Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Crime Wave Thwarted in Second Life

Zonk posted more than 6 years ago | from the watch-what-you-walk-near dept.

Role Playing (Games) 183

Ponca City, We Love You writes "The Mercury News reports that a vulnerability in the way Second Life protects a user's money has been identified. Risks for users are reportedly limited because the researchers say the flaw can be quickly patched. The flaw exploits a known problem with Apple's QuickTime - when a virtual character passes by an infected object planted by hackers, the Second Life software activates QuickTime so it can play the video or picture. Hackers can direct the Second Life software to a malicious Web site that then allows them to 'take over the user's avatar and force it to hand over its Linden cash. Second Life is recommending that users disable streaming video playback in the Second Life viewer except when you are attending a known and trusted venue.' The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

cancel ×

183 comments

Sorry! There are no comments related to the filter you selected.

short answer - No (3, Insightful)

timmarhy (659436) | more than 6 years ago | (#21550139)

It's not real people. look after your actual life for a change....

Re:short answer - No (3, Insightful)

sqrt(2) (786011) | more than 6 years ago | (#21550209)

Yeah! I can't even imagine what kind of losers would spend that much time on a website [slashdot.org] .

I've never actually seen this "Second" life, and I can't imagine why people would spend real money on it, but apparently a lot of people do. It must be worth it to them for the entertainment value.

Re:short answer - No (1, Insightful)

timmarhy (659436) | more than 6 years ago | (#21550403)

good thing i don't spend hours on slashdot.org then.

A lot of people are really stupid to you know, like this guy calling for virtual worlds to involve bank security and liability. only from bloggers i swear...

Re:short answer - No (3, Insightful)

ronadams (987516) | more than 6 years ago | (#21550955)

Except that real money is involved in Second Life. There's more to it than just a game -- when money can be made and lost, the stakes and consequences are higher.

Re:short answer - No (2, Insightful)

sqrt(2) (786011) | more than 6 years ago | (#21551283)

If I was spending real money on a hobby, I'd expect a reasonable amount of security. Don't even think farther than that. When you spend money online, don't you want it to be secure? That's the issue.

I'm sure there exists casual SL players. Probably some that play even less than you spend on slashdot. You can easily spend hours and sink tons of real money on any hobby, if people want to throw it away on a virtual world that's their business. Some people play WoW, I can't understand that either, but a lot of my friends play it and really enjoy it. It's worth the time and money to them because it's enjoyable. Wouldn't be to me, and I'm guessing not to you either, but that's why we're not WoW subscription holders. If I was though, I'd expect a certain degree of security when handling my transactions, credit card info, and account.

Re:short answer - No (1, Insightful)

iminplaya (723125) | more than 6 years ago | (#21550235)

HEY MODS! That's not flamebait! I fully agree with the parent. Real worlds and virtual worlds don't mix. Learn some perspective and stop trying to pretend one is the other. Man! This is getting creepy!

Re:short answer - No (5, Insightful)

SJ2000 (1128057) | more than 6 years ago | (#21550269)

"Real worlds and virtual worlds don't mix" Alert the eCommerce sites, eBay better shutdown now.
Can't have the virtual world mixing with reality can we?

Re:short answer - No (5, Insightful)

iminplaya (723125) | more than 6 years ago | (#21550349)

What kind of real items are you buying in Second Life? Furniture for your house? Food for your stomach? Yeah. That virtual steak sure was tasty. Clothes for the kids? He's not barefoot. He's got his shoes right there on his USB stick. Can't you see them? The frostbitten toes are just his imagination. IT"S A GAME! If somebody cheats, kick them off, undo, and move on. Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"? Oh, I can see the Nigerian scam now. There's 3000 dollars in un-collected "GO" money. If you send me just $49 and your credit card number and bank account number, I'll send it right to you in six to eight weeks. Will my get out of jail cards work when the cops mash my door down and bust me with my bag of weed? You are crazy.

Re:short answer - No (0, Redundant)

SJ2000 (1128057) | more than 6 years ago | (#21550417)

How's this any different from downloading an MP3 of a website or even software? Your analogies show that you've probably played the game for around 15 minutes and never touched it again. Since I have time on my hands I'm going to show you why in ridiculous detail. "Food for your stomach" You can't eat using the features inbuilt into SecondLife, that's stupid. "He's got his shoes right there on his USB stick" Content is stored within the SecondLife service, of course this brings to light a whole new argument of who really owns/controls the 'property' "If somebody cheats..." Cheats? How the fuck do you cheat in SecondLife? That's like saying cheating in Flight Simulator, it's totally free-form gameplay controlled by the Linden Labs T.o.S "There's 3000 dollars in un-collected "GO" money" I'm gathering you mean Lindens, which equates to around US$15, of course I could be wrong you entire scenario from this point onwards is bizarre.

Re:short answer - No (0, Flamebait)

iminplaya (723125) | more than 6 years ago | (#21550461)

"There's 3000 dollars in un-collected "GO" money" I'm gathering you mean Lindens, which equates to around US$15, of course I could be wrong you entire scenario from this point onwards is bizarre.

I guess you never played Monopoly. And judging by your reaction to my post, you seem to be the sensitive type with a thin skin and an inability to comprehend the "editorial" you. As for the rest of your post, I don't understand a word you said. It made no sense. Have fun playing "The Game". Look it up :-)

Welcome, welcome to "You bet your life. Say the secret woid and win a hundred dollars. It's something you always have with you."

Re:short answer - No (2, Insightful)

SJ2000 (1128057) | more than 6 years ago | (#21550503)

I'm just tired of people's crap about SecondLife when all they appear to know about it is crap they read, experience it properly then I'll respect your opinion. If this isn't the case then speak up, currently your analogies don't even parallel was occurs in SecondLife. All I did was take apart your previous post and rebutted, not really much to it other then that. What didn't you understand? I'll rephrase it

Re:short answer - No (1)

iminplaya (723125) | more than 6 years ago | (#21550585)

What didn't you understand?

All of it. It didn't relate at all to what I was saying. I have no idea where to begin.

It not about SL in particular. It's the whole attempt to meld two totally unrelated things together. This is another rehash of, "Does virtual rape equate the real thing". Are you going to put people in a real prison for it? Are you going to tie up real public resources over what happened in a game? It's insanity. That aspect of it IS real. What happens in these games should stay there. When the computer is off the game doesn't exist except within the context of the itself. Oh Christ, now you got me into that outlandish concept. I quit! I'm going to get a real beer and get real drunk and throw up real vomit.

Re:short answer - No (1)

SJ2000 (1128057) | more than 6 years ago | (#21550689)

"Does virtual rape equate the real thing". Are you going to put people in a real prison for it? Are you going to tie up real public resources over what happened in a game? It's insanity. What does this have anything to do with this topic? Of course we shouldn't arrest people for that crap, we're not talking about moral or ethical issues. This is an financial one. The fact is SecondLife is for entertainment and people pay money for that, stop going offtopic with other issues. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess? Probably but it'll never happen, too much administration and bureaucracy. They would shutdown the service if that occurred or radically change their business model to suit.

Re:short answer - No (1)

pnewhook (788591) | more than 6 years ago | (#21551383)

Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?

*Guarantee*? No of course not - no one can guarantee nothing will ever happen. But expect reasonable care as any legitimate business should? Sure, why not?

The operators of SecondLife can no more guarantee that you will not get robbed in the game than the polititians and police can guarantee that I wont get robbed walking down the street.

Re:short answer - No (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21550933)

I'm going to get a real beer and get real drunk and throw up real vomit.

So typical of real spics.

Re:short answer - No (1)

mstahl (701501) | more than 6 years ago | (#21550889)

Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"?

That's the thing. Linden dollars are supposed to equate to real money. You buy them. Why you'd want to do that is beyond me but there it is.

Re:short answer - No (3, Interesting)

walt-sjc (145127) | more than 6 years ago | (#21550947)

Yes, Linden dollars do equate to real dollars. You can buy them, or you can create them by creating objects people buy or offering a service that other people pay for. Why do people buy? It's part of the game. Nearly every game out there costs money. Many are subscription. SL is similar. You can always play and not spend any real money at all. as most places to visit are free, and there is plenty of free items out there.

It's entertainment. People are willing to pay for entertainment.

Re:short answer - No (1)

DaleGlass (1068434) | more than 6 years ago | (#21551245)

What kind of real items are you buying in Second Life?

SL works as a convenient paypal-like money transfer system. People pay me for programming projects through SL.

It's quite possible to make a living from it. I currently probably could live exclusively from SL.

Charles Stross: Halting State (1)

midgley (629008) | more than 6 years ago | (#21551477)

A good novel. Covers some of this. It starts with a bank raid by a group of orcs with a dragon for fire support...

Re:short answer - No (1)

Just Some Guy (3352) | more than 6 years ago | (#21551489)

What kind of real items are you buying in Second Life?

Money. SL lets you buy and sell real world currency. If someone has a credit card on file, you could use their character to buy quite a lot of money and transfer it to another user before trading limits kicked in. I'm sure there are no end of effective laundering schemes to get it back out cleanly.

Re:short answer - No (1)

ILuvRamen (1026668) | more than 6 years ago | (#21550245)

I guess they modded you down cuz they couldn't find the "amen to that" mod category. I mean seriously, what are they gonna do, FDIC insure it? Give me a break.

Re:short answer - No (1)

darkhitman (939662) | more than 6 years ago | (#21550319)

I could say the same [imdb.com] to you, Mr. Anderson...

Re:short answer - No (1, Insightful)

JustShootMe (122551) | more than 6 years ago | (#21550409)

There's always a mod that mods these kinds of comments down as flamebait. It doesn't make them any less true.

Personally, I don't at all see the appeal of "second life". If you're going to be involved in something that is just like real life, but is not real life, and is an inferior low resolution copy to boot, why not just go to a park and watch the squirrels play?

Of course, I'm here commenting at 12:30 on a Sat. night, so I'm not exactly taking my own advice. But it's still good advice.

I start to think more and more that second life is just another manifestation of the ongoing trentd for Americans to retreat into their own little worlds and live in as much fantasy as possible. Probably because life sucks so much...

This comes from a BLOG owner (4, Interesting)

SmallFurryCreature (593017) | more than 6 years ago | (#21550611)

Can I tell you a little secret about life? It is pointless.

You are born, you die. In between you have to work a lot of hours to... well to postpone the dying part or at least make the dying part less unpleasant.

Luckily, in the west we have become good enough at postponing death that we have some spare hours in our days. So we got to waste them, some watch sports, some have sex, some read books and some play games.

It is ALL useless.

Blogging got to rank near the top of most useless activities and as such you are in no position to critize second life players. You are a pot, so keep quiet about the color of kettles.

I wish people were a little bit more honest about their personal time wasters. Friend of mine follows all the soccer tournaments in the world, yet thinks playing games is a waste of time. Eheh.

Stop blogging mate and save the world or accept that you are wasting your time just as much as people who care about some silly online game.

Re:This comes from a BLOG owner (1)

walt-sjc (145127) | more than 6 years ago | (#21550967)

It's as pointless as any other video game, fiction book, movie, music, sporting event, party, etc.

Oh wait - maybe entertainment is not pointless. Maybe it lets us express ourselves, or enjoy our time outside of work. Maybe SL is a way to interact with people from different countries / cultures - playing together. Or you can spend your life working, eating, and sleeping and nothing else. I think SL is a little silly, but I feel the same about all video games.

Re:This comes from a BLOG owner (1)

gmezero (4448) | more than 6 years ago | (#21551819)

But in Second Life you are now socializing and possibly conducting business for your employer. Many companies are utilizing Second Life as a virtual meeting space to conduct international meetings.

Re:short answer - No (1)

CronoCloud (590650) | more than 6 years ago | (#21551435)

Personally, I don't at all see the appeal of "second life". If you're going to be involved in something that is just like real life, but is not real life, and is an inferior low resolution copy to boot, why not just go to a park and watch the squirrels play?


Second LIfe is not like RL, for one, I can't fly in RL. Neither could I meet a tiny squirrel, hop in Ornithopters and shoot at each other. Or play En Garde with the squirrel, or go to a musical performance with the squirrel, or say build something really impressive, say a replica of the London Eye, with the squirrel.

Not that I have done any of that with a Squirrel in SL.

SL is what one makes of it.

an alternate, and more entertaining solution (5, Funny)

User 956 (568564) | more than 6 years ago | (#21550145)

Risks for users are reportedly limited because the researchers say the flaw can be quickly patched.

Yes, well, the other solution to this flaw is to simply spend all your money on entrance to the tentacle hentai simulator.

Re:an alternate, and more entertaining solution (0)

Anonymous Coward | more than 6 years ago | (#21550401)

It does exist, but it's free.

Re:an alternate, and more entertaining solution (2, Informative)

CronoCloud (590650) | more than 6 years ago | (#21551415)

Anonymous coward is telling the truth. I've seen one that someone made. Pictures? Wouldn't you like to know. :-) But this might be a location to check out:

http://slurl.com/secondlife/bel%20Highland/171/143/33 [slurl.com]

Should be near where you can get the baby unicorn. NSFW link:

http://www.secondlifeherald.com/slh/2007/09/afternoon-delig.html#more [secondlifeherald.com]

It might be a custom thing though so it might not actually be there.

I'm sorry (0, Flamebait)

Deltaspectre (796409) | more than 6 years ago | (#21550173)

I run the Linux client, perhaps you could deliver this streaming video.... so I can more easily turn it off.

Re:I'm sorry (2, Interesting)

Deltaspectre (796409) | more than 6 years ago | (#21550193)

On a weird side related note, after posting that I noticed Firestarter was flashing red and 16 attempts on various ports from an IP that resolves to slashdot.org were recorded... What gives for that?

Re:I'm sorry (3, Interesting)

deftcoder (1090261) | more than 6 years ago | (#21550361)

Anti-spam thing.

Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).

They're ports commonly used by proxies and such.

Re:I'm sorry (4, Informative)

wertarbyte (811674) | more than 6 years ago | (#21550597)

Every time I post on Slashdot, it takes forever for me to Submit the post, because I get probed on a few ports (which timeout).
Set your packet filter to REJECT instead of DROP. Dropping packets i usually a bad idea and sounds like some kind of obscure desktop firewall in "stealth mode".

Re:I'm sorry (2)

deftcoder (1090261) | more than 6 years ago | (#21550879)

Or netfilter rules with a DROP policy. :)

I am only forced to use Windows at work. :/

Not-so-virtual (5, Insightful)

Calydor (739835) | more than 6 years ago | (#21550181)

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

Re:Not-so-virtual (1)

Credible (812975) | more than 6 years ago | (#21550263)

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.
That's not the test. The question is whether you can buy real currency with lindens.

Re:Not-so-virtual (5, Informative)

SJ2000 (1128057) | more than 6 years ago | (#21550429)

Yes, you can using Linden Labs own exchange to turn US$ to L$ vice versa. Look on their website

Re:Not-so-virtual (2, Insightful)

icepick72 (834363) | more than 6 years ago | (#21550391)

But I buy monopoly money with real money and there's no need to guarantee the safety of it because I've purchased play money. Linden dollars don't do anything either outside the context of a game. You have your virtual and real worlds mixed up.

Re:Not-so-virtual (2, Insightful)

bob.appleyard (1030756) | more than 6 years ago | (#21550701)

No guarantee of safety? If someone steals your property (ie. the game or its fake money) would the poilce not deal with it as theft? It's exactly the same thing with Second Life, someone buys a product (game money) and that is taken from them without consent. Just because you don't value their property doesn't mean it has no value.

Re:Not-so-virtual (3, Insightful)

cos(0) (455098) | more than 6 years ago | (#21550393)

You can buy anything with currency. The real test might be, does the government have an interest in protecting the integrity of Linden currency to the extent of US currency?

Alternately, can one buy US currency with Linden currency? However, this test would merely cause theft of Linden currency to be a crime with "real" damages; it would not require the storage and management of currency to be as secure as with banks.

Re:Not-so-virtual (1)

walt-sjc (145127) | more than 6 years ago | (#21550981)

As was said elsewhere, yes you can sell your Linden dollars in exchange for real US dollars.

Re:Not-so-virtual (1)

vertinox (846076) | more than 6 years ago | (#21551573)

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

IANAL or an Economist but...

True, but the Linden dollars aren't insured nor backed by Federal Banking and SEC regulations.

If Linden folds or they decide to devalue their currency then you have no legal recourse. Since there is no physical or scarcity limitation to their currency, once cannot 'steal' it from you because it never left the linden servers and it most likley still Linden property unless specified so in the contract or EULA.

Now, I remember something about how Linden EULA was very generous when it comes to ownership (someone please bring more details on this since I'm clueless how far this goes), but unless the contract specifically entails that Linden will insure the Linden dollar against theft or devaluation then you have little recourse other than good faith.

I suppose in the end you could sue Linden for a breach of contract and they could sue the thieves for violating the rules of conduct, but you couldn't directly sue the thieves (since you didn't have a contract with them) nor press charges since legally the Linden dollars is still in Lindens hands.

Now, I know banking and stock market works a bit the same but the reason they are different is because of the SEC and Federal Rules your bank and broker must play by or face legal action by the government. Linden does not.

Perspective anyone? (1)

uptownguy (215934) | more than 6 years ago | (#21551585)

The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.


The hack raises tough questions for operators of amusement parks. Should the ski ball tent be as secure as banks and guarantee the safety of money and property that kids stuff in their pockets?

Considering that you buy little red tickets with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

Come on. Get some perspective.

Old recommendation, Quicktime prob killed soon (5, Informative)

AySz88 (1151141) | more than 6 years ago | (#21550191)

If you take a look at the Second Life blog [secondlife.com] , you'll see that the referenced recommendation was from a couple of days ago (November 30). A paragraph in the blog seems to say that if LL starts noticing exploits, they'll kill all QuickTime on the grid and maybe roll back exploit-induced transactions - expect this to happen soon.

We do have the ability to turn off all videos on the grid, but have instead chosen to respect the existing in-world content and experiences which rely on streaming video, as we know that many of you enjoy these. We do recommend that you employ caution when using QuickTime in Second Life, only enabling it in environments that you trust, and are familiar with.

We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker. This will include account termination and legal action if appropriate, as well as the appropriate assistance for affected Residents.

omgwtfbbq (3, Interesting)

slyn (1111419) | more than 6 years ago | (#21550381)

Ummmmmmm...

Can someone explain to me why Quicktime is so fucked up? I'm dead serious, and I ask this as a mac user.

It seems like all the time there are new exploits for all different types of services (firefox exploits [slashdot.org] , myspace exploits [eweek.com] , this, etc.) with one thing in common: It's not [necessarily] the services fault, it's Quicktime's. Is there something about the architecture of Quicktime that makes it particularly exploit friendly? Or does it not do enough checking to see if the file is malicious? Is Quicktime crack-friendly on both platforms or is it a shitty port like iTunes for windows and thus mostly windows only exploits?

I tend not to use Quicktime because it takes to long to load movies, (unlike VLC, which "streams" them and so it begins playing them almost immediately), but if any more exploits begin showing up for Quicktime, I may seriously consider not using it at all.

In a Related News Story (3, Funny)

poena.dare (306891) | more than 6 years ago | (#21550629)

In a Related News Story... Police are still trying to explain how one million iPhones with infected copies of QuickTime have managed to induce their owners to foolishly hand large sums of cash to complete strangers. "What's especially troubling," confided one investigator, "is that we can't get 10 feet into an Apple Store before our team members are compromised!"

Re:Old recommendation, Quicktime prob killed soon (1)

gad_zuki! (70830) | more than 6 years ago | (#21550411)

Im just blown away that quicktime doesnt have some kind of auto-updated, only itunes does. Ideally, Apple should be asking MS to put whatever patch they have into XP's auto updater like Adobe did when Flash had the vulnerability.

Re:Old recommendation, Quicktime prob killed soon (1)

JackMeyhoff (1070484) | more than 6 years ago | (#21550631)

They do, its called "Apple Software Update". I bet most people remove it.

Real life banks are not secure. (4, Insightful)

WK2 (1072560) | more than 6 years ago | (#21550201)

Real life banks are not secure. They are just as likely to be hacked as any other web site. In the U.S., they are FDIC insured, though.

Re:Real life banks are not secure. (3, Interesting)

twistah (194990) | more than 6 years ago | (#21550739)

Well, that's true, but there are lot of regulations in the U.S dealing with bank security. Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA) which deals with customer information and several others must be complied with. Other countries have them too; for example, J-SOX is Japan's SOX equivalent. This means that the bank gets audited, often by two sets of outside auditors, which helps security at least somewhat. Most banks and credit unions also often go through penetration tests and vulnerability assessments, if only to keep their examiners happy (as in, the NCUA, OTS, or whoever they happen to be chartered with.)

It's interesting to consider how these things may apply to Second Life and Linden Labs. At some point, some regulation must come into play. For example, if credit cards are processed, they must comply with the credit card industry's PCI standards. I am not saying compliance with these various regs is an answer to their problems, I just think it's interesting to consider how these apply to something non-traditional like SL.

Re:Real life banks are not secure. (1)

Jugalator (259273) | more than 6 years ago | (#21550963)

I don't know how I should best put this or if you're joking but -- no, bank web sites are usually more heavily scrutizined against attacks, and it seems successfully so. Bank sites should logically be major hacker targets, but the only way I use to see people "hack" themselves to find any bank account details here is by having people run a trojan in a mail in advance containing a keylogger. Or go to a web site set up to look like a bank site and have the user input the private details there. But in neither of these cases is it really a bank security problem.

I must say I don't really recall a national bank here being attacked "for real", but I recall plenty of other categories of web sites.

Re:Real life banks are not secure. (1)

ronadams (987516) | more than 6 years ago | (#21550987)

As a technical and web infrastructure consultant, I take offense to that remark. Any financial institution worth it's money takes very serious care in web security. Nothing is bulletproof, but to say that myspace.com and usbank.com, for example, are equivalent is absolute nonsense.

Oh, and the stuff the poster above me said is true enough as well.

Cause? (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21550215)

So the cause is Apple?

Re:Cause? (1)

SJ2000 (1128057) | more than 6 years ago | (#21550255)

Yes, thank the god of your choice. There is at least one sane person here...

Facts about Negroes and Chinks (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21550217)

Even as workers step on land mines or get slaughtered by rebel groups, Chinese are drilling oil, mining precious metals, and building the infrastructure all across the continent of Africa. As many as 100,000 Chinese are toiling in Africa.

Chinese bosses pay Africans $5 a day and, according to Newsweek, refer to their African employees as "monkeys" and "pigs." Chinese companies do not allow fraternization between Chinese and Africans. Any Chinaman suspected of getting romantically involved with an African is immediately sent back to China.

Re:Facts about Negroes and Chinks (0)

Anonymous Coward | more than 6 years ago | (#21550421)

Five dollars a day is actually a pretty decent wage in a lot of African countries.

Re:Facts about Negroes and Chinks (1, Funny)

iminplaya (723125) | more than 6 years ago | (#21550531)

Chinese bosses pay Africans $5 a day...

But they're Linden dollars. They can buy you a nice juicy Linden T-bone. That'll put some meat on their bones.

Re:Facts about Negroes and Chinks (0)

Anonymous Coward | more than 6 years ago | (#21551257)

5 USD/day sounds pretty good in Africa for someone who probably never went to school and has zero marketable skills. For example - Indonesian maids get paid about the same or even less (USD100/month).

Just because it seems low compared to what you're used to doesn't mean they're extremely underpaid, it could mean you're overpaid ;). Demand and supply.

Anyway as more and more Africans get jobs and hopefully better infrastructure (education, utilities etc), maybe in the next generation or so jobs might not be "outsourced" to India, but Africa instead ;).

And would that be so bad for the Africans?

If the Africans don't like the Chinese (who are definitely not the least racist bunch - lookup gweilos, ang moh gui etc ;) ) they could either help themselves or get help from others like the Westerners.

fantastic (0, Flamebait)

ILuvRamen (1026668) | more than 6 years ago | (#21550231)

Well fan-fricken-tastic for them. Pardon me if I don't care since my 2 year old account just got stolen in SRO because of some idiotic glitch in the company's website or something. It let anyone change your account's password AND e-mail on file so you can't recover it. I was one of the richest people in the entire game. Basically all the famous high level people's accounts are trashed now so everyone's quitting and pissed and threatening to blow up all of South Korea etc. I wouldn't be surprised in the least of the entire game goes under now.
So what's the point of me telling you all this? Because this is what could have happened.

Scare mongering (0, Flamebait)

SJ2000 (1128057) | more than 6 years ago | (#21550233)

This is simple scare mongering this article and it's no different to surfing around the web except it's in 3D and you walk around. Plus you can just turn off video streaming so go take your crap elsewhere. There has been NO suspected content as of yet to be said to have used the Quicktime Exploit in SecondLife, so no "crime wave" was thwarted. I'm tired of all the anti-SecondLife crap, it's a game which some people don't like, ok, get over it. Get back to your first fucking life which doesn't involve bagging out some stupid game. You want to bag out SecondLife? Do it on something with merit like the crap customer service, the crap uptime or pathetic reliability at least that has basis.

guarantee the safety of money and property? (1)

timeOday (582209) | more than 6 years ago | (#21550239)

For something like this that's easily classified as a bug, yes.

However, at some point they will encounter the gray areas, which are resolved by courts in real life - do they really want to go that route? For instance, are there "lemon laws" for in-game purchases, and contract law for in-game agreements? Take the whole "who owns Unix" debacle Novell and SCO have been engaged in. What if second-life outlaws resort to bartering with some other scarce resource besides money to circumvent all the rules? Property is a nice concept, but it's still a made-up concept that is whatever it is defined to be, so policing it will be almost as messy as in real life.

SL's economy is a giant sinkhole anyway (5, Insightful)

Carbon016 (1129067) | more than 6 years ago | (#21550259)

As someone who has been quite directly involved in Second Life (or at least griefing it), I know SL pretty thoroughly, and I especially know there are two attractions to Second Life: sex and money. They're readily interchangeable, and they're the only reasons anyone uses it, despite claims to the contrary by media-whorish Linden Labs. You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim. News about security problems is common because there's so much money going through the system and a lot of people looking to exploit it, as well as a wealth of disorganized, terrible code.

A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately. Yes - there are Second Life banks, (multiple) Second Life stock exchanges, and all sorts of economic institutions: however, the operators of these venues often don't know the difference between an interest rate and their shoe so most people that end up dumping their funds into them lose all their money. Some people have thousands if not tens of thousands of dollars tied up in the game. As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it. So economic problems are pretty common. Guaranteeing anything is a difficult proposition for the companies running the games: most have simply said "the *unit of currency here* is not money, nothing is guaranteed" to avoid lawsuits when someone messes up and loses a grand because a sim went down. So it's a dangerous game and the only real winners in "investing" in Second Life are LL.

Re:SL's economy is a giant sinkhole anyway (1)

SJ2000 (1128057) | more than 6 years ago | (#21550293)

"Ginko Financial" was not a bank. The fact you can't recognize this means you know shit. The economy started going down hill because Linden Labs finally said they would obey the law and banned in-game gambling.

Re:SL's economy is a giant sinkhole anyway (1)

Carbon016 (1129067) | more than 6 years ago | (#21550327)

What exactly is your definition of a bank, then? Ginko provided deposit and withdrawal of currency and issued loans. Everyone from Reuters to Philip Linden [reuters.com] called it a bank. Regardless, any economy with such a capital system (the Lindens frequently mess with it without respect for economic consequences) will ultimately fail, content ban or not.

Re:SL's economy is a giant sinkhole anyway (1)

SJ2000 (1128057) | more than 6 years ago | (#21550399)

Bank in the legal sense. If it's not a legal bank it's not a bank

Re:SL's economy is a giant sinkhole anyway (2, Informative)

RichardX (457979) | more than 6 years ago | (#21550321)

My most insincere apologies for undermining your point of view, but I use Second Life for reasons which do no include sex or money. To me, it's like Lego, but even more fun in many ways. You can build 3D objects, with an extremely limited toolkit where somehow the limitations make it more fun, and then you can give those objects behavior via scripting. Then it gets really fun when you share in those objects with other people you meet there.

Oh noes. What's that you say? There are furry tentacle-rape freaks on SL? Guess what? I don't care. They don't bother me, and I don't bother them. Personally, I've had a lot of fun on SL which has had nothing to do with sex or money... but don't let my little anecdote get in the way of your rant.

Re:SL's economy is a giant sinkhole anyway (1)

RichardX (457979) | more than 6 years ago | (#21550339)

Yeah, before someone points it out, I typoed "not" for "no".. when will Slashdot get with the 1990's and add an 'edit' button?

Re:SL's economy is a giant sinkhole anyway (0)

timmarhy (659436) | more than 6 years ago | (#21550415)

"Personally, I've had a lot of fun on SL which has had nothing to do with sex or money"

lies make baby jesus cry.

Re:SL's economy is a giant sinkhole anyway (2, Interesting)

cruachan (113813) | more than 6 years ago | (#21550875)

Well all this says is that you're a not very nice person who is obsessed by being an asshole (griefing), sex and money. Of course there are loads of people in SL doing the cybersex thing, and if that's what you go looking for then that's what you'll find. But it's a bit like going to Amsterdam, just touring the red light district, and then concluding everyone in Amsterdam is just interested in buying and selling sex.
Myself I run a quite profitable RP-orientated design business which nets me around USD$500 a month. I don't earn at real-life pay rates, but SL has basically replaced the time I used to spend playing other games and the like, so I now have entertainment that pays me :-). Most of the people I deal with are there for entertainment in various forms, and certainly not the cybersex obsessed griefers you hang with.

Re:SL's economy is a giant sinkhole anyway (4, Informative)

Jesrad (716567) | more than 6 years ago | (#21551127)

"You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim."

In three years sent in Second Life I have not done any of this. I must some weird and very persistent aberration, then. Or maybe you're just wrong.

"As the Linden (the currency of Second Life) is not based on anything"

It is based on the USD, and maintained at a rather fixed rate by LindenLab acting as a central bank. It's not perfect, but it has worked remarkably well so far.

"Linden Labs simply dumps currency into the market whenever they feel like it."

No, they sell some L$ only when they rate drops under 265 L$ per 1 USD to maintain the rate, and they buy back the L$ when the rate goes higher than 266 L$ per 1 USD (though they apparently never have had to do that). That's not "whenever they feel like it".

"So economic problems are pretty common"

Err, no. The L$ has been exceptionnally steady ever since LL introduced the measures I pointed out above, and the vast majority of players have zero problems with it. Only those who want to play games with their money and that of other people are taking risks. You're obviously confusing economy with finance if you conflate financial institutions like the "banks" and "stock exchanges" with the economy itself. But then, that's to be expected on a technology-oriented website like /.

Re:SL's economy is a giant sinkhole anyway (2, Informative)

ronadams (987516) | more than 6 years ago | (#21551141)

Being some random griefer who sends flying phallic objects across the Metaverse doesn't make you an expert in anything except flying genitals. So let's step through your insolent propaganda point by point.

  1. "...they're [sex and money] the only reasons anyone uses it [Second Life], despite claims to the contrary by media-whorish Linden Labs."
    Perhaps you're not aware of the number of corporate entities [blogs.com] using Second Life, not even for direct profit, but simply as a platform to deliver product information, such as Sun Microsystems [sun.com] , or the educational institutions [simteach.com] using it as part of a prototype distance learning initiative, such as Bowling Green State University [bgsu.edu] . Maybe you're not aware of the high-profile full-time businesses [wikipedia.org] in Second Life, or the many [businessweek.com] , many [sun.com] articles reputable business publications have written noting the unique opportunities that exist in SL. There's much more than just sex and money. As in real life, there is entertainment, education, experimentation and economy. You know little about these because you spend all your time making the experience inconvenient [secondlife.com] for others.
  2. "A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately."
    This was no surprise to anyone not stupid. [reuters.com]
  3. "As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it."
    A quick look through the SL Economy metrics [secondlife.com] and blogs shows you're full of it. There is an actual regulation to the currency in SL, you're just ignorant of it.
  4. [Your last statements]
    Again, your ignorance shines through. Do you do any investing in the real world? Do you know what happens when you invest 100k in prime real estate in California and an earthquake devastates it? Unless you took out insurance of some kind with an organization who certainly makes more than they will ever put out (on a sidenote, there are investement insurers in SL), you are SOL. Linden is careful to use the terminology "unit of trade" for the Linden dollar, because the Metaverse is not a seperate governmental body, has no legal jurisdiction in the real world, and wants to avoid the IRS putting their grubby mitts any further in. If you are foolish enough to make an unwise investment in SL, then, just as in real life, you learn that a fool and his money are soon parted.

In conclusion, please know what the hell you're talking about before you respond. And stop griefing the Metaverse, it's obnoxious.

HY MOOTYKIPS (0)

Anonymous Coward | more than 6 years ago | (#21551431)

nt

It's been a while ... (1)

bdraschk (664148) | more than 6 years ago | (#21550343)

since the last Second Life story, even on other online news sites who were big into that second life thing.

Isn't it dead already? Second Zombie?

Re:It's been a while ... (1)

Kreigaffe (765218) | more than 6 years ago | (#21551047)

It was never really that big to BEGIN with... it just happened to have three things going for it.

apparently, many writers are closet furries and so play second life.. and it's not a traditional game with, you know.. a purpose. or anything to do. so they could get away with raving about it at work as some sort of ultra-hip new thing. and finally, since nobody ever fucking heard about it, all you've got to go on is all this hyperbole bullshit speak and so until you actually take 15 seconds to look closer at the game, until you have some basis for judging it other than some complete deviant's testimony, it might sound neat.

The rules of the game (1)

mcrbids (148650) | more than 6 years ago | (#21550385)

In the real world, we have real, physical rules that determine what we, the "users" have to live with. Cops and the like work within those rules but since they don't make the rules of the universe itself, represent (at best) a 2nd-rate answer.

That cops can't enforce the law 100% is due to the fact that they didn't make the universe; that onus belongs to either God or a random Higgs field.

Here, however, the programmers are god-like. They make the rules of the universe. All of it. Therefore, the onus DOES fall on them. If they take money for goods that then get taken in a universe they otherwise control, shame on them.

It's little different than if you were a merchant and sold somebody a widget that was then stolen before delivery. Regardless of the mugger, you're still obligated to deliver the sold widget or return the money. The store you own is "your universe" and you are obligated to perform as expected within it.

Now, if, within the rules of the game, somebody swindles somebody else, then that onus belongs on either the sucker (buyer beware!) or the swindler (cradle-to-grave) but that's more of a political decision between the users of the game since the universal law of the universe/game has not been broken.

whoplayssecondlife? (0)

Anonymous Coward | more than 6 years ago | (#21550453)

Odds are good that not only do more people play second life than browse slashdot, but doubtlessly a greater percentage of sl's population are actually employed in the IT industry (as opposed to simply whining about how shit isn't free on /.).

Second Life? (0, Troll)

catdevnull (531283) | more than 6 years ago | (#21550455)

I am amazed by the number of people that actually participate in second life. If you're silly enough to fork over real money for "Lindens," you deserve to be parted with them in SL.

Re:Second Life? (1)

jibjibjib (889679) | more than 6 years ago | (#21550513)

I am silly enough to pay money for entertainment. Is there a problem with that?

Re:Second Life? (1)

DaleGlass (1068434) | more than 6 years ago | (#21551251)

I don't fork money, I earn it! My return from SL is very positive and approaches that of a job I could live on.

No Exceptions. (1)

lordsid (629982) | more than 6 years ago | (#21550589)

Having exceptions to the no streaming rule is silly until this exploit is fixed. The reason being is now hackers just need to get control of a "trusted" venue.

No Snowcrash tag? (1)

GroeFaZ (850443) | more than 6 years ago | (#21550639)

Is everyone still asleep from partying in their mom's basement?

Am I the only one who doesn't get it? (1)

lena_10326 (1100441) | more than 6 years ago | (#21550713)

And to think I was concerned about a trojan getting installed on my PC that would steal my USD from my checking account rather than Lindens from my SL account. Sorry, I'll get with the program soon...

Tag this "snowcrash" (1)

dino2gnt (1072530) | more than 6 years ago | (#21550805)

n/m

Not surprising (1)

sixpacker (687012) | more than 6 years ago | (#21550865)

SL is just a scammers' paraidse when it comes to money.
Especially all those scam banks just take your money and one day just disappear. The problem is LL doesn't do anything about this and nobody knows where the money goes.

A funny thing is an SL journal was interviewing a 22 year old kid from Denmark, who owned a scammish bank in SL.

Do a significant number of people play this? (1)

fortunato (106228) | more than 6 years ago | (#21550881)

Seriously. I don't know anyone first hand who has a "second life" character. How does this MMO universe compare to say, WoW, or any other established MMO? I find it a little bit amazing that it gets all the press it does. I actually played for all of about 5 minutes before I realized it was really pretty boring. I just don't see the attraction myself, but different strokes for different folks I guess. Is it really such a significant online environment worthy of all the press it gets? I see a lot of news about it relatively often, but I wonder if its just not an environment more accessible to journalistic types rather than a notable or significant phenomenon. I would be truly interested to know the typical kinds of people that put a good chunk of time into it. While Wow, for example, seems to cater to just about anyone that plays any sort of computer/video games, Second Life would certainly seem to be an extreme niche sort of market to me. Of course I could just be old and no longer hip. ;)

Re:Do a significant number of people play this? (1)

CronoCloud (590650) | more than 6 years ago | (#21551341)

I'll help you out. You post on Slasdot, you're a geek.

Second Life appeals to non-geeks, even more so than WoW. It also appeals to creative types, say the folks who are art students, jewelry designers, graphic designers.

When you played SL for those five minutes, what did you do? Did you try out the building and scripting tools? Did you try Googling for interesting stuff to do? Did you try the "head for a clump of green dots and see what's up game"? Did you talk to anyone at Orientation Island?

Re:Do a significant number of people play this? (1)

Monoliath (738369) | more than 6 years ago | (#21551417)

I've always found that the only real problems I with second life...is the atrociously shitty graphics and world interface. The concept to me...is just an extension of the newer GTA Series. (I'm not sure which came first, I do apologize)

If a world engine much like Grand Theft Auto San Andreas was used, I think the game would attract many more 'serious' gamers.

Then again, perhaps this isn't feasible due to the size of the world within Second Life?

I agree with you though...I've tried getting into the game on a number of occasions, and I just can't bear using such horrible crappy controls / character movement combined with a doof-tard interface with vomit inducing graphics and object interfaces.

Sort of (0)

Anonymous Coward | more than 6 years ago | (#21551481)

Yeah, though I wouldnt compare it to WoW, which is the only MMO I can think of that has gotten publicity outside of gaming circles. Most people sign up, play for 5 minutes, realize the game, in 2007, has late 1990's graphics (even with the new windlight client, the graphics are still antiquated as fuck.) and offers nothing truly interesting.

The real entertainment is when you pick up a gun that sends other players flying off the grid and disconnecting.

otherwise, it's just drama and neko/furry sex.

the other valid use for it is interactive distance learning.

but LL only likes it when schools just pay for a sim and then dont do anything with it other than become another statistic they can point to and say "SEE? EDUCATIONAL INSTITUTIONS use us! see?! we're useful! pls invest in us." because if you actually make use of it, you get your money and your sim taken away. there was a school sim that went through that shit, then it was spun into the school plotting to destroy the game or some retarded shit so they look like they're taking initiative against "griefers"

Linden labs only cares about your money, providing an actual service for said money isnt in their agenda. and when people get scammed? they dont care, it isnt their problem. they know that most of the people who got ripped off will continue playing because they're addicted to the drama and strife. plus, the company gets a nice cut of that scammed money when it's exchanged.

So it's win-win for them.

Also, people argue the fact that there should be consequences for them being scammed..

really now? according to LL's flawed TOS, everything is theirs, nothing is actually owned by anyone but linden labs, the only thing stopping them from taking everyone's stuff is well, the will to make money, but if you ever turn on client debug info, and look at the tools the lindens get to use in the client itself, there are tools that can instantly take ownership of items a user "owns"

So basically, once you transfer your money to linden labs, its theirs, if you lose it inworld, it isnt their problem that you misspent your credited money that they havent lost at all.

The question remains... (0, Redundant)

Stanislav_J (947290) | more than 6 years ago | (#21550917)

I've never been able to figure out why it's called "Second Life" when most of the people there have no "first life" to speak of.....

Zonk is an IDIOT (-1, Troll)

Danathar (267989) | more than 6 years ago | (#21551057)

"The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

What is with you anyhow (to Zonk). The stories are OCCASIONALLY ok, but your conclusions are idiotic

Who cares about furries? (0)

Anonymous Coward | more than 6 years ago | (#21551077)

Why do we have a front page article about a bunch of fucking furries? You may as well talk about Furcadia as about Second Life.

Honestly (0)

Anonymous Coward | more than 6 years ago | (#21551303)

Zonk has to be a lame 2nd lifer/ no lifer himself to keep posting all this retarded crap about some obscure POS software that maybe 0.0001% of the world uses

Thoughts? (1)

fozzmeister (160968) | more than 6 years ago | (#21551309)

If your in a game and get killed, then someone takes all your money, obviously it's a crime in SL, but is it a crime in the real world too?

Re:Thoughts? (0)

Anonymous Coward | more than 6 years ago | (#21551535)

nope, read the TOS some time, you'll see how wickedly evil it is, and how stupid most players are, taking SL for granted as if real laws apply.

it all comes down to this:

when you upload, when you create, when you transfer real money into SL.

It all belongs to linden labs, they own everything. it's all centralized on their physical property as well.

it may extend to real life if real money is being directly used or lost.

"wait, it is real money!"

it was. it's now credits that you bought that can basically be refunded at a lower value. it's LL's money. if you lose your purchased credits to someone else you trusted in the game, too bad, now they have more to refund and you dont.

So really you lost your money when you gave it to linden labs and there's not one god damned thing you can do about it.

great scam. the only other scam that's just as sneaky, yet more epic is that shitty game, furcadia, where you pay real money for a bunch of pixelated shit. it's hilarious. the people who thought this shit up have my respect.

More details and video of exploitation (0)

Anonymous Coward | more than 6 years ago | (#21551451)

are available here: http://www.securityevaluators.com/sl/ [securityevaluators.com]

is it a bank? (1)

bahwi (43111) | more than 6 years ago | (#21551509)

If it's trying to represent a "second world" then is there a bank so the character does not carry linden "cash" with them? Because Banks do not protect cash once you've pulled it from an ATM, if you are robbed you are robbed. Gunpoint or buffer overflow. Now, if it's a bank transaction, then yes, they should attempt to protect it with a PIN or password or some other signature, but the players "avatar" should not be carrying it around.

Why should they protect player's cash? Here's why (1)

L. J. Beauregard (111334) | more than 6 years ago | (#21551893)

Should [virtual worlds] be as secure as banks and guarantee the safety of money and property that characters in the world possess?

Do they want their players to keep on playing, and spending that real cash on their Second Life subscriptions?

It gets worse. All QuickTime files now threats. (4, Informative)

Animats (122034) | more than 6 years ago | (#21551957)

This isn't a Second Life problem. It affects all QuickTime players. QuickTime has a recently discovered vulnerability which allows it to be used as a way to inject executable content into the user's machine. This can attack far more than Second Life.

See US CERT Vulnerability Note VU#659761 -- Apple QuickTime RTSP Content-Type header stack buffer overflow [cert.org] . "Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. ... We are currently unaware of a practical solution to this problem.. ... "Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability. Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms."

CERT suggests disabling all the ways QuickTime can be launched:

  • Block the rtsp:// protocol
  • Disable the QuickTime ActiveX controls in Internet Explorer
  • Disable the QuickTime plug-in for Mozilla-based browsers
  • Disable file association for QuickTime files

This vulnerability was first published on November 23, 2007.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?