Showing posts with label ATMs. Show all posts
Showing posts with label ATMs. Show all posts

Sunday, July 27, 2008

ATM Exploit issues being dealt with

As of July 25th, a security flaw was uncovered in regards to the operation of ATM's in-world, with all of the exchanges as well as a few other ATM operators working to address these issues.
View details here: http://jira.secondlife.com/browse/SVC-2693
Cocky Dagger of ISE took down all of his ATM's and is getting set up to handle all transactions directly using a new avatar. So anyone desiring to make any type of deposit or withdraw with ISE needs to contact him directly. Meanwhile IntLibber Brautigan of ACE is working with their IT VP Hamncheese Omlet to deal with these issues by setting up server side systems to double check the validity of all ATM transactions. Apez and SLX's ATM's apparently already have these checking systems in place and thus should be safe. VSTEX has posted in their forums that they have implemented increased security measures but have not revealed what those are and have not reactivated their ATM's yet.
No word has been heard as of yet regarding how SLCAPEX is handling this situation (or at least not that I've seen). However when trying to visit the SLCAPEX ATM at their headquarters, it appears that they are no longer there, as a club now sits at their landmark for the SL Capital Exchange??? If anyone knows what happened to SLCAPEX, please let me know so that we can make such information publicly available.

Sunday, May 4, 2008

ACE releases security risk info as a warning:

On Friday Intlibber Brautigan announced on the ACE Ancapistan website that a sercurity risk had been discovered that could allow those with specialised knowledge to recover the ATM scripts in bytecode format and transform them back into LSL scripting when ATMs were taken over parcel or sim borders.
Mr Brautigan informed Soft Linden of this vulnerability. However this breach was not unknown in fact it had been reported as much as a couple of months ago, Linden lab did not see fit to inform the residents. A patch was sent out about 4 weeks ago, but, because it was kept so quiet there may be many who didn't know of this and they may need to update their scripts.
Mr Brautigan also tried to inform SLeXchange of the possible threat with little response at the time, since then this message has appeared on the SLX forum:
"I just wanted to post here to reassure you all that there is no reason to worry; there is no security breach. Your account information, your items, and your L$ and USD are safe.
SL Exchange has been a viable and reliable service functioning securely with and within Second Life for almost four years. Shortly after first launching the site it became obvious that LSL scripts should not be "trusted" to A) work correctly or B) be secure. It is for that reason that the bulk of our security as well as nearly all of our logic / intelligence resides on our own servers. Furthermore, these routines have been specifically engineered and fine-tuned over the years so that problems with Second Life such as technical failures, security exploits, or whatever else, will have the least effect possible to SL Exchange."

Hopefully with the patch in place and very few people actually able to take advantage of this hole not too much damage has/will be done.
Its good to see some warning others of the possible threat though - maybe there is hope for human nature out there in our little world of SL.
Subscribe to: Posts (Atom)