Saturday, July 13, 2013

Relay For Life event today

Hey again, time to throw a positive note at the blog again, I really should update this more often, I would like to say the relay for life event the track walk is going on today, if your not familiar with relay for Life in secondlife please by all means stop by one of the many RFL sims you can find by searching RFL on map and come walk the track, Bixyl has covered this in the newser blog

http://slnewser.blogspot.com/2013/07/the-relay-weekend-schedule.html
http://rflofsl.intuitwebsites.com/Event-Day.html#schedule

Tuesday, April 16, 2013

CISPA to be pushed through congress soon, act now!

Hello reader, Sorry for the lack of updates but I've been following on and off a bit about some new laws that are being pushed in the name of copyright protection that far overstep what their for, I suspect that Most anyone on secondlife has Heard about SOPA, and then CISPA which got pushed hard when SOPA failed, While I stand against violation of copyrights I also stand against the stripping of rights and freedoms in the name of such with laws that do nothing to protect such things and legalise criminal behaviour we see from various online companies such as those I've Protested against in my Blog. CISPA strips away the Responsibility companies that violate privacy laws may have and allows companies to attack individuals online so long as they act in good faith, but as we know law that relies on good faith only relies on a companies claims of such regardless of how Disingenuous they may be.

Such Laws I find to be extremely destructive and cannot be allowed to pass. CISPA pretty much authorizes companies that need to secure themselves or for that matter specialize in security to carry out attacks, I would like to remind you of previous posts Redzone, Was sold as a security system meant to protect companies within secondlife, but allowed them to collect information without the users knowledge and consent, and to top it off it turned out that wasnt the core goal, but was also used to bait people into a situation where they may inadvertently reveal private information they hold such as passwords.

Redzones creator did indeed do some time in prison for his crimes but with such laws relying on good faith of companies someone doing much the same could state they were stealing passwords for the sake of shutting down accounts used in attacks, when really their carrying out such attacks for profit rather than protecting themselves, and then claim such good faith, I find CISPA would open the door to such pathetic things, but would allow criminals and felons that specialize in attacking individuals in such a way a get out of jail free card

All things considered like during the incidents during redzone companies can act on perceived threats, but however companies can create and make up their own threats.

Consider Redzone for example the system claimed to protect it's users from the copybot threat, really Its hard to prove a word of this but I feel zFire played both sides of the crime. Consider this such a scripted object in Secondlife given the intentional coding limitations of secondlifes scripting language LSL a viewer would pretty much in order to be identified as a copybot or not by a scripted object would have to be coded to have a specific response to a message it was listening for, essentially the redzone system would practically have to be messaging on a hidden channel "hi im redzone", and the viewer would have to be messaging back "Hi im copybot", or for that matter if not coded to respond would not respond at all like any regular viewer, given as such really, during the redzone incidents, this likely also made zFire redzones creator on both the supply and response side of the problem, Yes I'm saying I find it likely that zFire xue Produced a copybot viewer at some point under another name because how else can you detect such a thing with such a limited scripting language?

However this post is about CISPA and considerations regarding it, since nobody knows zFire may of been on the providing side of the problem if such a law had been in effect when he was committing his crimes, and stealing account information and passwords through his forums, in a CISPA world I find it would be easy for such felons to claim good faith and say they honestly thought they were providing security and continue their attacks, thus having no responsibility for their various crimes, but enough of the secondlife specifics... essentially a company wanting to attack another company only has to make up an attack on itself.

since CISPA is so broadly worded it allows companies to make attacks against eachother and individuals, imagine signing onto a service and getting banned by a moderator of that service, whether you deserved it, or they were ill-informed such companies behind such could likely commit a DDoS attack temporarily rendering your internet service useless, and such companies committing attacks themselves could make false claims such as we were preventing the creation of a new account, having in the past assisted in network administration at a college, where many users misbehaved and we would have to find new ways constantly of preventing such misbehaviour while keeping the network usable to the students who may be using information from any number of sources in many areas of study, I could easily see the network of falling under such an attack, worse yet with such broad language in a law which alleviates responsibility and broadens what you can do in the name of so called defence(it isn’t really defence its offence) we could broaden this quite a bit beyond how it effects you in secondlife, or how it could of effected me, consider this... a common modern problem today is DDoS attacks, oftentimes DDoS the first D standing for distributed in Denial of Service involves several systems being involved in an attack, obviously one individual isn't likely to carry out an attack alone, but collaborating exposes them, so a common problem today that bolsters such a problem is Botnets, a number of machines infected with a virus or malware looking for cues online to take various actions and to perform such actions as DDoS attacks which require multiple connections and alleviate the need for collaboration in such attacks given as such I find it conceivable that corperations may create botnets to help engage in such attacks, and the lack of responsibility would allow for various malware to be embedded in big name software, consider this youtube coming under attack from various recording companies because their users make unauthorized uploads thus making the service less usable or unusable because of a company actively participating in attacks in the name of its own security, or for that matter the college I did administration at because one student took action that was said to be perceived as an attack, or maybe my colleges connection coming under attack because someone set a custom port to be used by a torrent app to get around the firewall, the possibilities of whom may come under attack with such a measure in place are endless.

With CISPA in play I find such madness a possibility, as without CISPA a company could receive large fines and potentially be fined beyond their income, with CISPA in play there would be nothing to hold such companies back.

Consider the Business and Professions code I mentioned often during the redzone incidents. The business and professions code imposes a hefty fine for such violations like the one zFire was committing under the business and professions code a company can be fined $2500 for each individual business and professions code violation, and can be fined again for every day that violation is allowed to continue, Multiple violations results in multiple fines, if a piece of software contained a violation a company could be fined for $2500 for every system infected every day the company did not issue a patch to correct the violation. Obviously this can add up fast and can put even a large corporation on its knees in violating the privacy of potentially millions of customers and receiving fines day to day. This sometimes works as a deterrent to large companies acting much the same way zfire had.

Measures such as CISPA only serve the biggest corporate giants with the largest pools of resources at their disposal and only erode the rights of people and small business.

To me CISPA only makes everything harder for the individual and makes legal compliance one sided by applying only to them and making it harder on them than it is already hard enough and undeserved, and gives corporations a free ticket to operate with complete lawlessness and impunity stripping them of responsibility for their own actions.

By all Means I would like to encourage my readers to help join in the protest against CISPA please read from the URL below form your own opinion regarding CISPA if you haven’t yet, and help in the protest.

http://cms.fightforthefuture.org/cispa/

Saturday, December 1, 2012

Break In attempt

Sorry Long time no update,

Recently there was an attempt to compromise my google account which I was recently notified of, supposedly the attack originated from Hefei, Anhui, China (60.168.115.215) but I am investigating further at the moment I suspect the source of the attack may be a proxy server or part of a botnet, unfortunately the notice was not very detailed and did not include number of login attempts that day nor how many locations just that was the attempt that was blocked, so I dont know if my password was guessed in 1 shot or over some time. All I know is login was prevented because googles geo location service detected the login being attempted from an unusual location.

Regardless the compromise attempt while I don't update often I suspect the target may have been this blog.

To others who run a blog similar to this one I suggest updating your password to something more complex just as I have done, I tend to vary passwords between services so it's only the password for my google account that had been compromised that I know of, however unfortunately the warning about the break in attempt did not include number of failed attempts from that source or number of attacks committed in a day, so its difficult to tell if my password was compromised via a "brute force" login attempt or via spyware, either way im taking precautions against both.

Tuesday, July 31, 2012

User looking for Users who have info Compromised by VooDoo


[2012/07/30 18:33]  Cyborg Renfold: just that it would be appreciated that people who have had two or more avatars exposed show contact
[2012/07/30 18:33]  Treminari Huet: I adhere to the ToS and need a snippit that I can quote
[2012/07/30 18:34]  Treminari Huet: roger that, may I quote that?
[2012/07/30 18:34]  Cyborg Renfold: yes



Just a quick post this morning, it seems Cyborg Renfold is is looking for those who have had their personal information exposed or compromised by VooDoo, this includes Alternate Accounts, Personal information, Real life information, or anything that can be used to link any of that together with information you didn't volunteer to VooDoo. He was asking about for this information in the group "Greenzone Users" last night. While not someone I know in SL personally I thought it would be good to let my readers know he was looking in the group to get in contact with those who have had their information compromised.

If you feel any of your information has been Compromised by "VooDoo SL." "Monkey Wonder.", or any employee of them I just felt you should know that Cyborg Renfold is looking to get in contact with you regarding the exposure of your info. If you had your personal information compromised in any way by VooDoo or any of its subordinates and would like to know more please contact Cyborg Renfold.

Saturday, July 14, 2012

Relay for Life in Secondlife Going on now

http://slurl.com/secondlife/RFL%20Hero/139/85/23

Every year I relay to help in the fight against cancer from within secondlife, The relay track walk has started today if your not familiar with Relay for life in secondlife come on down and check out the event, and show your support in the fight against cancer.

The event officially runs today and tomorrow and helps to raise funds for American Cancer Society.

Saturday, June 16, 2012

What makes voodoo so special?

recently I had been looking through bixyls blog for articles on SL9B so I could get a sneak peak of whats there, I could get in early as a blogger but would rather not abuse their system of press to get in early, I decided I would wait until SL9B would open up.

I decided I would view back articles on bixyls blog as well when I came across an article on a controversy over a game called Byngo, which Linden Labs when they become involved in the controversy closed it for wagering.

http://slnewser.blogspot.com/2012/04/byngo-maybe.html
http://slnewserdesign.blogspot.com/2012/05/byngo-is-booming-again.html

Anyhow I took the voodoo issue into consideration with this and wanted to point at the gambling policy Linden Labs has against gambling:

From the current page:
----------------------

It is a violation of this policy to wager in games in the Second Life® environment operated on Linden Lab servers if such games:

   1. Rely on chance or random number generation to determine a winner,

          OR

   2. Rely on the outcome of real-life organized sporting events,

AND provide a payout in

   1. Linden Dollars (L$)

          OR

   2. Any real-world currency or thing of value.

This includes (but is not limited to), for example, Casino Games such as:

    * Baccarat
    * Blackjack
    * Craps
    * Faro

   

    * Keno
    * Pachinko
    * Pai Gow
    * Poker

   

    * Roulette
    * Sic Bo
    * Slot machines

This policy also includes sports books or sports betting, including the placing of bets on actual sporting events against a book-maker or through a betting exchange.

Linden Lab will actively enforce this policy. If we discover gambling activities that violate the policy, we will remove all related objects from the inworld environment, may suspend or terminate the accounts of residents involved without refund or payment, and may report any relevant details, including user information, to authorities and financial institutions.

----------------------
End of pages content


anyhow there is a list of games, but these games are just examples of what your not allowed to do as the statement before the list is "This includes (but is not limited to)" but oddly enough we notice some wagering games go on despite not being limited to that list, like VooDoo's sploders which get reported repeatedly but still continue to run on the grid with impudence.

many people running wagering based games such as that Byngo which was put in the link above, are forced to add an element of skill and decision making to be allowed however, what skill is needed to play a sploder such as the one by voodoo? you pay in, and hope for a bigger payout than what you payed in, its purely a game of chance, yet specifically card games where an element of skill is included such as blackjack, require much more skill and an estimating of chances to be allowed, if I was to make a blackjack table that accepts payments, the content would surely be destroyed and I would be taken off the grid, yet it is much more a game of skill than any sploder. Sploders are purely a game of chance, relying on a pay in, and a random chance of payout, they are quite comparable to slot machines. given that I would like to re-iterate on a previous incident.

I was attending an event at a place that has since gone called "park galleries of fine art" we were holding a fund-raising event for the relay in memory of a dear friend that had been lost to cancer, while attending the event someone sent everyone in the gallery an unsolicited advertisement via a notecard advertising the casino they had just opened up in the sim next door looking at whom the notecard came from, to my dismay I had spotted a casino building with 4 rooms each with "tipjars" which claimed you had a chance of being payed back double of what you payed in, in the room there were tipjars for 10L 25L 50L 100L etc each advertising the same thing. panning the camera through the casino I found in each room there were tipjars much exactly the same, I of course didnt take kindly to a charity event being spammed with ad's for illegal gambling and filed an Abuse report for wagering, towards the end of the event, a linden showed up I suspected what they were there for, and they flew then went into hidden mode where they were unviewable, I panned the camera back into the room where the illegal games were to see them removed, however the exact same game had remained present in all the other rooms and was not dealt with, it is unknown as to whether or not they were eventually removed because it was a closing event for park gallery and I never had reason to return. the games were removed because they were compared to slots in the abuse report, however many illegal games still remain on the grid, such as voodoo, and voodoo even gets away with sending out ad's and threats, really what makes them so special? Let's Speculate on that a moment!

I really feel its not about whether or not its a game of skill, many of the example games as to what is banned have a much higher element of skill than the games allowed to continue to run on the grid, I really feel the choice of whom is allowed to continue to operate wagering games more so comes down to how easily the game can be identified by law enforcement.

looking at someones SL screen seeing someone right click a floating object and it burst into particle effects even if dollar signs and what not, really isn't easily identified as gambling even if it gets posted on like a youtube video and heres why, nobody with an untrained eye who is unfamiliar with secondlife can tell whats going on or for that matter something that can be traded for real money, the linden dollars are being payed in, so to the untrained eye, it just looks like an odd goofy game. meanwhile if someone was to start putting blackjack out there, its easily identified as a game people typically play while wagering, really it seems the bigger part of enforcement on Linden Labs gambling policies is how easily law enforcement can Identify it.

for example if I was to go to a law enforcement agency and load secondlife on one of their computers, or brought a computer of mine to connect and show it off and demonstrate a complaint they would think nothing of the sploder system and think I was some crazy talking about some odd game, I would probably be in trouble for filing a false police report if I was to do such a thing just due to their lack of understanding of the game, however on the other hand, if I was to show a blackjack table, or something of the like, its likely the agency im complaining too, would see it as a typical gambling game, and would investigate to see if anything of value was being wagered as its online gambling.

the point is in short, I really feel having seen voodoo operate with impudence, while other games are shut down, its more about how easily its identified as a wagering game, than being a policy to stop illegal wagering.

Thursday, May 31, 2012

Voodoo SL Ad Targets Reveal some data is illegally collected

You may of seen in my blog that I had previously investigated voodoo for use of the media exploit.... and called the results of my personal investigation inconclusive due to finding some recursive elements in the stream, but being unable to determine whether it was the voodoo system or a stream that clubs had used in common....

if you havent yet you can read it here:
http://treminarisecondlife.blogspot.com/2012/04/voodoo-blackmails-greenzone-users.html

after having visited some locations during my investigation and doing much as I could without breaking any gambling laws myself I decided I would click one of the sploders and it asked me to visit a page on the voodoo website.... using a proxy at the time I decided it would be safe for me to visit... upon visiting I was presented with the voodoo terms of service... I read over them checking for anything you couldnt legally put in the set of terms(I remember back in the days of zfire there was plenty of this)(though the whole thing is illegal anyways as it is part of a gambling product) and of course wanting to preserve my rights wholly and fully.... I never agreed to the terms Voodoo presented closing out the terms page without hitting the agree button

Something had been bothering me since and I think I got my answer.... it was an alternate account I visited in not listed in the greenzone users group.... but what had bothered me about voodoo having a set of terms was did they collect the verification data before or after your agreement? well the other night I got my answer... the alternate account I had visited the location of the voodoo system with... and "disagreed" with the terms I had read indeed recieved something from voodoo when all my other accounts which I avoid voodoo with like the plague had gotten nothing but threats.... the alternate I was investigating on received a notecard titled "Get free L$ from voodoo and get traffic to your land"

Obviously this account is in the voodoo database despite never having agreed to the terms.... so obviously voodoo collects its data on anyone visiting the page after having clicked the sploder.... before they've even clicked the I agree button

thus then.... VooDoo certainly does violate the business and professions code... exactly as zfires redzone did.

Also this invalidates all current agreements anyone may have with the voodoo Terms of service and heres why.... they are collecting a list of users who have supposedly agreed with their terms of service.... but are also adding to that list people who havent so much as clicked the agree button... in other words their list of persons simply implies consent... without having received the consent, as they collect the data just on a visit... and not on the clicking of the agree button, they have users that never agreed mixed in with users that have agreed mixed in the database of those whom have agreed supposedly... simply put for Voodoos terms to have any legal binding they would need to record only those who agree, not everyone whom visits the terms page and closes it out without agreeing.

Anyhow Ive made the main point I was going after in this post.... but there are other smaller points I cant look away from as well.....

they offer SL users a place to dodge around gambling laws further on in the notecard which I will display here... obviously they dont know what is and isnt legal as they say its a legal place to gamble outside SL, when legality of gambling is determined both by the living location of the gambler... and the locations of the service it takes place on and the location of the money being gambled

anyhow for those of you who havent seen it the advertisement goes as follows:



Start of voodoo Notecard
----------------------------
YOU ARE RECEIVING THIS NOTECARD BECAUSE YOU ARE SUBSCRIBED TO VOODOO NEWS.
If you would like to stop receiving News from Voodoo, visit the landmark below, and click UNSUBSCRIBE.
[]Voodoo SL Mainstore :: Unsubscribe
---------------------------------------------------------------------------------------------------------
VOODOO SL ON MARKETPLACE: https://marketplace.secondlife.com/stores/40780

At some point in time you have interacted with us in order to be subscribed to our news.
We wanted to take this opportunity to remind you of the ways Voodoo can help you in Second Life, and introduce some new things on the horizon in the near future.

Come and visit []Voodoo Vice City our cool new urban themed sim.

GETTING L$
--------------
VOODOO SPLODERS: Since it's inception almost 2 years ago, the Voodoo Sploder network has never stopped growing, with more and more locations appearing on our tracker and Sploder pots increasing, now has never been a better time to follow the Sploders in your spare time to earn some L$.

Tracker: http://tracker.vudu.sl/

VOODOO RESELLER: We encourage shop owners to resell our high selling products through vendors with a high comission to the shop owner on each sale.

        Contest Board = L$199 on each sale.
        Sploders = L$100 on each sale.
        Anti-Bot = L$200 on each sale.

GETTING NOTICED
---------------------
VOODOO SPLODERS: Our sploders have a huge following, and the players are constantly monitored to ensure we have real individuals playing and not bots and multiple alts. Our Voodoo Sploder range has expanded recently to fit the theme of your location, and now we can create custom designs on request which vary in cost depending on complexity of the model.
       
        Standard Voodoo Sploder - 4 Prims
        Voodoo Club Sploder - 55 Prims
        Voodoo Mannequin Sploder - (including texture changer) 4 Prims
        Voodoo V-Engine Sploder - 5 Prims
        Voodoo Rose Sploder - 34 Prims
        Voodoo Rubik Sploder - 1 Prim
        Voodoo Gaming Sploder - 2 Prims
       
BANNER ADVERTISING: Our website http://vudu.sl has extremely high traffic from all over the world, at busy times our server logs show up to 10 web requests to the website every second. Many of these visitors are already in Second Life, and they might be interested in your SL location!

Voodoo has a creative team who can make your custom web banner to a very high standard and your specification, each banner comes in 3 different sizes to be displayed in different positions in our website randomly, we charge L$1500 per week to show your advertisment to thousands and you can use your banner on other websites or blogs.
Contact the Support Team @ []Voodoo SL :: http://vudu.sl :: Cordia for more information.
       
COMING SOON
------------------
               
CONTEST BOARD V1.2 - The long awaited update to our anti-cheat Contest Board is on its way, we are cleaning up some final bugs before its release. Some massive improvements can be expected!

VOODOO SPLODER V2.0 - The new Sploder is a few weeks from release. It is a ground breaking update, with a complete script rewrite and running with up to 4 times more free script memory and many new much needed features such as groups/fees shown on the tracker, resume and re-add players after a restart, trivia bonuses, real-time web based configuration and control, and a lot more. The Sploder goes into 2012!

VOODOOSTORM VIEWER - There is no solid release date yet and will be several months, but Voodoo will be releasing a viewer based on Firestorm with a built in Voodoo Tracker and other integrations into our systems that will be useful to the Voodoo community, such as the new upcoming Voodoo social network and Casino. The viewer will be open source and follow Linden Labs TPV Terms of Service, and we will apply to be added to the official Third Party Viewer Directory.

VOODOO CASINO - As gambling and particularly Poker is illegal in Second Life, we have created a casino outside of Second Life servers in a legal environment where you can safely and fairly play card games with your friends in a virtual environment, and we've integrated it all into our viewer! It's great fun and really feels like a night out!

--------------------------------------------------------------------------------

Voodoo Cats gifts!

Many cute kittens from Kittycats, visit our store!

Ocicats choco / Abyssinian / Siamese / Burmese / Russian / Chateau Cat / Love letters / fun flower / flower bun /
Begal / Snowshoe / detectable darling / American Shorthair/Love leopard
And much more.

Nice Furs / eyes / tails combinations.

WOW LOW PRICE  100L/ 170L/ 200L MANY CATS

Also Bidboard/raffle board/Spin the Wheel game !!!

Voodoo Cats in Voodoo Vice City: []Voodoo Cats
http://slurl.com/secondlife/Cordia/124/184/22

We are also in Apache.
http://slurl.com/secondlife/Apache%20Falls/135/103/21







THANKS!

-------------------------------
end of voodoo notecard




Anyhow first and foremost this shows that voodoo in the service of secondlife is a service that centers around gambling, and that alone I feel is more than reason enough Linden Labs should be banning Monkey Wonder with no questions asked... surely they've received enough abuse reports from people such as myself and many others that this is indeed illegal... the only reason I can think they dont is that voodoo's sploder system... isn't recognized by legal authorities as it takes place in a different format from games that are typically associated with gambling.... thus the difference in format skims under the eyes of the law and its not a truely legal system though accepted across the grid and is thus then ignored by Linden Labs... anyhow, point is that it isnt legal, it just isnt recognized and identified easily enough for law enforcement to go at it(do keep in mind despite being illegal secondlife in its earlier days was a gambling safe haven where in addition to sploders, slots and card games with wagering was common place... I really think Secondlife needs another visit from the FBI as the crackdowns seem to of let illegal wagering continue, so long as it is in a form law enforcement cant readily identify)

http://www.bbc.co.uk/blogs/outriders/2007/07/second_life_online_gambling_cr.shtml
http://news.777.com/2007-07/linden-lab-bans-gambling-in-second-life
http://downloadsquad.switched.com/2007/07/27/second-life-cracks-down-on-virtual-gambling/

while the point of this post was made before getting into the content of the notecard itself there are a couple more things within that bother me... in particular the voodoostorm viewer and voodoo casino advertised.... I really hope this is some kind of joke, but the voodoo casino part drives home that voodoo is a business based primarily on gambling, like the sploders but it goes on to say gambling is illegal in secondlife... and then goes on to name a particular game to draw attention away from that really gambling is illegal in the states its run in, its illegal to do it with the money that has been put in the secondlife system... and its illegal in the locations that many of secondlifes users reside in, while it is currently unsaid how this voodoo viewer will facilitate the gambling(its most likely based on opensim) the methods I can think of are mostly illegal given the above first off is it a seperate grid with its own transaction system and own viewer? that would be legal only if the users were of legal residence to use it.... or does it log in to secondlife grid to get an L$ balance and transfer money based on who wins and loses, in which case it would be illegal as it would be transfering money on the grid for the act of gambling and still be using the secondlife grid to do so, just the money would be on grid the games off grid.... even though the game takes place off grid it would still be the use of linden dollars to do so.... regardless of the method the current policy Linden Labs approves or dissaproves of various viewers, and yes rejection does actually happen, before I got into blogging here I had read a open complaint from the creator of "PAR" viewer about their viewer being rejected because it was a plugin based system where the functionality was in plugins rather than the viewer itself, also aside from that this does not conform to the new policy as it provides a function to track a specific set of objects which effects the shared user experience by giving certain users an advantage in this game of chance which shouldnt be allowed anyway by using a certain viewer, regardless I wouldnt trust such a viewer created by someone so low on ethic to be handling my passwords, so there likely wont be investigation into how this viewer in developement works, even if not using it I dont even want it installed on my system..... someone that sends out blackmail and threats and slander to a discussion group and acts on them and excuses their criminal activity likely isnt past stealing passwords.

back in the old days of secondlife, back before Emerald when I first started hearing about SLurls I used to read all the updates about the viewer, one of the updates back in those days was that malformed SLurls on websites could make the viewer send user passwords to websites had been fixed.... while this bug has long since been fixed, it indicates to me a password saved in the viewer isnt stored in the most secure form.... its stored in a form that could easily be either set in another viewer(some viewers you can load seperately and they will remember the saved password from the other, and be able to login with it), I wouldnt want a piece of software like that residing on my system where it could retrieve such senstive data.