Saturday, 12 March 2011

Security and Scareware.

The issues surrounding security have become a hot topic in the blogosphere this week...

Avril Korman has a detailed post which is well worth reading charting the recent rise and rise of the nasty Redzone, Quickware, SparrowBee alt busting, IP stealing software that has infested SL over the last months.

Theia Magic has also chronicled this ongoing security soap opera very well and worth reading if you want to get all the details of who is doing what to who.

Avril, however, points to the fact that had the Boys dealt firmly and strongly with the issue when it first arose, maybe they wouldn’t be in such deep manure now... she feels that Soft Linden may not be getting the LL support he should....

...and I do agree entirely with her concluding paragraphs ....

“ It is time *right now* to create FIRM agreement between the TOS and Community Standards, and ban specifically ANY device that has the ability to attempt to match or correlate alt accounts by any means, and give Soft Linden the power he needs to simply rip these things out by the roots the moment they're found- no discussion necessary.”

I remember very clearly being told last year how wonderful the Media On A Prim would be, and how it would make V.2 a game-changer.... but Selavy Oh had done it a year before (I think) by using a simple script, and I’d seen plenty of video screens before the viewer was released.... but I was told I was wrong to be so sceptical.

I do not have the experience or knowledge to be able to say how all this started, how bad the wonderful “media on a prim” security hole is, or why these people have not been treated like the cockroaches they are.

However... I do feel totally reassured when Elenia Llewellyn of InWorldz states categorically...

“Systems such as RedZone are not allowed in InWorldz, because of privacy concerns and the violation of our own ToS. If we should find it here, and it's reported, we will immediately remove it from the grid in it's entirety. ANY third party system that uses the Viewer or a hacked version of the viewer to identify our residents RL information, will be banned, along with the accounts using the systems.”

OK.... so you could argue that IWz can be attacked like SL, but .....and this is the important part... you know exactly which side she’s on..... she won’t be amending ToS to help Redzone...

She is on MY side, and, in the ongoing fight against the cockroaches, that’s what I need.

I don’t think Avril is being over-dramatic when she says, in conclusion...

“This problem is tearing the grid apart. People are refusing to turn media on at all- they're too worried, and even with Sione's media patch, which is making its way into viewers with a slow certainty, most people are not technical enough to be able to discern what a safe media stream looks like from a malicious one. Considering the prevalence of music venues in SL, this could easily cripple the economy.

This problem has the potential to deeply create long term damage for Linden Lab. Second Life is not ubiquitous, like Facebook. It cannot afford a privacy scandal of this magnitude. The Lab must act- and soon, before it's far, far too late- if it isn't already.”

Content theft has long been an issue which many feel the Boys have taken too lightly, if potential identity theft is to rear it's ugly head, then Deep Manure Status is already here..

Now, the RedZone website has been Tateru Nino is offering the following advice...

"Data for the RedZone security system may have been altered or muddled rendering the system untrustworthy (or, some people might say more untrustworthy). Anyone who has logged into the isellsl Web-site at any time should probably change their Second Life passwords without delay.
At present, large chunks of the Web-site are down, and chunks of the database may be missing. It isn’t clear whether there were backups."

Well, bad news for RedZone customers... but then... scareware is a very dodgy purchase and there's very dodgy software out there... that is surely something we all know by now...



  1. I cannot understand how LL does not see malicous hacks as malicous - redzone is a rehash of the copybot debacle.

    Again as it was with copybot first rearing it's ugly head, Second Life is unwilling to do anything with immediate effect.

    Thus dear readers why invest in/use a virtual world that doesnt give a crap!

  2. Brilliant as usual, and what can I say about LL?? *deep sigh* god im glad i got away in time! =O

  3. The smartest move is the one that takes you to Inworldz ;o)

  4. Well, I do think that you not only have to be concerned about security as a grid owner/manager, but you have to be SEEN to be v concerned because the fear is often worse than the reality...

  5. Several thoughts...

    This butts up against the "transparency everywhere" meme and should give people a bit to think on as to why many of us are concerned with such linkings.

    "Any box can be popped with the right resource;
    so your threat model's useless;
    nice report" - Dr Braid, 'Nice Report'

    ... and if you live by the hack (those wanting to sniff everyone else's tracks) you die by the hack (you're going to get sniffed).

    "Take that you cockroaches! Bap-bap-bap-bap-bap!" - Al Pacino as Tony Montana in Brian De Palma's 'Scarface'

  6. I bet about 2% of SL users know about Redzone, and 1% actually care. Lucky for them it's that same 1% that pays the outrageous tier fees and consequently has all the clout.

    Don't get me wrong, Redzone is cancer, no doubt about it. I just think it's being blown way out of proportion.