Land Auction Abuse
|
Yumi Murakami
DoIt!AttachTheEarOfACat!
Join date: 27 Sep 2005
Posts: 6,860
|
05-02-2006 05:55
From: Shaun Altman WHY must it appear in the list? Why must YOU have access to a deal for a deal to be on the table? If I want to sell my car to someone, am I required to ask YOU if you'd like to buy it first? WHY is it such a leap of faith to assume that an offer is on the table when you ask a Linden and are told that it is? If LL intended to give these people a special preferential deal on sims, why would it have banned them now?
|
Blakar Ogre
Registered User
Join date: 18 Mar 2006
Posts: 209
|
05-02-2006 05:56
From: Land Arizona In faact, in their auction bidding process page they talk about winning bids in the $50 range.
That's again another excuse which will get you a few laughs in court. You can see people win legal auctions in that range daily. You seem to forget they sell more than just full sims in the auctions. I do think LL should seek the best and most friendly solution in all of this but I also hope those involved realise they have no real legal grounds. It is in your best intrest to sit back and look at how you can get out of this in the best way possible. If you think court is an option go to a lawyer. I'm not a lawyer but I've experience in IT security and legal matters related to IT security and I would seriously advise against going to court. Your chances at getting money out of this are near to none, you'll just end up paying your lawyer gaining nothing in return.
|
Yumi Murakami
DoIt!AttachTheEarOfACat!
Join date: 27 Sep 2005
Posts: 6,860
|
05-02-2006 05:57
From: Shaun Altman But it WAS publihed on the website, and available to the entire world. It's not as if they hacked into a server or something. All the buyer (aparently) had to do was enter the correct URL to access that perticular page. The fact that this page wasn't linked to on another page doesn't hold a lot of water. The page was there and not protected in any way. It was a public page, published on the web site. The end.
In most computer security terms that is considered a form of hacking. There are several shareware programs you can download the registered version of by guessing a complex hidden URL. Yes, that's insecure. Fortunately, the law doesn't put the responsibility on you to protect yourself; that's just a bonus for extra security.
|
Kazanture Aleixandre
Here I am.
Join date: 5 Oct 2005
Posts: 524
|
05-02-2006 06:02
From: Land Arizona It seemed to me that when I contacted them and they didn't object, and spoke to others that had learned this alternate auction process, that Linden had decided to level the playing field and let general market conditions take over the price of land.
I bid $450.00 and got it for 300. If you had been there, and anshe, etc., as was starting to happen, the price would have equalized somewhere and continued to rise. The first in, just like t he first in the game, generallly get an economic benefit. It's just like that in the real world. I buy a property in a market thath's not yet discoverd, I generally make more than the guy who buys it later.
And the ability to do this was not only publicly available to everybody, but Linden directs you to the map for blue squares, and some of them are listed on the web page, some could be bid by starting the auction, and others could not be bid at all. Apparently, somone at linden made selective choices about what they were going to allow to be bid, how and when.
And there's the subsequent posting on the closed auction page. Come on, I've seen these go through for weeks before contacting them and then deciding to figure out how their alternate auction process worked. If they had said, hey, it's not meant to be that way, ok., but they didn't. In faact, in their auction bidding process page they talk about winning bids in the $50 range.
And lastly, if it's true that it's not a linden set up to experiment with us, and they made an honest mistake, then they shoud have contacted those involved and discussed it rather than just freezing everybody all of a sudden and pretending they didn't know* this was happening. Same rules should apply to everybody.
I mean look at Anshe, no offense intended Anshe, but she / he buys sims, doens't pay or claim them anywhere within the guidelines, and continues to be allowed to function. Gimchi at this point in time for example....
Marc Woebegone Just go to court, you will understand what i mean. It is a total robbery. This is an internet crime, a product(sims) which is not ready to be auctioned( "Where are the auctions located? The auctions are located at the Second Life Auction House. "  is stolen using an illegal parameter to a script (using auction id as a parameter to the web site)<- HACKING . This is an internet crime, ask them: http://www.ic3.gov/ , http://www.usdoj.gov/criminal/cybercrime They will tell you.
|
Sensual Casanova
Spoiled Brat
Join date: 28 Feb 2004
Posts: 4,807
|
05-02-2006 07:01
From: Land Arizona This is Marc Woebegone. I've done nothing but buy by the regular auction method. I contacted Linden about this before bidding on one, and there was no objection. In my biding I went up to $300., and entered $450. I may have even paid more.
I love how you keep saying you contacted a Linden before bidding, which only proves you KNEW this wasn't normal or likely and you knew something was wrong, therefore you took advantage and exploited a bug..
|
The Spork
Nobody
Join date: 8 Feb 2006
Posts: 100
|
05-02-2006 07:07
Hi Willow!  Greets to all the ALTs! So let's see... (/me takes notes) Steal land from other people.. OK! Steal money from other people... OK! Rape the newbies for all you can... OK! Buy land that someone NAMED LINDEN marked wrong... NO! BAD! GOTO JAIL! I think I understand now... (/me stops taking notes) It's obvious that this would happen. When you steal a newbies land, The Lindens already made their money off it. So no harm, no foul. When you buy (I saw exploit so you talked to Lee didn't you?) land on the cheap from the Lindens, THEY HAVE MADE THEIR MONEY YET.  You can not possibly expect to get away with this. They will burn you in their Hell for this! Did you at least get your $1 back?
_____________________
Thank You For Playing!
The Spork
|
Jon Rolland
Registered User
Join date: 3 Oct 2005
Posts: 705
|
05-02-2006 07:19
From: Sensual Casanova I love how you keep saying you contacted a Linden before bidding, which only proves you KNEW this wasn't normal or likely and you knew something was wrong, therefore you took advantage and exploited a bug.. Actually if he contacted a Linden and was told it was allowed I'd say he was in the right. While I agree by all appearances sims for $1 is obviously not LL's intent, if he ASKED a Linden and was TOLD he was ok to proceed I would say he was ok to proceed. If a Linden said he was fine without knowledge that's the fault of the Linden not him.
|
Sensual Casanova
Spoiled Brat
Join date: 28 Feb 2004
Posts: 4,807
|
05-02-2006 07:23
From: Jon Rolland Actually if he contacted a Linden and was told it was allowed I'd say he was in the right. While I agree by all appearances sims for $1 is obviously not LL's intent, if he ASKED a Linden and was TOLD he was ok to proceed I would say he was ok to proceed. If a Linden said he was fine without knowledge that's the fault of the Linden not him. Do you really think he told the Lindens he was purchasing entire regions for $1, and they said it was ok? PLLLLLLLLLLLEASE!
|
Theodore Polonsky
Registered User
Join date: 1 Oct 2005
Posts: 57
|
05-02-2006 07:36
From: Yumi Murakami This is quite clearly an exploit.
The only way in which you are "supposed" to access a website is by accessing an approved landing page via a link which the provider has given to you, or to a search engine, and then following links included in those pages.
Gaining any benefit by manually creating URLs - especially to active scripts - is a documented form of hacking attack, and a clear exploit. I have to disagree with you here. There are many valid uses for creating URLs manually, and so just the use of manual URLs cannot be de-facto proof of a hack. This may have been an exploit, but using manual URLs doesn't prove that it is. Just my $0.02.
|
Jon Rolland
Registered User
Join date: 3 Oct 2005
Posts: 705
|
05-02-2006 07:40
From: Sensual Casanova Do you really think he told the Lindens he was purchasing entire regions for $1, and they said it was ok? PLLLLLLLLLLLEASE! I never said if I believed it or not nor is it relevant.
|
Kelly Nordberg
Registered User
Join date: 12 Mar 2006
Posts: 116
|
05-02-2006 08:11
Didn't a bunch of Harvard applicants got dropped after they followed an unsecured html link someone else found to access their application result early? Was that last year?
This sounds very much like the situation we have here.
Someone being stupid, doesn't make robbing them right.
|
Theodore Polonsky
Registered User
Join date: 1 Oct 2005
Posts: 57
|
The question on manual URLs
05-02-2006 08:29
If the URLs are of a format like: http://example.com/somePublicApplication?id=323456and the IDs are published in another source, you will be hard pressed to say that you took measures to keep people from accessing IDs that you didn't want them to. In fact, as someone who has been using the web since ... well, since shortly after there was a web, I would consider that a very useful *feature*, not an exploit. In this case, I think there is other evidence to show that they were gaming the system, and taking advantage of the fact that if you DID visit an auction page that wasn't active you could bid anyway, which IS a bug, and using it for personal gain IS an exploit, hence, bannination. I just want to make sure to stand up for manual URLs and how they really are a good thing, and can be part of a useful system. For example: http://example.sl.com/profile?resident=TheodorePolonskyYou don't need a form, or a big list of residents...the URL *is* the search box. And that can be very powerful. What, am I up to $0.07 now?
|
Karsten Rutledge
Linux User
Join date: 8 Feb 2005
Posts: 841
|
05-02-2006 10:26
From: Shaun Altman But you've qualified all of this by saying essentially that it's just your opinion, and that you have no clue if what you're saying has any connection to reality whatsoever. You don't know, and you didn't even talk to whomever you indicate MAY know. In spite of this, you're willing to post a derrogatory comment indicating that I'M trying to put some kind of spin on the facts? That's some nerve!  All I'm doing here is asking questions, and trying to figure out what the facts are. I'd just like to hear from someone who can share some facts regarding this matter, so that I can better understand what's occured and avoid rendering too many useless opinions.  I still think that I'd want the sims if it were me who won though. LL would have probably needed to delete my account to shut me up too.  Here's some facts for you then: If you type an auction ID into the URL that does not appear on the auction page. YOU CAN NOT BID. That's a fact, and was before they fixed this hole too. The only thing I wasn't sure of is exactly how they got around that, but I suspect it was by hooking a live auction as I said. So either way, they had to directly exploit something to actually make the bid, it's not just a matter of entering a different auction ID. I'm sorry if you think that my having some facts while you're taking the word of the exploiter constitutes 'some nerve.'
|
Blakar Ogre
Registered User
Join date: 18 Mar 2006
Posts: 209
|
05-02-2006 10:31
From: Karsten Rutledge Here's some facts for you then:
If you type an auction ID into the URL that does not appear on the auction page. YOU CAN NOT BID. That's a fact, and was before they fixed this hole too. The only thing I wasn't sure of is exactly how they got around that, but I suspect it was by hooking a live auction as I said. You can't be sure about that. By their own admission they have already said it did not work for all the auctions they tried so unless you tried enough before it was fixed you are not sure whether they just needed to alter the URL or not. Given the way they try to defend themselfs I suspect it was using changes to the URL. If they did indeed use crafted forms or the likes that would worsen their case a lot.
|
Static Sprocket
Registered User
Join date: 10 Feb 2006
Posts: 157
|
05-02-2006 10:49
From: Kelly Nordberg Didn't a bunch of Harvard applicants got dropped after they followed an unsecured html link someone else found to access their application result early? Was that last year? Correct. Over the last few years I've seen court cases such as these come and go on Slashdot and other online news forums. I've never made made specific note of the cases, but from what I do remember the common thread was that if you manually alter a URL to access a part of a website that was not meant to be readily accessable to you, then it can be considered a crime. Readily accessible was usually defined as something along the lines of "being able to access the page by clicking through the site's navigation structure or by entering data provided by the site's owner into forms provided by the the site." Thus your not innocent if a 3rd party provides a deep link into a website. I am quite certain, if someone found out a way to modify the "Buy Now" link on say Amazon.com to purchase one or more $1000 USD items fof $1 USD, that person shared that information with others and then Amazon.com found out -- they would decend upon that individual with a furry that would some could compare with "the wraith of god." On the flipside, I do not agree with Linden Lab's handling of this particular situation. I would have preferred if when they found the problem, that they shutdown the auction system -- and where possible back tracked all the auctions won this way and reversed the sails. Refunded the original purchaser the auction amount, and if the land had changed hands, reverse those transactions as well. The only problem of course being, if Account A bought it for $1 USD, resold it for $300 USD, and had already cashed that out through the Lindex. Not knowing the extent of the breach (number of auctions sold like this) it's hard to evaluate or recommend a best course of action that would treat everyone involved fairly.
|
nimrod Yaffle
Cavemen are people too...
Join date: 15 Nov 2004
Posts: 3,146
|
05-02-2006 11:10
From: Static Sprocket
I am quite certain, if someone found out a way to modify the "Buy Now" link on say Amazon.com to purchase one or more $1000 USD items fof $1 USD, that person shared that information with others and then Amazon.com found out -- they would decend upon that individual with a furry that would some could compare with "the wraith of god."
On the flipside, I do not agree with Linden Lab's handling of this particular situation. I would have preferred if when they found the problem, that they shutdown the auction system -- and where possible back tracked all the auctions won this way and reversed the sails. Refunded the original purchaser the auction amount, and if the land had changed hands, reverse those transactions as well. The only problem of course being, if Account A bought it for $1 USD, resold it for $300 USD, and had already cashed that out through the Lindex. Not knowing the extent of the breach (number of auctions sold like this) it's hard to evaluate or recommend a best course of action that would treat everyone involved fairly.
Don't hate the furries.  Also, what if the person tiered up just to be able to hold the land? Would they refund that? What if they still had some extra land above their tier because they though they would be able to keep the land they got from Mez/Thunder?
_____________________
"People can cry much easier than they can change." -James Baldwin
|
Travis Lambert
White dog, red collar
Join date: 3 Jun 2004
Posts: 2,819
|
05-02-2006 11:17
AFAIK, this exploit has been around for quite some time. Reading this thread makes everything suddenly make sense.
Here's my little story:
Around January of 2005, there was a large mall next to the Shelter. I was on good terms with the mall owner, and let him know that if he ever wanted to sell his property, to let me know.
For reasons unknown, around February of 2005 the owner of the property disappeared from SL, and all of his land reverted to Governor Linden ownership.
I waited patiently for 2 months for it to be marked for auction - after several calls to LL, and a few hotline/land management posts - the land finally turned purple in April of '05. But it didn't show up on the auction page.... I was told the land would appear "soon", and just to keep an eye on it.
For a week I watched that auction page like a hawk, waiting for it to show up. A week later, I logged into SL, and found that this property had been sold at auction already! WTF!
I went to the auction history page, and sure enough - there it was. Sold for US $0.03. Three Cents! There was only one bidder. Additionally, I saw two other large parcels on the auction history for $0.02 and $0.01 that sold to the same individual. These parcels never appeared in the public auctions for the week I was watching.
I contacted LL on the issue at the time, and they pretty much washed their hands of it. Since it was now owned by a resident (regardless of how it was claimed), they were unwilling to interviene.
My goal here was to get this parcel - not neccesarily punishing the person who somehow figured out how to get around the auction system. So instead of continuing to futiley pressure LL, I calmly went to the individual who bought it, who agreed to sell it to me below what was market value at the time, but higher than what I should have fairly paid at auction. I got the land I wanted - case closed - and hadn't thought anything more about it until I saw this thread today.
Possibly this individual found a completely different 'hack' into the auction system. But it sure seems very similar to me.
_____________________
------------------ The ShelterThe Shelter is a non-profit recreation center for new residents, and supporters of new residents. Our goal is to provide a positive & supportive social environment for those looking for one in our overwhelming world.
|
Yumi Murakami
DoIt!AttachTheEarOfACat!
Join date: 27 Sep 2005
Posts: 6,860
|
05-02-2006 11:27
From: Static Sprocket On the flipside, I do not agree with Linden Lab's handling of this particular situation. I would have preferred if when they found the problem, that they shutdown the auction system -- and where possible back tracked all the auctions won this way and reversed the sails. Refunded the original purchaser the auction amount, and if the land had changed hands, reverse those transactions as well. The only problem of course being, if Account A bought it for $1 USD, resold it for $300 USD, and had already cashed that out through the Lindex. Not knowing the extent of the breach (number of auctions sold like this) it's hard to evaluate or recommend a best course of action that would treat everyone involved fairly.
By reselling it, they have shown they were aware that they weren't paying market price for it in the first place. Thus, they should be charged the standard purchase price.
|
Dana Bergson
Registered User
Join date: 14 Oct 2005
Posts: 561
|
05-02-2006 11:50
Let's be reasonable, please. I can perfectly understand the reactions of some of my fellow residents in the land business, who somehow profited from this exploit. It is only human to try and defend your actions - even to yourself and especially if you profit from them. But these "auctions" did not follow the rules the Lindens set up for land auctions, so LL is perfectly within their rights to "cancel and roll back". And please stop the nitpicking about the interpretation of some sentences on the auctions pages. Land auctions have allways been (and are clearly intended to be) public auctions. Everything that is relevant to the preceedings is described clearly on the web page. Every resident with a clean record can take part in them. There are no hidden clues or puzzles to solve. That is what the Lindens intend to do with the auctions - because it guarantees the highest prices.  A software error has lead to a situation, where one could use the system to start a kind of bidding in a closed circle of people; probably only one at first and then some others, who heard about the exploit. That's not a public auction anymore.
|
Aamelron Meyer
Registered User
Join date: 22 Apr 2006
Posts: 3
|
05-02-2006 15:49
From: Kazanture Aleixandre Just go to court, you will understand what i mean. It is a total robbery. This is an internet crime, a product(sims) which is not ready to be auctioned( "Where are the auctions located? The auctions are located at the Second Life Auction House. "  is stolen using an illegal parameter to a script (using auction id as a parameter to the web site)<- HACKING . This is an internet crime, ask them: http://www.ic3.gov/ , http://www.usdoj.gov/criminal/cybercrime They will tell you. Not getting on sides because I don't know the game that well, and because 90% of you think I am just a alt (but in truth im much worse...a newb who doesn't really know what hes talking about) However your point that "  "Where are the auctions located? The auctions are located at the Second Life Auction House. "  came from a FAQ. That is different then legal text....A FAQ isn't definite and binding in legal terms....I will give you a example in SWG the FAQ (old one) said you can make money "doing missions, selling items, or killing creatures and looting them" That is just a broad definition thats just meant to answer a frequently asked question...However you could also make money in this game by Dancing at parties, fixing someones appearance,ect, ect. The faq isn't ment to be the "the final answer" its just a guide for frequently asked questions...So it saying "you find them in the auction house" can just be one of the solutions to the issue. However if you find in user agreement where it says "all land purchases from linden must come through the auction house" then I will bow and submit. Now, do I think what the person did is right? I have no clue, I don't know all the details. I just know that because a FAQ doesn't include a option makes that option wrong.
|
nimrod Yaffle
Cavemen are people too...
Join date: 15 Nov 2004
Posts: 3,146
|
05-02-2006 15:52
From: Yumi Murakami By reselling it, they have shown they were aware that they weren't paying market price for it in the first place. Thus, they should be charged the standard purchase price. Mez told my friend that he needed to get rid of it quicky so he sold it for $3/m for mature.
_____________________
"People can cry much easier than they can change." -James Baldwin
|
Kazanture Aleixandre
Here I am.
Join date: 5 Oct 2005
Posts: 524
|
05-02-2006 16:00
From: nimrod Yaffle Mez told my friend that he needed to get rid of it quicky so he sold it for $3/m for mature. Why to get rid of it quickly? Oh, maybe it was a STOLEN item?  LL, please go to a court and share the decissions of the court with us, so in the future noone can try to take advantage of bugs to steal.
|
Anshe Chung
Business Girl
Join date: 22 Mar 2004
Posts: 1,615
|
05-02-2006 16:53
From: Dana Bergson Let's be reasonable, please. I can perfectly understand the reactions of some of my fellow residents in the land business, who somehow profited from this exploit. It is only human to try and defend your actions - even to yourself and especially if you profit from them. But these "auctions" did not follow the rules the Lindens set up for land auctions, so LL is perfectly within their rights to "cancel and roll back". And please stop the nitpicking about the interpretation of some sentences on the auctions pages. Land auctions have allways been (and are clearly intended to be) public auctions. Everything that is relevant to the preceedings is described clearly on the web page. Every resident with a clean record can take part in them. There are no hidden clues or puzzles to solve. That is what the Lindens intend to do with the auctions - because it guarantees the highest prices.  A software error has lead to a situation, where one could use the system to start a kind of bidding in a closed circle of people; probably only one at first and then some others, who heard about the exploit. That's not a public auction anymore. Very well said, Dana 
_____________________
ANSHECHUNG.COM: Buy land - Sell land - Rent land - Sell sim - Rent store - Earn L$ - Buy L$ - Sell L$ SLEXCHANGE.COM: Come join us on Second Life's most popular website for shopping addicts. Click, buy and smile 
|
Tyr Sartre
Stipend Breeder
Join date: 27 Sep 2005
Posts: 76
|
05-02-2006 17:08
I really don't see any room for argument here. Above the bid box on every auction page it states what the bid is From: SL Auction Page Place a Bid:
Current Bid: US$ 1000.00
I saw one of the auctions up on the auction page with a bid of $O, I didn't keep track of it because I didn't have the money to pay for it and figured it was some sort of glitch, but since this is clearly stated above the bid box on all public auctions, it clearly means the bid must be at least US$1000.00. Since there were several bids on some of these auctions and each knew to bid under US$1000.00, they knew something wasn't right and was attempting to exploit the system. As has been quoted, they entered a binding contract and are now responsible to pay.....as it shows, the current bid US$1000.00 or back out of the deal and pay the amount for backing out of an auction, plus reimbursing anyone that bought land from them. Of course since the auctions should have never taken place, LL has every right to back out of the deal and take any actions necissary to recover funds
|
Jackson Callisto
Registered User
Join date: 3 Mar 2006
Posts: 46
|
05-03-2006 06:58
Ok gonna take a shot in the dark i could be way off cause i never even looked at auctioned land and there just to many post to read each word for word but from what i have read it seems like this.
That all land that is either up on the auction block or will be on the auction block within the days to come are purple on the map. This being cause once the land is consider for auction it is asigned an ID #. which im taking is the only thing that seperates each URL from each other is there asigned ID#. which im also assuming is an automatic prosses.
No im not sure how it is determan the order they are set to be placed apon the Auction block for bidden.whether its there is so many that can be on the block at one time and once one is sold the system ques up another, or if there assigned days to when they will spefically start. And when that ID# is ready to begin auction on the system automaticly displays it and automaticly tags it with 1000$ USD min bid once it goes through the system and all things are set i persume it now becomes public and the public can begin bidden.
Now from reading what happen it seems these people went to the lands probably did explore got the ID# and realized it wasnt for auction yet. so instead of waiting for it to become a public auction they manually typed in the ID# in the spot found the land they wanted forced started the bid. Now since im gatherin the system style is mostly just an automatic prosses. The system wasnt told what its next action should be so the lands in question never seen the light of public nor was the min bid of 1000$ USD placed on it. The only thing the system did manage to do is get triggered to start the count down to how many days left for the land to be placed on auction and i also assume that the system is programed to automaticly close one the alotted time expires and thats what it did.
What these people did was instead of going through the proper and what LL clearly states is the proccedure that is needed to be followed. They instead went around all the steps and manually decided to override them.
Basicly they cut out the middle man and used that to there advange to get these land at the prices of $1
No since LL doesnt state that you can infact do such a thing it was not LL who was in the wrong or LL mistake it was your own fault for tryin to go around the system
For the one who said they gonna sue sl you would lose and here why. The land auction is consider a PUBLIC auction and it is designed to allow anyone within the public veiw it and bid on it using the proccedures and method of doing so in place. You took those those methods manipulated them and gave yourself and unfair advange over the public to gain win on them. And yes using the system to give yourself an unfair advange is enough for the case to be dismissed or ruled in favor of LL
|