llGiveMoney and August Hack Continues

A good Friend of mine Whirligig Rutabaga was one of the people who's password and access to Second Life was hijacked in August of 2006, since that time, she has had a number of transfers from her account for $500 L each time.

We know that this person who stole her account signed on as her, and from what we can tell has created an object in world with llGiveMoney script contained with in it. He/She must have given the object permission to take money and then left in in world.

We we also know is this object hits repeatedly and rapidly at increments of 500L at a time until the account is starts getting insufficient funds messages.

Most recently this perp who has been using multiple accounts to receive money, and hit her again a couple of days ago.

Once again Whirligig went to live help and was told as she was told in August to file an Abuse report, and also contact the Second Life Support desk, this is exactly what she was told in August, the outcome of that investigation, was "Sorry, there is nothing that can be done to help you". Further the person on the second life support phones lines was abusive and did not believe this could happen in Second Life.

Bull, this is exactly the kind of stupidity we have come to expect from the support group at Linden Labs. And it alarming that

1) Linden Labs is unwilling or unable to find an object which contains the llGiveMoney tag in world and delete it

2) That Linden Labs can not transfer inventory from her account which was hacked to a new account

3) llGiveMoney is even permitted to operate with an unlimited time frame, where it can go on and on to steal money from its owner

4) That Linden Labs will not help to alleviate this problem with bad transaction scripting

What recourse do you suggest we take? Should she take legal action against Linden Labs
I know of other people who have been swindled because of the breach in security in August, will you stand up with her?

The latest attack came from Carlton Fargis (who by the way has yet to be banned from SL), but will do no good since he will undoubtedly come back as another alt and steal money again.

AND BEFORE YOU TELL ME TO FILE an AR, she has, and BEFORE YOU TELL me to CONTACT SUPPORT, she has, the problem is Linden Labs

DO SOMETHING NOW!

thanks

Tails

aye cmon LL she is a paying customer i mean cmon what happened to customer service

Sounds like a serious issue to me, yes please Linden Labs do something to correct this problem

To someone paying for LL, this is ridiculous. Admittedly, 500L doesn't seem like a lot but when taken over such a period as September to now, it certainly adds up. LL has TERRIBLE support and has got to do something about this. LL, if any of you are reading this, I urge you to make this your priority and solve it before your reputation for customer service becomes any worse than it is.

To Whirli-Wish you the best of luck in figuring this out. I'll do everything I can.

Get this fixed LL please, ffs what you playing at, 10 minute job!

I am sure none of SL residents would like to be on whirligig rutabaga's place and yet it can happen to anyone of us. Linden Labs do something please, security should be the highest priority.

Is shows exactly what LL is good for... nothing. All they wanna do is collect our monthly payments. They could if they wanted to...

1 ban his pc ip address from creatin accounts

2 let you change your password

3 delete the object

We need to all go to our local press and the proper authorities and shed light on this. LL wont give two sh#ts till someone is breathin down thier neck bout it. Dont just sit here, make some phone calls. Thank you

We have all heard info in the press about the legal problems that need to be addressed in the virtual world. Well Linden Labs here is a great case for you to start with. This is theft pure and simple. Your lack of security allowed the breach, your lack of action now is continuing to facilitate ongoing acts of theft. You are, if not legally , morally obliged to protect the residents of SL from crimes commited against them. To allow this givemoney object to remain in world, and to allow the thief to continue to reside within SL encourages others with a criminal bent to commit crimes. If you don't act crime will increase and flourish within SL.

in LL.

This is very disconcerting. Transactions should be filed with as much details as possible for just this reason, so an audit can validate the source or make corrective transactions.

I've had to do just this sort of thing on an aging inventory system; manually find a bogus transaction and repair it and the history tables so they match. It isn't fun, but a typical chore for a database monkey. Hey, I'm classified as old. Why can't these young hot shots fix this?

Wow, I personally know this AV that has been hacked. It makes me wonder if i should continue spending in SL. I have spent about $150 us currency in the last week alone mostly tipping to support in world live music.

If I hear many more stories like this it may make me reconsider do i want to spend the estimated several thousand us dollars a year that it looks like I will spend on this game.

Lindens. I really enjoy second life. Please address this issue fast. It makes me nervous and this is your bread and butter talking here. Thank you in advance for your attention to this matter.

It's disturbing to learn that a serious problem stemming from the original security breach last August has yet to be resolved, but I’m even more dismayed by the shoulder shrug response from LL: "Sorry, there is nothing that can be done to help you."

It appears LL is waiting for affected residents to use adverse publicity as a last resort to give the “llGiveMoney” script and related security issues the focus they deserve. Perhaps one way to gain more attention is with the investigative journalists at The Avastar --http://www.the-avastar.com -- who are on the lookout for a good story and may be willing to undertake a thorough examination of the matter and publicize their findings to a wider audience.

After Reading All This, I Can Honestly Say, "Spinden Labs"

After The Security Breach And Subsequent Password Changes This Is Obviously STILL Happening. This Only Begs The Question "Exactly What Information WAS Stolen From Your Database And Have You Admitted The Entire Truth Of The Matter?" If, As I Know To Be The Case, Whirligig DID Alter Her Password As Instructed, How Is Someone Able To STILL Sign On Her Account? This Alone Is A Worrying Issue And A Criminal Act Both In SL And RL. If There Is A Box Somewhere With The llGiveMoney Script With Her Name On It Somewhere In SL, WHY Isnt It Being Monitored? You HAVE The Ability And You HAVE Been Given The Information, SINCE August...
I DEMAND !FULL! Reperations For Whirligig ASAP, A Suitable APOLOGY To Her For Causing No End Of Unwanted STRESS And PARANOIA And For Treating Her With "Customer Service" More Suitable For A Long Term Griefer (Hardly Warranted Since She Is A Premier Customer With A Substantial Tier).
And Why Stop There? Go On And Hunt Down The Person Or Persons Doing This To Her, Find The Box With The llGiveMoney Script That is Doing It For Them, And Open A SERIOUS Investigation Into How Many Residents This Is Actually Happening To And More Importantly HOW?
Better Yet, Create An Alternate Account For Whirligig And Transfer Her ENTIRE Inventory, Friends List And Land And Permissions To It, Make It One That Is SECURE And BEYOND HACKING, After All, Isnt That What 4 Million Residents THINK They Have Already?

This Is A TOTAL Thumbs Down "Spinden Labs", Why On Earth Have I Spent Over $3000 Real Money On All This Latent Idiocy

P.S. Let Me Know What They Say Please Whirly, Im Behind You 100%.
P.P.S To Anyone That Knows Whirly, Post Your Outrage Below...

If the Linden is our currency and there is only one bank in SL, we should be able to have blind faith in it... so Lindens pony up and take care of this issue please.

You have to be LOUDER

Email anyone you can think of at LL, repetedly. Start with Philip, Robin and Ginsu and go from there (its [email]lindenfirstname@lindenlab.com[/email])

Take it to the media, ie Reuters, The Metaverse Messenger, Second Citizen, anyone and eveyone who has a readership.

You know all those news stories about SL? Most of them you can leave a response. Leave yours!

Let anyone and everyone who has any interest in SL know. You will be heard and they will fix it.

To summarize: Don't take this sitting down, get on your soapbox and YELL. The squeeky wheel DOES get the grease.

The option to change password is already there.

I think what needs to happen though is that a password change should automatically reset permissions such as debit, or the options should at least be there in the password change page.

I agree although it would be quite the headache to implement due to vendors and whatnot. Inconvenience is far better than having your money stolen though. Might be better to just abandon the account that's affected and start over.

Linden labs does not CARE about this? You know I really chastised myself for criticizing them in the past merely on heresay and what I read on these boards, but everytime I hear of a case like this it makes me wonder if they REALLY do care for the individual or just for the greenbacks.

Really LL...idiots like this alt who is stealing from Whirl should not be allowed to keep this up. You're telling me there's NOTHING to be done to trace this? I mean okay, you've got zillions of people online and I guess you can't please everyone, but this is theft!

THEFT!

You disgust me LL...SL is a great place and all you do is let unlimited accounts online, unverified, NOTHING...they get on scott free. THEY GET OFF SCOTT FREE! We've got zillions of troublemakers, spammers, griefers lagging us down, screwing sims, and just slowing the whole thing down. Unverified users who are probably underage and you're not verifying their ages. You prohibit PAYING users from using their land when the grid is too loaded with these people, probably 90% unverified. And when you refuse to verify people, thieves like this scum that stole from Whirl come out of the woodwork.

AND then when a paying customer, who buys Lindens is being ripped off...you totally blow her off? Again, I think all you care about is the greenbacks, not the people who are lining your pockets.

HONESTLY LL, get your ducks in a row! DISGUSTING!

Unless your vendors are giving refunds, it wouldn't be a problem. PERMISSION_DEBIT is only used when money needs to be taken from your account, not paid to you.

It would cause some hastle for casino owners.....oh wait, they'll all be out of business anyway

Whether it's auto or manual though, security work needs doing.

Lindens, please do something about this issue. This is something we shouldn't have to worry about. Something you should see taken care of.

"Linden Lab has very limited control, if any, over the quality, safety, morality, legality, truthfulness or accuracy of various aspects of the Service."

"Regardless of terminology used, Linden Dollars represent a limited license right governed solely under the terms of this Agreement, and are not redeemable for any sum of money or monetary value from Linden Lab at any time. You agree that Linden Lab has the absolute right to manage, regulate, control, modify and/or eliminate such Currency as it sees fit in its sole discretion, in any general or specific case, and that Linden Lab will have no liability to you based on its exercise of such right."

"ii) impersonate any person or entity without their consent, including, but not limited to, a Linden Lab employee, or falsely state or otherwise misrepresent your affiliation with a person or entity;"

"ix) attempt to gain access to any other user's Account or password; "

"5.1 You release Linden Lab from your claims relating to other users of Second Life. Linden Lab has the right but not the obligation to resolve disputes between users of Second Life."

"and (d) you hereby release Linden Lab (and Linden Lab's shareholders, partners, affiliates, directors, officers, subsidiaries, employees, agents, suppliers, licensees, distributors) from claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with Linden Lab's resolution of disputes relating to the Service."

"YOU ACKNOWLEDGE THAT, NOTWITHSTANDING ANY COPYRIGHT OR OTHER RIGHTS YOU MAY HAVE WITH RESPECT TO ITEMS YOU CREATE USING THE SERVICE, AND NOTWITHSTANDING ANY VALUE ATTRIBUTED TO SUCH CONTENT OR OTHER DATA BY YOU OR ANY THIRD PARTY, LINDEN LAB DOES NOT PROVIDE OR GUARANTEE, AND EXPRESSLY DISCLAIMS (SUBJECT TO ANY UNDERLYING INTELLECTUAL PROPERTY RIGHTS IN THE CONTENT), ANY VALUE, CASH OR OTHERWISE, ATTRIBUTED TO ANY DATA RESIDING ON LINDEN LAB'S SERVERS."

"LINDEN LAB PROVIDES THE SERVICE, THE LINDEN SOFTWARE, YOUR ACCOUNT AND ALL OTHER SERVICES STRICTLY ON AN "AS IS" BASIS, PROVIDED AT YOUR OWN RISK, AND HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES OR CONDITIONS OF ANY KIND, WRITTEN OR ORAL, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF TITLE, NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."

Without limiting the foregoing, Linden Lab does not ensure continuous, error-free, secure or virus-free operation of the Service, the Linden Software or your Account, and you understand that you shall not be entitled to refunds for fees based on Linden Lab's failure to provide any of the foregoing other than as explicitly provided in this Agreement.

"IN NO EVENT SHALL LINDEN LAB OR ANY OF ITS SHAREHOLDERS, PARTNERS, AFFILIATES, DIRECTORS, OFFICERS, SUBSIDIARIES, EMPLOYEES, AGENTS, SUPPLIERS, LICENSEES OR DISTRIBUTORS BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION ANY DAMAGES FOR LOST PROFITS, ARISING (WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE) OUT OF OR IN CONNECTION WITH THE SERVICE (INCLUDING ITS MODIFICATION OR TERMINATION), THE LINDEN SOFTWARE, YOUR ACCOUNT (INCLUDING ITS TERMINATION OR SUSPENSION) OR THIS AGREEMENT, WHETHER OR NOT LINDEN LAB MAY HAVE BEEN ADVISED THAT ANY SUCH DAMAGES MIGHT OR COULD OCCUR AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. IN ADDITION, IN NO EVENT WILL LINDEN LAB'S CUMULATIVE LIABILITY TO YOU FOR DIRECT DAMAGES OF ANY KIND OR NATURE EXCEED FIFTY DOLLARS (U.S. $50.00)."

"Linden Lab does not guarantee the security of any of your private transmissions against unauthorized or unlawful interception or access by third parties."

"Any dispute or claim arising out of or in connection with this Agreement or the performance, breach or termination thereof, shall be finally settled by binding arbitration in San Francisco, California under the Rules of Arbitration of the International Chamber of Commerce by three arbitrators appointed in accordance with said rules."

"Notwithstanding anything else in this Agreement, no default, delay or failure to perform on the part of Linden Lab shall be considered a breach of this Agreement if such default, delay or failure to perform is shown to be due to causes beyond the reasonable control of Linden Lab."


for anyone who doesn't want to wade through all legal jargon like i did, i can sum it all up in a nutshell:

we agreed that linden labs isn't responsible or culpable for anything bad that happens to us in second life at the very moment we ticked the "i agree" box when we 1st joined

so, if we are here, we are already screwed? *sad face*

*bump*

By now you have to believe that your account has been seriously compromised and that LL will do nothing to help you. Unless you have some greater reason to keep your current account, I would close my account and start a new one with a different avatar.

You know, as much as it isn't exactly in their "terms" to help Whirligig (who is one of my greatest friends on SL), I still think it's a bunch of bullcrap. Why the hell didn't this problem get solved, why the hell did I have to reset my password if it didn't do any godsdamn good? Why am I shelling out my money to you guys, if you Lindens won't be responsible about things like this?
This is a great problem. Not a little thing that can be blown off. Eventually many, many more will be affected. If you continue to let this go unchecked, you're going to have little more than a pocketful of thieves. And I won't be in a community that allows it.
My days as a SL member are numbered if this keeps up, I just hope you Lindens know that.

Telling 'The Lindens' Anything in this forum is pointless. They don't read it.