Security Issues

I have been browsing the threads for most of the morning and I was reading with great interest the man vs women thread. Along about page 4 or 5 I saw posts from Lindal Kidd and Desmond Shang that summed up the issue pretty clearly. I didn't want to read all 40+ pages.

To my question:

Is there any know security issues with Second Life? Other than the usual, not sharing passwords or personal information?

Spar

I think the problem with sl is insecurity actually

Pep (Doesn't suffer from stress, but is a carrier)

No place is ever 100% secure.

If a place was 100% secure, it either wouldn't exist or no one would be able to log in.

That said, if I knew of a security issue, I sure as heck wouldn't post it here. I'd open a JIRA and let the world know about it that way

1. I understand it's possible to obtain an avatar's IP address, especially if you access a parcel's media stream, or open an avatar's website via their profile. However, that's a low risk...your IP is, of necessity, available. Someone who knows it could determine your general geographic location.

2. Don't give objects or avatars permission to debit your account, unless you know what you are doing. A legitimate use of this function would be, for example, a rental box or vendor that you rez. It must have this permission in order to give refunds.

3. Don't enable "Remember my password" on the SL login screen. Enter it manually, every time. If you are even more security conscious, don't check "remember me" on other websites, or give Windows permission to remember passwords.

4. Password protect your computer. The most common "security leak" is due to leaving your machine accessible by family members. And their friends. And anyone else who happens to be in your house...party guests, workmen, salesmen, you name it.

...oh, and the Geek says you should disable the Windows "Remote Desktop" thingie.

5. Lock the door to the room with your computer in

6. Disconnect the monitor cable

7. Don't pay your ISP's bills

8. Wipe your hard disk

Pep (Depends how paranoid you are)

Or the identity of your family members or alts, by cross-referencing them. Since SL otherwise acts as a firewall between residents this may be of some concern for you.

You may also want to exercise care in what links you follow from objects in-world, for the same reason.

Most important:

0. Keep an ear to the ground for security updates in Second Life, Quicktime, your computer's operating system, and whatever web browser you use alongside Second Life is. Sites like Versiontracker may be useful in this context.

9. Consider putting Pep and that silly string of numbers back on Ingnore...

Top, top, top security issue is the 'classic con' game. You think that you have a cool friend, but, turns out it's not.

I don't speak of it much, but a few residents I know over the years have had to resort to law enforcement to deal with trouble over the internet, and in particular, Second Life. The point is: Second Life was just the medium. It could have been any chatroom or any other venue - the venue doesn't matter much.

The #1 security leak of private information is... yourself. Knowing this is the best way to maintain security. Ever seen that 'security question' that says: "What's your pet's name?" Odds are, most people that blog have mentioned their pet's name. Dumb, dumb, dumb security question.

Also - forget about your SL password, that's important but it's your *email* password that is critical. Guess what happens if someone presses 'reset password' here. Also, once they get your primary email *all* your accounts are at risk. And just imagine what someone could do in the SL Land Store with your credit card data on file with the Company. Let's hope you are watching your email if that happens, and don't find out a month later.

First thing to do is maintain social vigilance, then worry about the tech stuff. Even casual friends can do far more harm than they realise. I've been fairly lax about my security among my many trusted friends online - but even that backfired. I was prank-called. Had I taken the prank call, it might have been funny - but instead, my kids were deeply terrorised and scared on a dark night.

Oooh - is Ingnore your private island love nest then?

Pep (Can I get back to you after the holiday with an answer?)

10. Stay out of Mumbai.

What's with the sudden flurry of ridiculous questions about security concerns over SL? Someone can steal my IP? Someone can read my IMs? And now this.

Is there some kind of crazy FUD campaign against SL going on or something?

How do you know they're ridiculous? Have you ever heard of stalking?

If by "ridiculous" you mean "I don't have this issue" -- fine.

Well, perhaps I just personally find them ridiculous because the same "fears" apply to every other service on the entire internet and the answers to the questions are straight up obvious.

Sorry for my outburst...

You're right.

The answers are always pretty much the same, but things happen, people get frightened, and they ask.

Elanthius: the point is that they *don't* apply to SL if you take a few basic precautions, and some of us rather approve of that fact and don't want to see SL pulled down into the Intersewer in the name of "HTML on a prim".

Actually my concern was prompted by all the other security questions I read.

No conspiracy here, I am completely transparent.

Spar

As is any good quality varnish.

If you follow those two rules (make sure email address is part of that 'personal information') and stick with either the LL viewer or a well known third party open GL viewer, you are as safe as you can be on the internet. The rules you mentioned and your own computer/network/firewall setup are the critical pieces to any online security.