Grey bar Blue bar
Share this:

Tue, 12 Jun 2007

Second Life land grab case moves into U.S federal courts..

Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully seizing his virtual land.

-snip-

Linden Lab filed two motions to dismiss the suit, arguing that Bragg came into possession of his land wrongfully, but the Pennsylvania judge denied those motions.

-snip-

A few things about this are super interesting..

  • Linden Labs (creators of Second Life) literally sells online assets for real world money..
  • Martin Bragg (from accounts read) found that by simply adjusting his HTTP GET parameters was able to bid on not yet opened auctions.(1)
  • Bragg apparently invested thousands planning to buy low and sell high
We have just started to consider the attack possibilities and where this is going but again, i suspect fun times are ahead (2)..

/mh

(1) A public facing web-app that deals with real money, that is vulnerable to an 80's style parameter passing attack? tsk.. tsk.. (someone needs to have their web-apps audited!)

(2) i have not yet checked out Hoglund's new book [Exploiting Online Games: Cheating Massively distributed Systems] but suspect ill take a look soon..