Slashdot Mirror
Crime Wave Thwarted in Second Life
Ponca City, We Love You writes "The Mercury News reports that a vulnerability in the way Second Life protects a user's money has been identified. Risks for users are reportedly limited because the researchers say the flaw can be quickly patched. The flaw exploits a known problem with Apple's QuickTime - when a virtual character passes by an infected object planted by hackers, the Second Life software activates QuickTime so it can play the video or picture. Hackers can direct the Second Life software to a malicious Web site that then allows them to 'take over the user's avatar and force it to hand over its Linden cash. Second Life is recommending that users disable streaming video playback in the Second Life viewer except when you are attending a known and trusted venue.' The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"
On a weird side related note, after posting that I noticed Firestarter was flashing red and 16 attempts on various ports from an IP that resolves to slashdot.org were recorded... What gives for that?
My UID is prime... is yours?
Anti-spam thing.
Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).
They're ports commonly used by proxies and such.
Peace sells, but who's buying?
Ummmmmmm...
Can someone explain to me why Quicktime is so fucked up? I'm dead serious, and I ask this as a mac user.
It seems like all the time there are new exploits for all different types of services (firefox exploits, myspace exploits, this, etc.) with one thing in common: It's not [necessarily] the services fault, it's Quicktime's. Is there something about the architecture of Quicktime that makes it particularly exploit friendly? Or does it not do enough checking to see if the file is malicious? Is Quicktime crack-friendly on both platforms or is it a shitty port like iTunes for windows and thus mostly windows only exploits?
I tend not to use Quicktime because it takes to long to load movies, (unlike VLC, which "streams" them and so it begins playing them almost immediately), but if any more exploits begin showing up for Quicktime, I may seriously consider not using it at all.
Can I tell you a little secret about life? It is pointless.
You are born, you die. In between you have to work a lot of hours to... well to postpone the dying part or at least make the dying part less unpleasant.
Luckily, in the west we have become good enough at postponing death that we have some spare hours in our days. So we got to waste them, some watch sports, some have sex, some read books and some play games.
It is ALL useless.
Blogging got to rank near the top of most useless activities and as such you are in no position to critize second life players. You are a pot, so keep quiet about the color of kettles.
I wish people were a little bit more honest about their personal time wasters. Friend of mine follows all the soccer tournaments in the world, yet thinks playing games is a waste of time. Eheh.
Stop blogging mate and save the world or accept that you are wasting your time just as much as people who care about some silly online game.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Well, that's true, but there are lot of regulations in the U.S dealing with bank security. Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA) which deals with customer information and several others must be complied with. Other countries have them too; for example, J-SOX is Japan's SOX equivalent. This means that the bank gets audited, often by two sets of outside auditors, which helps security at least somewhat. Most banks and credit unions also often go through penetration tests and vulnerability assessments, if only to keep their examiners happy (as in, the NCUA, OTS, or whoever they happen to be chartered with.)
It's interesting to consider how these things may apply to Second Life and Linden Labs. At some point, some regulation must come into play. For example, if credit cards are processed, they must comply with the credit card industry's PCI standards. I am not saying compliance with these various regs is an answer to their problems, I just think it's interesting to consider how these apply to something non-traditional like SL.
Well all this says is that you're a not very nice person who is obsessed by being an asshole (griefing), sex and money. Of course there are loads of people in SL doing the cybersex thing, and if that's what you go looking for then that's what you'll find. But it's a bit like going to Amsterdam, just touring the red light district, and then concluding everyone in Amsterdam is just interested in buying and selling sex. :-). Most of the people I deal with are there for entertainment in various forms, and certainly not the cybersex obsessed griefers you hang with.
Myself I run a quite profitable RP-orientated design business which nets me around USD$500 a month. I don't earn at real-life pay rates, but SL has basically replaced the time I used to spend playing other games and the like, so I now have entertainment that pays me
Yes, Linden dollars do equate to real dollars. You can buy them, or you can create them by creating objects people buy or offering a service that other people pay for. Why do people buy? It's part of the game. Nearly every game out there costs money. Many are subscription. SL is similar. You can always play and not spend any real money at all. as most places to visit are free, and there is plenty of free items out there.
It's entertainment. People are willing to pay for entertainment.
"does anyone really play this thing?"
The answer is yes. A few. Enough.
When I first made my Second Life account one bored weekend many moons ago, I was just checking to see if any VR style system had anything going for it. I'd been wandering from one MMO to another looking for some escapism and mostly just finding frustrating grind fests and vacuous time wasters.
I was initially pretty unimpressed by the graphics but eventually I started to see *past* the visuals and started visiting classes to teach noobs how to get along in SL. (Thanks again Bob Bunderfeld)
Then it clicked. It wasn't about playing a game any more. It was literally a creative medium.
Take, for example, WOW. I liked it, it was fun. Smiting hordes of enemies, chatting to the other players. Good times were had by all. But the investment of time weighed in heavily and I realised that if I wanted to have any of the perks that high level characters get I'd need to play the damn thing every hour of my life for weeks.
When I started in SL I was a huge noob with respect to how the system worked but I had other skills. I wasn't too bad at 3d modelling (lightwave, maya et al) and I'm a pretty decent coder. The thing I found is that I could use those skills to help form my identity in SL. I started out building models of things, then tried my hand at scripting. Before long I'd built a fairly decent smoke machine that I went around selling to club owners for their dancefloors.
I started writing scripts for commission and I made a bit of money from it. Not huge dough but enough to make me feel like I was spending my time having fun/being productive at the same time.
There's a lot more to SL than 3d IM, although for a lot of people that's all they'll use it for. You can build and script and texture and sell and buy all sorts of things.
For instance, my missus makes horses in SL (Hoof It!) to sell to folks and together we've made some pretty neat products. She builds the horses and textures them and I script them so they can be ridden and rear up and poo and make noises and suchlike.
Try doing that in WOW.
Seriously though, if you've got some free time, just give it an hour or two and you might find quite a lot to love about Second Life.
Regards,
Achenaar