Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: 'Second Life' suffers real-world breach

'Second Life' suffers real-world breach

From: InfoSec News <alerts_at_infosecnews.org>
Date: Mon, 11 Sep 2006 03:23:50 -0500 (CDT)

http://news.zdnet.com/2100-1009_22-6114046.html

Reuters
Published on ZDNet News
September 10, 2006

"Second Life," the fast-growing online site where hundreds of thousands
of people play out fantasy lives online, has suffered a computer
security breach that exposed the real-world personal data of its users.

Linden Lab, the San Francisco-based company behind the "Second Life"
site, said in a letter to its 650,000 users this weekend that its
customer database, including names, addresses, passwords and some credit
card data, had been compromised.

All users--or residents in "Second Life" parlance--are being required to
request a new password. Some 286,000 residents have used the site in the
past 60 days, according to a count on the home page.

"While we realize this is an inconvenience for residents, we believe
it's the safest course of action," Cory Ondrejka, the chief technology
officer of Linden Lab, said in the message to "Second Life" customers
released late on Friday.

"Second Life" is a three-dimensional software world on the Web inhabited
by animated characters that users design for themselves to interact with
other participants. Users buy and sell virtual land and build businesses
with currency called "Linden Dollars," which can be exchanged for real
currency.

Blurring the line between a multiplayer game and an online business, the
popularity of the site has spurred Fortune 500 corporations such as
Coca-Cola and Wells Fargo, along with architects, authors and musicians
to erect virtual outposts of their organizations or personas.

Retailer American Apparel has created a business to sell clothing for
the "Second Life" avatars users create to represent themselves inside
the online world. Musicians such as Duran Duran and Suzanne Vega have
held concerts inside "Second Life."

The database breach potentially exposed customer data including the
unencrypted names and addresses, and the encrypted passwords and
encrypted payment information of all "Second Life" users, Linden Lab
said in the message to users. Unencrypted credit card information, which
is stored on a separate database, was not compromised, it said.

The breach was discovered on Wednesday. The company launched an
investigation that revealed an intruder was able to access the "Second
Life" databases utilizing a "Zero-Day Exploit" through commercial
software used on "Second Life" servers.

"Due to the nature of the attack, the company cannot determine which
individual data were exposed," Linden Lab's statement said. A technical
probe is ongoing, it said.

The company said it will announced additional security plans on its
blog.

Story Copyright 2006 Reuters Limited. All rights reserved.

_________________________________
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/
Received on Sep 11 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]