Warnings

Second Life Notes

by

I am suddenly swamped with RL things to do. So, not much time for a post. However, a couple of notes… WARNING: Flashlight Apps Word is going around about a flashlight apps on smart phones. Seems the ten most downloaded flashlight apps are all spyware. A company named Snoopwall has published a report on these … Read more

Second Life Money Hack

by

Iris Ophelia wrote an article appearing on New World Notes: A Second Life Public Service Announcement: Here’s Why Free L$ Cheats Don’t Work. It is a nice clean explanation of one of the ongoing YouTube scams, not by YouTube, but on YouTube. I see these everyday as I scan my aggregator for news of what … Read more

Second Life BCU Phishing Exploit

by

There are numerous exploits used in Second Life™. YouTube has a series of videos titled ‘What is Scond Life?’ or ‘This is Second Life.’ And links to download the program. Some of the videos are obvious crap and others are pretty good and look enticing. I suspect those are plays on the current popularity of VR and HMD as they are recent.

Lost Eden 2014
Lost Eden 2014

Many of these lead to pirate download links. I am betting the viewer one gets is a basic password/account stealer.

Today I see the United Content Creators of SL has issued a warning in Second Life™ about BCU.exe. I think this is also known as the Browser Configuration Utility. If so, it has been around since 2010 in a couple of forms and most anti-virus software is aware of it. But, run from inside the viewer, which you have given permissions to, it can circumvent your anti-virus software. 

Read more

Second Life Voice Offline

by

There is an announcement up that Second Life’s ™ voice system will be offline for maintenance June 24th (Tuesday) from 12AM PDT. There is no ETA for its return. See the Grid Status page: [Posted 3:24 AM PDT, 23 June 2014]  Our voice provider will be undergoing scheduled maintenance on Tuesday, June 24th beginning at 12:00 … Read more

Second Life and HeartBleed

by

The media is trying for ratings. To get them, they over hype things. I am also convinced that journalist become journalist because they cannot do math or understand science, which to some degree means technology. So, they have little understanding of HeartBleed, what it does, how it does it, or what it means.

HeartBleed
HeartBleed

To put things in some perspective check out: Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?

The quick explanation of HeartBleed is that it is an exploit run on SERVERS that use the OpenSSL code and only certain versions of it. Anti-virus and anti-malware software cannot fix or protect you from such a problem.

So, if someone is selling protection, they are selling into the hype-generated fear. They are opportunists, which is not necessarily a bad thing. But, if they are providing software for your computer they are only providing some people peace of mind. You can get peace of mind for free from understanding the reality.

Cloudflare’s explanation is what I’ll call medium level technical. It is readable and I think SL users will probably understand it. But, the TL;DR is:

The exploit in the server code will allow a hacker to trick the server into sending them the code they need to decrypt HTTPS encrypted network packets. When you browser talks to a bank or other server using OpenSSL the network packets traveling back and forth are encrypted. To date no one has been able to break that encryption. So, your conversation is secure. 

Read more