and so on. And these kinds of "web-bugs" inside SL can not only get the "landowner" a pretty reliable ID for you (your account name), they can also distinguish whether users you're "verified" by a credit card or paypal.

This kind of tool is useful to track griefers, I guess, but anyone who "owns" land in SL can do it... including those charming guys with their spammy ad-farms. :)

Second Life bug insurance?

I better learn how to build a kiosk! Right click, add prim...

link correction

[rhetoricat]

The link to the article on Second Life is broken. You can access the article here.

Is poker just a game?

[ToasterMonkey]

Yes, so is SL. Stop being dramatic. I lose money every time I spray my backyard with grass seed. I don't go around telling people "It's more than just lawn-care! ... It's another LIFE!"

Seriously, the consequences are as high as you want to set them. Throwing wads of money into the street has high stakes and consequences too.

Re:Is poker just a game?

[ronadams]

That's quite possibly the worst analogy and analysis I've ever read on Slashdot. The feces-eater-in-the-library post was more on-point than what you said.

My statement was that there is a difference between a game, which is strictly for entertainment, and a hybrid entertainment/business environment like SL, where some people are earning (or losing) significant profits. I never said anything dramatic. To use your first half-baked metaphor, ask a professional poker player if he considers his winnings, and protecting those assets, important.

Problem...

[ToasterMonkey]

I can understand why people are attracted to this game. It does sound like a great place explore your creativity. However, there is a HUGE problem with SL.

When I was younger, I spent a lot of my time playing Doom, and Quake. I even made my own levels, and some models. My friends and I had tons of fun playing in our own creations. Everyone has access to modeling tools, and there are plenty of games and 3D worlds to share your creativity in. The problem with modding games is that there's a very steep learning curve. The idea of a free, massive, online world with modeling and scripting tools built in sounds AWESOME. It really lowers the bar for people interested in creating/animating 3D content, and sharing with others.

BUT... why does this need to involve real money? Why are people quibbling over security, and banks, and losing real money? SL is an insanely risky investment. It's absurd to think that REAL money is needed for this game to work. Spending money for the sake of spending money is NOT fun.

A game like this, done properly, should have some some kind of intrinsic, fun gameplay (or strong social elements at a bare minimum), coupled with a completely virtual economy, if needed. Something along these lines that I've always hoped would be made someday is a massive, online LEGO universe. Modeling with bricks isn't that hard. All the LEGO themes over the years lend themselves to a WIDE variety of possible gameplay elements. Pirates on the sea, space exploration, racing, etc. Eh, just an idea.

Who was the dickwad who came up with SL? How exactly did the pitch go...
Dick: "Hey, how about a massive online game with ZERO gameplay or content. Instead, we let the PLAYERS make stuff, and chat with each other"
Bigger Dick: "Brilliant! It needs some pizzaz though. We'll let players transfer REAL money directly to us so they can buy other people's crap with FAKE money."

Sorry, that's a bit rough, SL was obviously designed as a social experiment, not a game. Enjoy.. I guess.

Sincerely,
ToasterMonkey

Re:Problem...

[achenaar]

Oh come on! Don't be a douche for the sake of it.

Any number of online games let you pay for things with real money and shady folks find ways to either game the system or sell that stuff for a profit. In the SL system they just basically legalised it.

I guess I've got to agree to some degree that SL was *started* as a bit of an experiment, but what wasn't? In the beginning there was a field, a few users and some modelling tools. Those users made something of it and it scaled up (although it arguably won't scale up much further) from there. Seems like a standard way for a virtual world to start.

For all it's flaws and mismanagement, it's still a great platform and you need to have either never used it or just be an ass to deny that.

I'll admit it's not *there* yet (and that's certainly not a reference to the "there" system before anyone starts) but it's a damned sight better than any alternatives I've seen.

The financial aspect is just gravy. If you want more than your regular allowance to buy clothes/furniture etc. you pump some $$$ in. If you're a creator and you make neat stuff, you get some $$$ out. What the hell is wrong with that? (security issues notwithstanding)

So you can badmouth all you want, if you'd given it any time you'd see there are reasons why folk use SL and they're perfectly valid.

(Plus the client has been released as open source if that counts for anything)

Wow.

[ToasterMonkey]

What a big surprise, more drama.

Now SL is a BUSINESS environment, huh? Sure, to the same extent that poker can be a business. You're horribly mistaken, Linden Lab is the business, SL is their game.
"Professional" poker players still play a game. It's still gambling, regardless of the skill or amount of money. Some may make a living off of the winnings, but the _game_ is not more serious or important to the rest of us because they do. It is purely entertainment. The same can be said for any professional sports. Sure, it's a business for some, but FOOTBALL is not important, how many viewers is. It is still purely entertainment.

My point is that you can throw money away at anything, and sometimes get it back. That doesn't automatically make whatever the hell you're doing any bit more important to anyone but you.

Except that real money is involved in Second Life. There's more to it than just a game -- when money can be made and lost, the stakes and consequences are higher. My problem is that you're making it out to be more than a game just because money is involved. Even the people making a living off of it have to realize it's JUST A GAME.
I thought my analogy did a fine job getting that point across. You know.. I invest money, but a lawn is still just a lawn. Even professionals know their job is just to make a patch of dirt look pretty. Although they may have too much pride to tell you that.

Maybe that's your problem, pride.

Re:Wow.

[Torvaun]

If they make their living off of it, it has ceased to be just a game for them. I'm not a professional poker player. To me, poker is a game. To them, poker is a source of income, maybe the primary source of income.

Now, I didn't see anyone claiming that SL was a business environment for Linden Labs. For them, it's clearly just a product. But it is being used as a business environment by many of the people in it. My analogy: Second Life is like an apartment building. Linden Labs is the landlord. But this apartment building has hundreds of people using apartments as office space, and they'd appreciate it if the landlord would fix that broken window that people could use to sneak in.

wtf pwnt

wow so now u can get jacked in a crappy video game...another reason to play WoW lol....second life noobs lmao