TechSoup.org The place for nonprofits, charities, and libraries

Does anyone out there visit Second Life?

Does anyone out there visit Second Life?

  • Hi Jeska,

    I'm guessing from your post that you are a Linden Labs employee? - Thanks so much for providing input at this time - it must be difficult to respond to a breach of this sort.

    The main concern I have for any TechSoupers who ventured into Second Life, and from reading the concerns of others expressed on the growing number of blog posts devoted to this breach, relates to what LL isn't saying...

    Ie - We know, or at least it's reported and you thankfully have confirmed that no unencrypted credit-card information was stolen - we also know (and you confirm) that it's difficult to break encryption but hardly an onerous task for someone with a bit of time and computing power on their hands... Yet LL will not confirm that encrypted credit card information was also not stolen along with people's names, addresses and contacts details, dates of birth and other personal information.

    Are you able to confirm that NO personally identifiable financial data was stolen, encrypted or otherwise? - Today we are seeing reports of SL users Pay-Pal accounts being allegedly accessed by Russian IP's following this breach. IMO Linden Labs needs to be very open and honest about exactly what was potentially exploited by this breach so everyone can protect themselves from identity and financial theft.

    Cheers, Don
  • Sorry, I should've been clear, yes I do work for Linden Lab and have tried to encourage the movement of more nonprofits into Second Life. In-world I'm better known as Jeska Linden :)

    We have been very transparent about this issue, including answering many, many questions from Residents in our forums and on our blog, about the recent security issue.

    One of the questions asked us to clarify how we store credit card information. I've copied the answer to a question about which information was stored on our DB, answered by our director of operations Ian.


    "The complate answer is that we have two records for your credit card - a hashed version in the customer database and a plaintext version on a seperate billing server. The hashed version is used only for uniqueness checking - collisions are possible but if that affects someone we can resolve that through customer service.

    The billing server where the plaintext card number lives has a one-way interface: card numbers go in, but they don't come out. Actual billing events go through it. This system wasn't attacked. We'll post more about this later, but our goal is to move more customer data into this sort of restricted data store to avoid this sort of thing in the future.

    You're right about the cracking - it's certainly possible. However, customer data doesn't appear to be this hacker's actual target, and given how easy it is to get lists of credit card numbers complete with security codes (which we don't store) and even social security numbers, I'm not sure why anyone would bother. That said, it's a weakness and we plan to remove the hashed versions from the customer database."


    I hope that helps to answer your question, please feel free to explore the forums and blog for much more information.
  • Hi Jeska - am I correct in using this as your real name? mine is Don by the way

    Thanks again for the response but unfortunately no, this really doesn't address the expressed concerns.

    Firstly the listed resources are not world-readable without a logon (and I'm sure you appreciate how many people probably feel very cautious about providing secure logon credentials to a Linden Labs site at the moment, meaning the information you have referenced is closed to them).

    Secondly, the main question remains unanswered... "Were any credit card details (encrypted or otherwise) accessed and/or exposed to criminal access by this security breach?"

    That a director of your company assumes the attackers target was elsewhere; that he regards the theft of credit card details as being something criminals would not bother about (I guess he doesn't read the papers!!); that he considers it "easy" to get a list of people's credit card numbers complete with security codes (I certainly hope he has advised your local authorities of where he freely accesses this particular information!!!)... None of this negates the importance of this issue to people who feel threatened by a potential exposure of private information brought about by what would appear to be less than best security practice. With respect I think your 'director' might consider displaying a little more empathy with these very real concerns.

    Rgds, Don
  • Nonprofits curious about Second Life should check out TechSoup's new article Change the World by Working in a Virtual One, in which three nonprofits working in Second Life discuss how they came to Second Life, what the virtual world has done for their organization, and how other nonprofits can get involved.

    A must-read for anyone who is interested in exploring the virtual world but doesn't understand how their nonprofits can benefit from it!

    Questions or comments about the article? Share them here.
    senior editor, TechSoup
  • Susan and Beth, nice article on non-profits in SL! I think it helps non-SL folks to see these real world profiles of how non-profit organizers are using virtual worlds to help fulfill their organizations' missions.

    The practical stuff is the most helpful: how much time it takes to get started, to really build something, to hold a successful event, and how much it is likely to cost. The range in the articles was from like $20 to "the mid five figures." That pretty much includes everybody.

    Rik Panganiban

    Community Manager, Nonprofit Commons in Second Life

    Twitter: @npsl

  • Hi

    I'm a researcher doing a small scale sociological study into second life and am trying to find people who would be willing to complete a questionnaire and/or participate in an unstructured interview in the near future. Anyone interested please reply to this here or drop me a line at

    spl4ajh@leeds.ac.uk

    cheers

    AJ Hill (DrugiZane something)
  • I recommend that you post this one to the TechSoup-Second Life Google discussion group, for maximum exposure

    Susan Tenby, Parernships, Online Community and Social Media Director, Caravan Studios, a division of TechSoup.org.

  • Yes; I enjoy playing SL. SL name: Davidhoff Achterbahn. Is there a techsoup group online now?
  • TechSoup has had a group in SL for nearly a year now. Just log in and search for groups, TechSoup.org or under the places tab, search for TechSoup. We meet every Friday from 8:30-9:30 am PST.

    See you there!

    Susan Tenby, Parernships, Online Community and Social Media Director, Caravan Studios, a division of TechSoup.org.

  • I just recently joined Second Life and can see some real possibilities. I can barely walk and fly right now...

    2nd Life name: Rog Cleanslate
  • I am the founder of an alternative high school for dropouts 16-19 years of age. My tech coordinator and I are exploringthe possibilit of opening a school/store/ entrtainment complex. We want our students to see the possibilities in technology and to simulate business as well. We need some assit and volunteers. Could Techsoup assist us? I have also purchased products for our nonprofit from Techsoup. I joined SL. I could purchase land.

    Ida Byrd-Hill
  • Hi Ida,

    I suggest that you start by attending one of the TechSoup meetings in SL. They occur every Friday from 8:30-9:30 am PST/SLT. We could bounce a few ideas off of you there. To find the TechSoup space, just search the places tab for TechSoup and teleport there.

    See you in-world,

    Susan/Glitteractica Cookie in SL.

    Susan Tenby, Parernships, Online Community and Social Media Director, Caravan Studios, a division of TechSoup.org.

  • Hey folks,

    The Nonprofits and Second Life blog and wiki has been live now - and is a great resource on this topic.

    blog
    Wiki
  • i just joined second life a few days ago but i don't really no what to do there.
  • I'm Creech Antwerp on SL.

    http://www.dogstar.org 
    NonProfit Technology Consulting