Clickable Culture   Official Research Blog of Phantom Compass
  Entries tagged "" at  
  Subscribe to this tag: RSS 2.0 ATOM 1.0  
  ‘Second Life’ Social System Stratified  
Posted 2006-10-10 by Tony Walsh
Once upon a time, all residents of Second Life were ostensibly equal, but 3 years after the virtual world was launched, the population was split based into "Verified" and "Unverified" social classes. Classification is based on one's willingness or ability to submit identification and billing information to Linden Lab, maker of Second Life. Faced with a huge spike in service-outages caused by malicious users over the last 2 months, some residents say that the Unverified are becoming vilified.

In a move that further complicates matters, Linden Lab announced yesterday that it is considering adding another social class: The "Trusted" resident. The company aims to make denial of service attacks more difficult by affording global programming powers only to Trusted residents. According to Linden Lab, "It is planned that 'Trusted' Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become 'trusted' if your account currently falls outside of that designation." It remains to be seen how terms such as Trusted, Untrusted, Verified and Unverified will be applied, combined, or modified to form new classifications of virtual-world citizen. Finally, Second Life might become the futuristic dystopia I've been waiting for. Now, do I sign up with the underclasses and fight for the rights of the Untrusted and Unverified on the gritty streets of virtual reality, or do I snuggle up to the powerful Trusted and Verified in their glossy skyboxes and sneer at the unwashed below?
  ‘Second Life’ Ravaged By Frequent Service Interruptions  
Posted 2006-10-09 by Tony Walsh
The virtual world of Second Life has been bombarded by denial-of-service attacks this month following a threat last week to "rain terror" upon Second Life-maker Linden Lab and the company's customers. Since the beginning of October, the virtual world was knocked offline temporarily through malicious, self-replicating objects (the easiest and most common form of attack) on October 2, October 3, and October 6, October 8. On October 4, a scheduled global software upgrade that required downtime failed, At the time of this writing, Second Life has been down for over 4 hours due to the discovery of an exploitable software bug [update: SL has been attacked again today, approx 1pm Eastern Time]. Last month marked a spike in operational problems (which seems to have been outdone this month) and a breach of user data resulting in all user passwords being reset as a security measure.

By the end of this year, one million user accounts will likely have been created for Second Life. Roughly ten thousand users are logged in at any given time, and about 160,000 have logged in over the last 14 days. The number of registrations doubled last month from 300k to 600k, and peak concurrency of users rose 25%--this due is largely in part to opening up and relaxing Second Life's registration process, a controversial move some users said would result in an increase in attacks against the virtual world. Last summer, Linden Lab insisted that Second Life is perfectly scalable, but a company rep wrote yesterday that "Open registration unleashed a number of [customer service] challenges that we're still understanding and trying to address." Addressing those challenges "might all take a few months." The company has added staff to handle incoming reports of abuse (about such things as malicious objects) filed by in-world residents.

Continue reading: ‘Second Life’ Ravaged By Frequent Service Interruptions
  Secureplay’s Steven Davis on Recent ‘Second Life’ DoS Attacks  
Posted 2006-10-04 by Tony Walsh
Two denial of service attacks have been launched on the virtual world of Second Life in the last two days [1,2], raising questions about the vulnerability of Linden Lab's metaverse and the company's ability to prevent such attacks from occurring in the future. Early on, Second Life was positioned simply as a social online world with built-in content creation tools. These days, the virtual world has been re-positioned as a platform for serious endeavours such as real- and virtual-world business or education. But how seriously can we take a platform that is so easily crippled?

I contacted Steven Davis, CEO of security solutions-provider SecurePlay, and author of the PlayNoEvil security blog for his thoughts on Second Life's apparent vulnerabilities. Although Davis hasn't ever been "under the hood" of Linden Lab's virtual world architecture, he's been watching Second Life's security situation with an expert eye.

Continue reading: Secureplay’s Steven Davis on Recent ‘Second Life’ DoS Attacks
  Latest DOS Attack On ‘Second Life’ Makes Terrible Boast  
Posted 2006-10-03 by Tony Walsh
The virtual world of Second Life was hit by the latest in a series of denial of service attacks last night. As usual, the attack was delivered via self-replicating objects designed to overwhelm Second Life's grid of servers. The attack rendered the virtual world useless for over two hours while Linden Lab, maker of Second Life, cleaned up the mess and scrambled to address numerous "Live Help" requests. Last month, a Linden codemonkey claimed new security measures were "locked and loaded for emergency deploy," after a spike in security problems, but either the security measures were not preventative in nature, or they failed to properly lock and/or load this time.

According to one witness, the weaponized objects uttered a dramatic message to nearby avatars: "Terror will rain down upon the unfit gods and the flock that they govern, from now until the End of Days." This claim is only laughable for its description of denial of service attacks as "terror," since there seems to be little Linden Lab can do to stop such attacks from ruining the fun of over 10,000 users--until that changes, grid-wide attacks will continue.

Earlier coverage of the attack was provided by Second Life Insider, SLOG, and other sources.
  Armed Robot to Patrol Korean Border  
Posted 2006-09-29 by Tony Walsh
South Korea unleashed its very own battlemech yesterday, intended to hunt down and "supress" North Koreans at the border and eventually become part of the army's regular forces. Reported capabilities include:
  • Detect humans at distances of up to 2km
  • Armed with machine gun and rubber bullet weapon.
  • Identify an enemy at distances up to 10m through a password. ["You have ten seconds to comply!"]
  • Sensor-activated alarm systems and closed-circuit TV cameras
It remains to be seen if the robots will be a more cost-effective alternative to humans in the long run.

If it ever gets to the point where both sides are using robots, the Koreans might as well put the hardware away and settle their differences through video game simulations of robot armies fighting over accurately-modeled terrain. If one side could easily overpower the other in the simulated war, why bother to conduct a real one? Game over, man--and without spilling an ocean of blood.
  ‘Airport Security’ Critiques Current Screening Process  
Posted 2006-09-19 by Tony Walsh
Ian Bogost's game studio Persuasive Games has developed the newsgame Airport Security, intended to critique today's over-the-top screening process. Readers of Clickable Culture may recall my whimsical proposal "Airport Screening Is A Badly Designed Game," intended to improve modern screening processes through game-play. I've since greatly improved and refined the concept for a presentation earlier this month on the topic of Productive Play. Bogost's Airport Security will probably make a great addition to the topic next time I present it--even though it's unrelated in intent, the game at least rolls play, productivity, and airport screening together. And now, off to play it!
  ‘Second Life’ Operational Problems Spike  
Posted 2006-09-19 by Tony Walsh
September seems to have marked a low point in the history of Second Life security and stability. A database for the virtual world was breached on September 6, 2006, , exposing personal information of over 600,000 Second Life virtual world residents. The following weeks saw region performance issues, packet-loss problems, service interruptions during a live software patch, temporary outages, "presence" issues. Yesterday, as 3pointD points out, Second Life was downed by two separate global attacks [1,2]. A source in-world at the time tells me that the first attack involved self-replicating spheres while the second involved self-replicating party hats.

While massive technical problems and security issues are nothing new, the frequency seems to have increased this month (one of Second Life's worst). Coincidentally, the total number of registrations for Second Life is well on its way to the predicted 1 million mark (734k signups at present). Registrants are not obligated to use legitimate identification when signing up. Could a recent spike in anonymous registrants be related to Second Life's recent stability issues? Is Second Life's infrastructure unable to scale to support its increasing population? How long can SL-maker Linden Lab--a company with fewer than 100 employees--reasonably continue to be the gods of a universe with a million free-willed registrants in its near future? With Second Life positioned as a next-generation World Wide Web, I can't help but think that beauty of the Web is that each site is a self-contained entity within a greater ecology. It's probably impossible to destroy "The Web" in a single attack. Wish I could say the same for Second Life.
  ‘Second Life’ Security Breached:  User Data at Risk  
Posted 2006-09-11 by Tony Walsh
On September 6, 2006, a database was breached containing customer information of over 600,000 Second Life virtual world users. While the breach was reportedly repaired promptly by Second Life maker Linden Lab, the company did not inform customers of the incident until September 8, 2006. A detailed email was sent to all users by Linden Lab explaining that customer data was potentially exposed, including "unencrypted names and addresses, and the encrypted passwords and encrypted payment information of all Second Life users. Unencrypted credit card information, which is stored on a separate database, was not compromised." The encryption was described as "difficult to defeat" but not unbreakable.

This isn't the first of Second Life's security problems, but it's sure to be the most serious. The virtual world, as with most services relying on the internet, has been subjected to denial of service attacks [1,2,3,4,5], socially-engineered attacks [1,2,3], and exploits of various kinds [1]. Linden Lab has promised repeatedly to turn over offenders to the authorities (such as the FBI) [1,2,3], but I've never heard of anyone charged.

Continue reading: ‘Second Life’ Security Breached:  User Data at Risk
  Who Really Owns Your ‘Second Life’?  
Posted 2006-06-29 by Tony Walsh
As with most services, usage of the virtual world of Second Life is governed by a Terms of Service agreement (also known as a "Terms of Use" agreement). Second Life's maker and maintainer, Linden Lab makes periodic changes to its Terms. In 2003, it allowed users to retain ownership rights for content created in Second Life, a move that is arguably responsible for the virtual world's steady growth.

Somewhere along the line (recently, I suspect), a clause was added to Linden Lab's Terms asserting the company's ownership over user accounts:
"3.3 Linden Lab retains ownership of the account and related data, regardless of intellectual property rights you may have in content you create or otherwise own. You agree that even though you may retain certain copyright or other intellectual property rights with respect to Content you create while using the Service, you do not own the account you use to access the Service, nor do you own any data Linden Lab stores on Linden Lab servers (including without limitation any data representing or embodying any or all of your Content)."

Continue reading: Who Really Owns Your ‘Second Life’?
  Bell Sympatico Bends Over  
Posted 2006-06-29 by Tony Walsh
The Canadian Press (via the Globe) reports that Bell Sympatico, one of Canada's largest ISPs, plans to monitor the internet usage of its customers to comply with any governmental request. Canadian law prof Michael Geist "said Bell's new customer service agreement shows that Canadian telecommunications companies are already preparing to comply with new on-line surveillance legislation...Geist fears police will be able to demand customer information from Internet providers without having to make a case before a judge, opening the door wide to an abuse of civil rights."

This concerns me, not only for the simple reason that I am already a reluctant Sympatico customer, but that Bell is a media giant in Canada. As such, it has potential access to an extremely wide range of data. If Sympatico bends over today, which of its services might be next to monitor its customers? Bell Globemedia has ownership interests in private national broadcaster CTV (which in turn has interests in 17 specialty channels), national daily newspaper The Globe and Mail, and investments in Maple Leaf Sports and Entertainment (Toronto Maple Leafs, Toronto Raptors and the Air Canada Centre).
[ Detailed Search ]
Clickable Conversation
on 4159 entries

Dinozoiks wrote:
Wow! Thanks for that Tony. Just posted a bunch of other tips here... Hope it helps someone... Dino...
in Dino Burbidge's '10 Things To Remember When Designing For Kids Online'

yes, many of the free little games are crappy. but as an artist who has recently published free content on the itunes app store,…
in Free iPhone Games Are Awful: Strategy?

I vote for popup radial menus. Highlight a bit of text, the push and hold, Sims-style radial menu pops up with Copy, Paste, etc....
in More iPhone Gestures, Please

Hey Tony! A client of mine is looking to hire an internal Flash game dev team to build at a really cool Flash CCG…
in Dipping Into Toronto's Flash Pool

Yeah, there's a lot of weird common sense things I've noticed they've just omitted from the design. No idea why though....
in More iPhone Gestures, Please

It also bears noting there's no mechanism right now for a developer to offer a free trial for the iPhone; the App Store isn't…
in Free iPhone Games Are Awful: Strategy?

@GeorgeR: It's on my shopping list :) I've heard good things about it as well. And Cro Mag Rally. @andrhia: meh, I don't know…
in Free iPhone Games Are Awful: Strategy? get what you pay for, you know? I actually bought Trism based on early buzz, and it's truly a novel mechanic. I've been…
in Free iPhone Games Are Awful: Strategy?

The only one I've heard good things about is Super Monkey Ball. Have you given that a whirl yet?...
in Free iPhone Games Are Awful: Strategy?

Advance warning: this frivolent comment is NOT RELATED or even worth your time ... But whenever i hear "Collada", i think of that SCTV…
in Electric Sheep Builds Its Own Flock

Clickable Culture Feeds:

RSS 2.0 ATOM 1.0 ALL



Clickable Culture
Copyright (c)1999-2007 in whole or in part Tony Walsh.

Trademarks and copyrights on this page are owned by their respective owners. Comments owned by the Poster. Shop as usual, and avoid panic buying.