Your2ndPlace

After Konner posted on the halt of the Exchanges, Ciaran hit the nail on the head about the silence of Linden Lab on the topic. I've been following it with interest, trying to nail down exactly how the exploit occurred, when I found it in my email - I'm withholding the person's name at this point, but I can share that the information has been disseminated to the exchanges.

Basically, how the exploit worked was through fooling the simulator into allowing someone to rez something of the same Object ID - or key. Allegedly, this exploit affects Second Life Server 1.22.4.90499, and a rolling restart will solve it once the server software is updated. It appears that this has already begun. It should be noted that this exploit required a special tool from LibSecondLife, one that was kept quiet but which someone (obviously) leaked. For the more technical folks, a modification to SLProxy made this possible.

In all, Linden Lab probably should have said something but didn't - something that is par for the course when it comes to the virtual world of Second Life. It did not just affect ATMs, it also affected other objects as well. The good news is that even with the exploit, items received through the exploit got the same permissions as the owner dictated - thus, a no copy/no mod/no transfer item would remain a no copy/no mod/no transfer item, with only the person who used the exploit getting a copy.

I have tried to stay away from the security issue, not because I don't think it's important but because I didn't want to spread panic when I only have half the facts.

Linden Lab have neither confirmed or denied these rumours, however there's now a thread over at SLUniverse discussing the serious security allegations.

There appears to be an issue. Konner McDonnell had earlier reported the statements from Cocky Dagger which generally caused people to say "He runs an exchange, how can you trust him"? However it seems that this might be bigger and deeper then we'd all like.

However I do wish Linden Lab would at least say something, either "We've got it under control" or "This is a load of old bollocks". The silence is deafening.

Now i've been fed information by a couple of trustworthy sources, we'll call them deep voice and dark throat (As dark voice and deep throat would just sound wrong) as codenames. They both pretty much confirmed this security flaw, especially in terms of ATM's, although I'm reliably informed that SLX is safe. Phew!

General advice seems to be to make your items no copy for the time being, pass it to an alt and pass it back then hopefully you're not going to have your hard labour ripped so easily.

However, now, the conspiracy part, how the bloody hell did anyone find out about this exploit? Allegedly this isn't a staring in your face exploit.

For all of Linden Lab's transparency, there are times when they simply aren't transparent and whereas I can understand their reluctance to talk about this issue, it really is time for a statement.

Being naked is often the best choice!

My previous coverage of the proposed CSLL/CSVC merger ended with a fairly mellow update. Given that Oceanlane was taking his company private, it seemed harsh to criticize him further. Even if the terms of the buyback were, as one Y2P reader put it, “a slap in the face,” it seemed only a matter of time before Oceanlane’s volatile disposition led to the downfall of CSLL, so personally, I was glad to see a positive outcome for all parties.

In all honesty, I thought the matter was done with. That is, until this morning, when I came across Skip Oceanlane’s response to Scott Nestler. The accusations within Oceanlane's hateful message reminded me that there was a story left untold. I'll remedy that error now.

What to say about Skip Oceanlane? He claims to be a safety inspector with a GS rating in real life. And I'm inclined to believe that. His management style utilized the sort of “do it my way or I'll close you down forever" state of mind I’d expect from someone wrapped up in their own position of authority, marginal though it may be. But he's not Gordon Ramsay. This isn't Kitchen Nightmares. And beneath his veneer of oozing self-confidence is the ever-present threat of mindless tantrum, vindictiveness, and baseless accusation.

So when Scott Nestler and others asked why they hadn't been compensated for their shares yet, I guess I shouldn't have been surprised to see this included in Oceanlane's response:

You robbed former Sky Hedge Fund investors on SLCapex, and you are working with known scammers, and yet you still deny you have done anything wrong. I don't trust you at all, and it's because of people like you that very few invest in the stock markets anymore. I'm not the reason things have gone downhill. It's because of people like you and your friends on stock exchanges like SLCapex.

This evening, Bart Heart sent me an offline IM with links to three announcements posted by Second Life International Business(SLIB) CEO Tyrian Camilo. Please click here for the main announcement page.

While I'm not one to jump when a CEO throws me a few links, I had to make a note of this. How could I not?

When Camilo acquired WJUV, a company owned by the now-delisted Atlas Venture Capital(AVC), the owning company had been halted by VSTEX pending an investigation. As I've noted several times, I was the de facto chairman of the AVCIC, the committee appointed by AVC shareholders to investigate potential wrongdoing by then-CEO Monkey Canning. In the AVCIC Final Report , I criticized the transaction as fraudulent on Canning's behalf and where Camilo and Intlibber Brautigan where concerned, a decision of questionable integrity.

But Camilo, who has reportedly dabbled in the notorious 'ad farm' method of selling land at extortive prices, is learning: You play with fire and you get burned.

Based on the announcements, Camilo's request for the domain transfer of WJUV's website, WJUV.com, was met with a request by our ol' pal Frank Corsi (former SL: Jasper Tizzy): Pay me for my 50,000 WJUV shares, first.

Whether Corsi owned any shares is unknown, but Camilo was quick to announce that his 'lawyer' had been contacted. Some six hours later, Camilo posted a third announcement to report that the website had since been sold to Valentine Heart Inc (VHI) CEO Bart Heart, despite Corsi's offer to sell it to Camilo for $30 USD. Camilo decried this transaction as unfair and, again, alluded to a possible litigation.

Crystal Springs Land (CSL) and Crystal Spring Virtual Capital (CSV) were halted last week at the reqest of CEO Skip Oceanlane so that he could provide shareholders with details of proposed merger of these companies. Even though I hold around 500 shares of CSL stock, Oceanlane didn't send me the notecard outlining the merger. When a friend gave it to me yesterday, I had grave concerns. You can find CEO Oceanlane's unedited notecard here.

I wrote a letter to VSTEX listing the issues that concerned me the most. VSTEX would inform me hours later that they had formally approved of Oceanlane's merger since their current rules did not actually address mergers. They also noted that the issues I had raised "may be founded" and suggested that I raise them at the shareholder meeting.

While I considered attending, my previous conversations with Oceanlane usually resulted in him flying off the handle, even when I was trying to help him. More importantly, I've been fighting trench battles over issues that don't reflect a personal financial interest for the last four months. What is needed is for shareholders with significant interests to protect those interests. You can find the concers I raised here

I wish all parties involved in this matter the very best of luck.

Update

I received a log from the meeting, which you find here. Given the contents of the log, I feel little need to expand further, except to say that my concerns stand.

Please see Proposed CSL/CSV Merger 'Withdrawn' for further updates.

While I was away, the SLCapEx site was down - I instant messaged Bogart Beck on it prior to the site coming back up (It is back up). I'd heard of an attempt to crack the site - less technical readers would inaccurately write 'hack' - and Bogart didn't say anything about that. What he did say was that they were plugging some holes to avoid future problems.

The World Stock Exchange (WSE) is still down after the perpetual month of upgrades that has lasted 3 months and 5 days so far. All of LukeConnell Vandeverre's live announcements have not breathed enough hot air into the site to get it up and running again.

Ancapex.net? No clue. Ancapex.com is still up and running, but as we all should know by now - that site has a new owner.

International Stock Exchange seems up and running.

The suspected links between World Stock Exchange owner LukeConnell Vandeverre and Linden Lab­® may well be true, given that rumors indicate that Linden Lab is expected to go public on WSE at this point.

Apparently, talks with the Ancapex stock exchange failed because of technical issues as well as questions as to who truly owns what there. SLCapEx was also passed over, apparently due to issues with SLWallet buyback where some Linden Lab employees are suspected of having large holdings. VSTEX was considered too community oriented for Linden Lab. ISE apparently wasn't even looked at.

When asked to comment, Linden Lab suggested looking at Prokofy Neva's blog for details of the IPO since she would be 'the first to know'.

LukeConnell Vandeverre is probably quite busy right now trying to figure out how to delist the new IPO quickly so he can go swimming in his WICs on Facebook as well as integrating Mitch Kapor's Lotus 1-2-3 Technology into WSE to better serve Linden Lab. Philip Rosedale was unavailable for comment.