Your2ndPlace

After Konner posted on the halt of the Exchanges, Ciaran hit the nail on the head about the silence of Linden Lab on the topic. I've been following it with interest, trying to nail down exactly how the exploit occurred, when I found it in my email - I'm withholding the person's name at this point, but I can share that the information has been disseminated to the exchanges.

Basically, how the exploit worked was through fooling the simulator into allowing someone to rez something of the same Object ID - or key. Allegedly, this exploit affects Second Life Server 1.22.4.90499, and a rolling restart will solve it once the server software is updated. It appears that this has already begun. It should be noted that this exploit required a special tool from LibSecondLife, one that was kept quiet but which someone (obviously) leaked. For the more technical folks, a modification to SLProxy made this possible.

In all, Linden Lab probably should have said something but didn't - something that is par for the course when it comes to the virtual world of Second Life. It did not just affect ATMs, it also affected other objects as well. The good news is that even with the exploit, items received through the exploit got the same permissions as the owner dictated - thus, a no copy/no mod/no transfer item would remain a no copy/no mod/no transfer item, with only the person who used the exploit getting a copy.

I have tried to stay away from the security issue, not because I don't think it's important but because I didn't want to spread panic when I only have half the facts.

Linden Lab have neither confirmed or denied these rumours, however there's now a thread over at SLUniverse discussing the serious security allegations.

There appears to be an issue. Konner McDonnell had earlier reported the statements from Cocky Dagger which generally caused people to say "He runs an exchange, how can you trust him"? However it seems that this might be bigger and deeper then we'd all like.

However I do wish Linden Lab would at least say something, either "We've got it under control" or "This is a load of old bollocks". The silence is deafening.

Now i've been fed information by a couple of trustworthy sources, we'll call them deep voice and dark throat (As dark voice and deep throat would just sound wrong) as codenames. They both pretty much confirmed this security flaw, especially in terms of ATM's, although I'm reliably informed that SLX is safe. Phew!

General advice seems to be to make your items no copy for the time being, pass it to an alt and pass it back then hopefully you're not going to have your hard labour ripped so easily.

However, now, the conspiracy part, how the bloody hell did anyone find out about this exploit? Allegedly this isn't a staring in your face exploit.

For all of Linden Lab's transparency, there are times when they simply aren't transparent and whereas I can understand their reluctance to talk about this issue, it really is time for a statement.

Being naked is often the best choice!

While I was away, the SLCapEx site was down - I instant messaged Bogart Beck on it prior to the site coming back up (It is back up). I'd heard of an attempt to crack the site - less technical readers would inaccurately write 'hack' - and Bogart didn't say anything about that. What he did say was that they were plugging some holes to avoid future problems.

The World Stock Exchange (WSE) is still down after the perpetual month of upgrades that has lasted 3 months and 5 days so far. All of LukeConnell Vandeverre's live announcements have not breathed enough hot air into the site to get it up and running again.

Ancapex.net? No clue. Ancapex.com is still up and running, but as we all should know by now - that site has a new owner.

International Stock Exchange seems up and running.

Tonight I was chatting with Fugazi about prospects for the future. A company or business? Eventually an IPO? While we were discussing these prospects, something became extremely clear to me: In my 5ish months in Second Life, I've learned some great ways to 'avoid' making money in Second Life. I'll share these in 'Letterman-esque' "top ten" style. Ready?

10. Slingo: This is a wonderful game...if you're the owner of a gaming parlor. DONATE to the piggy, we'll take a huge cut, and you'll have a chance to win a prize. Since most gaming parlors have a policy requiring that you return a portion of the winnings (usually 20-30%), you'll typically walk away with 50L$. Of course, the establishment takes a cut of the winnings you "re-donate." Decorum requires that you tip the host/hostess 10-20% as well. Like I've always said when it comes to gambling - if you walk away dead even, you win.

9.Slingo Host: Remember when I said decorum required a tip? Yeah, people don't tip. And you'll usually make anywhere from 50-100L$ per hour, but most hosts end up using these funds trying to spice up the pot. Redundant gestures/poses will find you further in the red as you scrape up money to find a shrink.

8. Restaurant owner: Amusingly enough, I've seen this tried over and over again. Problem is...you guessed it: You don't eat in Second Life! Cafes can be pretty cool if you can get acts, but if that's your angle, try a nightclub.

7. CEO of a WSE-listed Investment Fund: Unless you're investing in a market outside of WSE, withdraw all your lindens (or "WICS") from the WSE, and keep an up-to-date record of shareholders, you're a bipolar episode away from being crucified while your shareholders end up the newest batch of victims in the WSE Tantrum Fund (WTF).

For those of you late to the party, the WSE closed on January 4th, 2008 citing upgrades that any web developer worth their weight in hexadecimal knows is a red herring. On February 22nd, 2008, LukeConnell Vandeverre said he would make a live announcement, which he did on Sunday, February 24th 2008. He later followed up with a video announcement on the 28th of February, 2008, featuring his meat puppet.

In those later announcements, LukeConnell Vandeverre stated that the WSE would be open by mid March or by the end of March (2008, or so many believe). Today, being the 14th of March 2008, there has been a lot of cloak and dagger discussion. Those few CEOs who have stood up to LukeConnell Vandeverre, piercing his LLC veil, have not lasted very long and even their announcements for delisting have been censored/edited - which is, of course, part of the WSE Terms of Service (which contradicts itself more than once).

Sarah Nerd, who I do respect, has decided to keep her company (SNE) at WSE and unlike many CEOs she has openly stated a direction for her company at this time - she's staying at WSE. As a friend, I asked her if she did that out of fear - and she assured me that this was not true. She just wants it to play out and see what happens - a conservative approach. I have to respect that. She has also assured me that the purple hair dye has not affected her judgement. :-)

I am sure I will take some heat on this, so let me say I’m sorry for your loss … unless you were stupid.

First some full disclosure, I had a Ginko account for a few months, and I left about a month before the crash. I never had more money in there than I cared to loose, after all this was a complete stranger, there were no controls, no government insurance, no information on what was done with the money, or how money was made. So one day I went, hey a complete stranger has my money, mmm, I’ll create an ALT and put my money there, no interest but I control my money. See I bank because if I have it I’ll spend it, kinda like RL, except I don’t ever upgrade the sex bed and penis in RL …. (Thinks about the possibilities) now that this is out of the way, on to the stupidity.

Yes, I know - and if I didn't, all the instant messages I got in world would have let me know: the Linden Lab blog entry, 'New Policy Regarding In World Banks' has finally arrived - almost 5 months after Ginko Financial closed its doors.

Well, they're on the ball.

I've been working on a contract inworld, and I'm glad to see that Ciaran Laval and Jezebel Bailey have chimed in already. This is a big deal.

I took my time in collecting information and not being reactionary (as so many others are right now). Let's take stock. Sure, Linden Lab is late - but they are finally doing something that they should have done at least a year ago. That they didn't has cost a lot of people a lot of money, but that is water under the bridge - nothing to do about that, really. And there are people who will say that there are no legitimate banks in Second Life - a generalization which can't be proven accurate. This is what Linden Lab is attempting to do, apparently.

I got a lot of information, particularly from Wenden Xeno who had some transcripts and images he sent - but I'm not going to use them because we already know that people are going crazy at the ATMs inworld. I fully expect that the last 2 weeks of banking in world will be plagued with servers not being able to handle the load from Second Life banks who are trying to do the right thing.