Second Life Forums Archive - Second Life: Your home is under attack, guys. Support it instead of screaming...

cinda Hoodoo

my 2cents worth

Join date: 30 Dec 2004

Posts: 951

09-09-2006 13:52

From: Foolish Frost

Wellm to be fair, we did not know what it looked like from the inside.

For all we know, it took until today for all of the puzzle pieces to be put together, when a final "CRAPCRAPCRAP THEY GOT ACTUAL CREDIT CARD DATA CRAPCRAPCRAP" and then posted immediatly. Sometime, what seems obvious in hindsight is harder to catch at the time.

I'm not saying it's true, I'm saying WE DON'T KNOW.

Of course, if they fully knew and DECIDED to not release the information that CC data had been comprimised for two or more days...

Well... Just get me a pitchform and a torch too and let's get this over with.

It was probably more like CRAP CRAP CRAP now we have to tell them...honestly the internet has a hard time getting ppl to trust enuff to even use credit cards online, i do all of the time, and personally i have never had a credit card problem on the net, once at a pizza place phone in credit card situation i did tho..So now i use cash or checks to buy over the phone. A point mentioned was this is cutting edge technology, well taking credit cards and keeping personal info is NOT. I do feel strongly that we did need to know about this prior to the time they told us about it. If any cards were hashed out of encryption, the banks that have to cover any losses on them sure the heck will come after LL, and that could be VERY bad for their financial bottom line.

Margot Abattoir

Senior Member

Join date: 15 Jul 2004

Posts: 234

Just happy my CC wasn't tapped..

09-09-2006 14:23

I AM REALLY A PAUPER OF ZERO NET WORTH AND IT IS NOT WORTH THE TIME OF A NOBLE AND GREAT AND GENIUS HACKER TO EVEN TRY TO RUIN MY CREDIT OR BREAK INTO MY CHECKING ACCOUNT. HONEST!!!

Seriously, I am worried. But think that the company has its wits about it at times when ITS welfare is on the line

And although not officially sitting at their Cali boiler room digs this weekend, they're probably multitasking as we type. I suppose being feverishly hard at work, while at the same time, biting one's nails to the quick IS multitasking.

Joshua Nightshade

Registered dragon

Join date: 12 Oct 2004

Posts: 1,337

09-09-2006 14:23

From: Todd David

it was the Hackers to blame for the breach in security.
but it was LL's resoncibility to watch for it.
by their own accounts, it happened on the 5th, they discovered it on the 6th, but Waited untill the 8th to do something about it.
That's where they Failed in their responsibilities to Us, the customers.
they should have pulled the plug the minute they found the intrusion.
they could have put up a small web server and posted a notice of the reasons and let the 3rd-party forums handle the discusions, like they planned on anyway.
waiting 2-3 days to do something about the problem is bordering on Incompetence!

IMHO heads Should roll over this, sombody(s) screwed up Bigtime.
FWIW I believe LL's actions to reset the passwords was correct. they just needed to have done it Sooner.

resoncibility, teehee. ::gigglesmadly.::

_____________________

Visit in-world:
http://tinyurl.com/2zy63d

http://shop.onrez.com/Joshua_Nightshade
http://joshuameadows.com/

Hiro Queso

503less

Join date: 23 Feb 2005

Posts: 2,753

09-09-2006 14:33

From: Jesrad Seraph

I'm curious as to how many people where affected beyond having to change password ?

I've had no fraudulent charges to my card, but I do believe that the name of my card issuer, along with my address and phone number, were all leaked. Of course, I can't be 100% certain that it has come as a result of this, but it is the first time I have ever received a scam email containing my full address, and it arrived in the inbox of the registered email of the avatar that has the CC in question verified against it (a card I haven't used for quite some time).

Yumi Murakami

DoIt!AttachTheEarOfACat!

Join date: 27 Sep 2005

Posts: 6,860

09-09-2006 15:50

From: Apotheus Silverman

In response to Moopf's original comments about the security situation, there are stringent standards that the Payment Card Industry (a collaboration between various credit card companies) has created. For medium-to-large companies, they require that those standards are largely met otherwise the companies can lose their ability to continue processing credit cards altogether.

I think it is likely that this incident will trigger an audit for LL. I am willing to bet that this does cause them to change their overall perspective on security. We would all be much better off for it.

I did actually check the Visa page regarding this. One of the aspects is that it specifies that data should not be accessible without need-to-know business reasons.

I think it would be difficult to say why the blog/wiki software "needed to know" payment information.

Yiffy Yaffle

Purple SpiritWolf Mystic

Join date: 22 Oct 2004

Posts: 2,802

09-09-2006 16:16

I agree with foolish frost. This is a difficult time for EVERYONE even the lindens. While we might not like what they did, i do understand they had to do some fast thinking before it was too late. Think about it this way. If they didn't wipe the passwords, and they did get hacked, the hacker obvously has all of our old passwords and can log into all of our accounts. Some people are just that careless not to change their passwords.

Linden Lab didn't want to be held responsable for the loss of your money or items so they did what was best in their opinion. I am out about 5 accounts which i cannot revalidate, but they are just garbage alts so i'm not worried about them. I am however worried about those whoes MAIN accounts are now disabled do to this. All i can do is wish you luck. But think on the bright side. Atleast you didn't get hacked!

Do any of you know what people can do when they have your password? It's more serous then you might think. First of all they can get you into a lot of trouble by using you as a griefer, they'l steal as much as they can get, take your money, even leave you in a PG sim naked, if they choose to allow you back in at all! And possibly more...

_____________________

YouTube channel -+- Website -+- RezzedNet Profile

Moopf Murray

Moopfmerising

Join date: 7 Jan 2004

Posts: 2,448

09-09-2006 16:17

From: Apotheus Silverman

In response to Moopf's original comments about the security situation, there are stringent standards that the Payment Card Industry (a collaboration between various credit card companies) has created. For medium-to-large companies, they require that those standards are largely met otherwise the companies can lose their ability to continue processing credit cards altogether.

I think it is likely that this incident will trigger an audit for LL. I am willing to bet that this does cause them to change their overall perspective on security. We would all be much better off for it.

Yes, I'm fully aware of this. I'm hopeful that such an investigation will happen, however it might be a moot point if LL adhere to the line that no credit card information was accessible, a point I'm still not sure about due to the contradictions contained in Linden posts on the subject and something that may stall any investigation.

Unfortuantely these programs are there to encourage the consumer, rather than to be of particular punitive benefit in my experience when lapses of security happen. On paper they're harsh, in reality they tend not to be, other than expensive for merchants to adhere to (interestingly however I've never seen any of the applicable seals for the programs I presume you're referring to displayed on the LL website).

However an external audit, under any circumstances, would most certainly be welcome at this point to renew trust.

_____________________

Bobby Troughton

distracted

Join date: 4 Nov 2005

Posts: 20

09-09-2006 16:20

I still bank and fly though banks get robbed and airplanes crash. It does make me hope for more better security, and I do see LL working for that. Shit happens, it's not going to make me hide in a hole though. Certainately I have to be more cautious and wary of things though.

What would be worse is if LL did nothing when they found out. But they did do something. And people still don't like them for it anyway. Then people are hopping mad they can't immediately log back into something they think is so insecure and dangerous to be in.

Humans is silly with their impatience.

Second Life: Your home is under attack, guys. Support it instead of screaming...
cinda Hoodoo my 2cents worth Join date: 30 Dec 2004 Posts: 951	09-09-2006 13:52 From: Foolish Frost Wellm to be fair, we did not know what it looked like from the inside. For all we know, it took until today for all of the puzzle pieces to be put together, when a final "CRAPCRAPCRAP THEY GOT ACTUAL CREDIT CARD DATA CRAPCRAPCRAP" and then posted immediatly. Sometime, what seems obvious in hindsight is harder to catch at the time. I'm not saying it's true, I'm saying WE DON'T KNOW. Of course, if they fully knew and DECIDED to not release the information that CC data had been comprimised for two or more days... Well... Just get me a pitchform and a torch too and let's get this over with. It was probably more like CRAP CRAP CRAP now we have to tell them...honestly the internet has a hard time getting ppl to trust enuff to even use credit cards online, i do all of the time, and personally i have never had a credit card problem on the net, once at a pizza place phone in credit card situation i did tho..So now i use cash or checks to buy over the phone. A point mentioned was this is cutting edge technology, well taking credit cards and keeping personal info is NOT. I do feel strongly that we did need to know about this prior to the time they told us about it. If any cards were hashed out of encryption, the banks that have to cover any losses on them sure the heck will come after LL, and that could be VERY bad for their financial bottom line.
Margot Abattoir Senior Member Join date: 15 Jul 2004 Posts: 234	Just happy my CC wasn't tapped.. 09-09-2006 14:23 I AM REALLY A PAUPER OF ZERO NET WORTH AND IT IS NOT WORTH THE TIME OF A NOBLE AND GREAT AND GENIUS HACKER TO EVEN TRY TO RUIN MY CREDIT OR BREAK INTO MY CHECKING ACCOUNT. HONEST!!! Seriously, I am worried. But think that the company has its wits about it at times when ITS welfare is on the line And although not officially sitting at their Cali boiler room digs this weekend, they're probably multitasking as we type. I suppose being feverishly hard at work, while at the same time, biting one's nails to the quick IS multitasking.
Joshua Nightshade Registered dragon Join date: 12 Oct 2004 Posts: 1,337	09-09-2006 14:23 From: Todd David it was the Hackers to blame for the breach in security. but it was LL's resoncibility to watch for it. by their own accounts, it happened on the 5th, they discovered it on the 6th, but Waited untill the 8th to do something about it. That's where they Failed in their responsibilities to Us, the customers. they should have pulled the plug the minute they found the intrusion. they could have put up a small web server and posted a notice of the reasons and let the 3rd-party forums handle the discusions, like they planned on anyway. waiting 2-3 days to do something about the problem is bordering on Incompetence! IMHO heads Should roll over this, sombody(s) screwed up Bigtime. FWIW I believe LL's actions to reset the passwords was correct. they just needed to have done it Sooner. resoncibility, teehee. ::gigglesmadly.:: _____________________ Visit in-world: http://tinyurl.com/2zy63d http://shop.onrez.com/Joshua_Nightshade http://joshuameadows.com/
Hiro Queso 503less Join date: 23 Feb 2005 Posts: 2,753	09-09-2006 14:33 From: Jesrad Seraph I'm curious as to how many people where affected beyond having to change password ? I've had no fraudulent charges to my card, but I do believe that the name of my card issuer, along with my address and phone number, were all leaked. Of course, I can't be 100% certain that it has come as a result of this, but it is the first time I have ever received a scam email containing my full address, and it arrived in the inbox of the registered email of the avatar that has the CC in question verified against it (a card I haven't used for quite some time).
Yumi Murakami DoIt!AttachTheEarOfACat! Join date: 27 Sep 2005 Posts: 6,860	09-09-2006 15:50 From: Apotheus Silverman In response to Moopf's original comments about the security situation, there are stringent standards that the Payment Card Industry (a collaboration between various credit card companies) has created. For medium-to-large companies, they require that those standards are largely met otherwise the companies can lose their ability to continue processing credit cards altogether. I think it is likely that this incident will trigger an audit for LL. I am willing to bet that this does cause them to change their overall perspective on security. We would all be much better off for it. I did actually check the Visa page regarding this. One of the aspects is that it specifies that data should not be accessible without need-to-know business reasons. I think it would be difficult to say why the blog/wiki software "needed to know" payment information.
Yiffy Yaffle Purple SpiritWolf Mystic Join date: 22 Oct 2004 Posts: 2,802	09-09-2006 16:16 I agree with foolish frost. This is a difficult time for EVERYONE even the lindens. While we might not like what they did, i do understand they had to do some fast thinking before it was too late. Think about it this way. If they didn't wipe the passwords, and they did get hacked, the hacker obvously has all of our old passwords and can log into all of our accounts. Some people are just that careless not to change their passwords. Linden Lab didn't want to be held responsable for the loss of your money or items so they did what was best in their opinion. I am out about 5 accounts which i cannot revalidate, but they are just garbage alts so i'm not worried about them. I am however worried about those whoes MAIN accounts are now disabled do to this. All i can do is wish you luck. But think on the bright side. Atleast you didn't get hacked! Do any of you know what people can do when they have your password? It's more serous then you might think. First of all they can get you into a lot of trouble by using you as a griefer, they'l steal as much as they can get, take your money, even leave you in a PG sim naked, if they choose to allow you back in at all! And possibly more... _____________________ YouTube channel -+- Website -+- RezzedNet Profile
Moopf Murray Moopfmerising Join date: 7 Jan 2004 Posts: 2,448	09-09-2006 16:17 From: Apotheus Silverman In response to Moopf's original comments about the security situation, there are stringent standards that the Payment Card Industry (a collaboration between various credit card companies) has created. For medium-to-large companies, they require that those standards are largely met otherwise the companies can lose their ability to continue processing credit cards altogether. I think it is likely that this incident will trigger an audit for LL. I am willing to bet that this does cause them to change their overall perspective on security. We would all be much better off for it. Yes, I'm fully aware of this. I'm hopeful that such an investigation will happen, however it might be a moot point if LL adhere to the line that no credit card information was accessible, a point I'm still not sure about due to the contradictions contained in Linden posts on the subject and something that may stall any investigation. Unfortuantely these programs are there to encourage the consumer, rather than to be of particular punitive benefit in my experience when lapses of security happen. On paper they're harsh, in reality they tend not to be, other than expensive for merchants to adhere to (interestingly however I've never seen any of the applicable seals for the programs I presume you're referring to displayed on the LL website). However an external audit, under any circumstances, would most certainly be welcome at this point to renew trust. _____________________
Bobby Troughton distracted Join date: 4 Nov 2005 Posts: 20	09-09-2006 16:20 I still bank and fly though banks get robbed and airplanes crash. It does make me hope for more better security, and I do see LL working for that. Shit happens, it's not going to make me hide in a hole though. Certainately I have to be more cautious and wary of things though. What would be worse is if LL did nothing when they found out. But they did do something. And people still don't like them for it anyway. Then people are hopping mad they can't immediately log back into something they think is so insecure and dangerous to be in. Humans is silly with their impatience.

Welcome to the Second Life Forums Archive

Second Life: Your home is under attack, guys. Support it instead of screaming...