RSS - Posts
Some time back SecondLife decided they would peel the grid status messages (updates, rolling restarts, login issues, etc.) off of their main blog an put them on a stats blog under the Second Life Grid domain. While I haven’t been on SL nearly as much as I used to be, I totally missed the fact that there was a “potential security issue” that could have left malicious users able to act as if they were you, right down to stealing your Linden dollars.
I kind of have to laugh at the way the Lindens described the potential for stealing your Linden dollars.
In the case of L$ transactions, this action would be visible to you: if this were to occur, the viewer would report the transaction after it occurred in the normal blue dialog box. Also, you are always able to inspect the transaction log to see recent transactions. This would allow you to notice and report these actions for violating the Second Life Terms of Service.
This type of malicious action would constitute a violation of the Terms of Service, and would be against the law in some locations. At this time we have no evidence that this vulnerability was ever exploited.
Wow, both a violation of the ToS and against the law? I bet those meal old malicious users didn’t even think that may be the case.
Anywho, If you haven’t fired up SecondLife since Friday you may not be aware that you’re strongly advised, although not required for some odd reason, to download new viewers, whether you’re running the main viewer (version1.20.15, released 24 July) or the Release Candidate Viewer (1.21 RC2, and please don’t get me started on beta software being called RC’s).
You can get more on the SecondLife Grid Status blog. Personally I think this is just one more reason why I’m looking at the open source Meerkat viewer, although downloads are currently disabled due to SL’s security issue. I saw about the security issue on the Meerkat site, so big thanks to them for letting me know abut it.
