Are computers at hacking risk when we are on SL?

[bebejee]

Just wondering if youre involved with a tech savvy person like a hacker with no ethics, can they break into our computers while you are logged in, get RL info, cam you?

[Amethyst Jetaime]

Not unless you give them your account password, have one easy to guess, or click a link they send you that goes to a phishing website. 

[sirhc DeSantis]

Just wondering - if you know one why do you give them the time of day? Fool me once... 

[bebejee]

I dont know, SL has made me quite paranoid, I have even begun suspecting ever person who IM's me of being someones alt, especially of a particular person, can a person whos not on your list anymore track you and land whereever you are with an alt? last year a guy I had blocked messaged me from his blocked account which was quite a surprise, another time a guy landed in a sim I was in without me even telling him where I was and it was a totally new place to me, I had not allowed him to see where I was and he was a friend on my list.

Thank you Amethyst its somewhat of a relief but the paranoid side of me is still has doubts.

[Amethyst Jetaime]

People can track you if you are wearing something they gave you designed to do that, or you let them map you.  Otherwise it is purely guesswork from something you said or they know where you usually hang or perhaps someone else telling them where you are.

I've heard sporadic reports of blocked people IM'ing someone.  Its a fluke or they may have accepted a note from them, which unblocks them, or accidenty unblocked them themselves.  If someone IM's you that you blocked just ignore it and don't answer.  They'll never know you got the message. 

[Madelaine McMasters]

If you were wearing an attachment given to you by the person in question, it could relay your whereabouts. Absent wearing such a thing, there's no way anyone not on your friends list can track you in SL.

If your circle of friends overlaps his circle of friends, there may be a mole passing your whereabouts to him.

There's no way to hide the fact that you're online from someone determined to know. So they will know when to start looking for you. If you had a dozen favorite haunts, I could probably find you within a few minutes of your logging-in, just by TPing to each of them. You'd never know I was doing so if I used an alt.

The message from the blocked account could have been from an alt with a very similar name. The surprise of it may have caused you not to notice.

There's usually a non-spooky explanation for spooky events here.

Unless I'm involved.

;-).

[sirhc DeSantis]

[jeffrey11488313394]

Hi

it can happen

did it not start with lap top left on, by there owner.

Catching the hacker is not easy, but until they are discover, and the new paper get involve no one knows that they are being hacked or watch

and how much is big brother involve and watching you

in the UK its only just coming out how much the media is hacking people and the police are involve.

so change your passwords once a month and shut off the computer if you not using it

good luck

byee

 

 

[Nova Convair]

SL does not change your general computer security. If you want to be 100% sure about your laptop camera - get some tape and use it.

 

[Syo Emerald]

---

bebejee wrote:

Just wondering if youre involved with a tech savvy person like a hacker with no ethics, can they break into our computers while you are logged in, get RL info, cam you?

---

Second Life has nothing to do with all of this.

[Lewis Luminos]

There are small risks but most can be avoided with a bit of intelligence.

Don't share any RL info you are not happy about the entire world knowing about. You never know who will pass on that information to others.

Don't use the same password for SL as you use anywhere else.

Be careful what links you click. If it looks like a marketplace link, make sure it's genuine before loggng in.  Try logging in to the Marketplace first, from the official website; if the link asks you to log in again it's likely not genuine.

Be careful about accepting objects in-world. Some may not be all that they seem. Be particularly careful of anything that, on rezzing, pops up a yellow dialog box asking for permission to debit L$ from you.  Unless the item is something like a vendor system, do not grant permission.

If you think someone is spying on you, stop wearing any object they have given you.  There may be a tracker script hidden in it.

If you have media or audio enabled, the owner of the media/audio stream can see your IP address. This in itself is not inherently bad; every owner of every website you visit anywhere on the internet can do the same thing.  Your IP address cannot identify you as an individual; it may be able to pinpoint the county or town where you live. If you have a dynamic IP, you will get a new IP address every time you reboot your router.  Some scripted objects (which have since been banned) used the media/audio stream to keep a database of residents and alert land-owners to possible alts based on the IP address.   If this is of concern to you, you have a couple of options:  1) Keep media and music disabled in-world. You can copy the url (from the land info page) and paste it into winamp or itunes, but any suspicious scripted objects using the media feature will not affect you. 2) Use Firestorm and enable media filter.  This enables you to whitelist or blacklist every url that requests access. So you can whitelist those that are genuine music/video streams and blacklist those that aren't.

[bebejee]

To Syo Emrald who said SL isnt related to the problem of computer hacking, my question was regarding being logged into SL chatting with someone who might be a hacker.more so if your friendship has soured.

I dont share RL with anyone, the guy who landed in sim I was in landed right next to me like I had tp'd him and not at the landing spot which was a mile away from us, even if I had mentioned sim name to him and he searched it and got there he should have landed at the landing spot a mile away, the sim was totally empty, and I havent allowed any friend to track me, the blocked guy yes could have got unblocked due to some glitch or whatever I agree.

 

 

[Perrie Juran]

---

bebejee wrote:

To Syo Emrald who said SL isnt related to the problem of computer hacking, my question was regarding being logged into SL chatting with someone who might be a hacker.more so if your friendship has soured.

I dont share RL with anyone, the guy who landed in sim I was in landed right next to me like I had tp'd him and not at the landing spot which was a mile away from us, even if I had mentioned sim name to him and he searched it and got there he should have landed at the landing spot a mile away, the sim was totally empty, and I havent allowed any friend to track me, the blocked guy yes could have got unblocked due to some glitch or whatever I agree.

 

 

---

Once on the SIM he could use a simple 'teleport to" function.  

[Orca Flotta]

Syo is completely right: SL isn't any more save or unsafe thanany other thing you're doing on the interwebz. Every computer is hackable, often its made easy for hackers by stupid users handing out their personal data like candy.

What worked for me so far, without being any geekish: I delete any email at once if I don't know the sender. I keep my curiosity at bay and don't just click any random link I come across.

I'm on a desktop computer 95% of the time, so I don't have a webcam or microphone.

But the most helpful was my move from Windows to Linux. Even if someone tries to put a virus in your machine it'll just bounce back.

[AnnMarie Otoole]

My main SL account was hacked and nearly $2,000 extracted from my credit card.

I am the only person in RL or SL who knew the password so it had to be hacked by someone with data file access internally in LL.

LL were very cooperative and prompt in restoring my accounts but never gave any feedback on how it happened.

I would hope the had sufficient internal logging to figure out who did it.

It is not impossible that hacking software could be built into the viewer but with extensive testing on all releases it would be a monumental task to hide embedded hacking programs.

[Kelli May]

---

AnnMarie Otoole wrote:

My main SL account was hacked and nearly $2,000 extracted from my credit card.

I am the only person in RL or SL who knew the password so it had to be hacked by someone with data file access internally in LL.

LL were very cooperative and prompt in restoring my accounts but never gave any feedback on how it happened.

I would hope the had sufficient internal logging to figure out who did it.

It is not impossible that hacking software could be built into the viewer but with extensive testing on all releases it would be a monumental task to hide embedded hacking programs.

---

The statement I bolded is a totally false assumption. While an inside job is possible, It's more likely your password was too weak and was guessed, was captured by a keystroke logger external to the viewer, or intercepted in one of the many other ways available to data thieves.

[Qie Niangao]

---

It is not impossible that hacking software could be built into the viewer but with extensive testing on all releases it would be a monumental task to hide embedded hacking programs.

---

Although there are also components over which LL doesn't have control. I'm thinking specifically voice, but there are also "media" connections from non-Linden (potentially rogue) servers directly to non-Linden (potentially vulnerable) libraries on the client machine. If I were forced to hack a Second Life user, I'd start out hunting for ways to exploit those libraries in order to install malware such as keyloggers. It seems the sort of thing for which there should be hacks ready off-the-shelf.

[bebejee]

So how does one refuse people sending you scripted things without causing them offense? and is it a sign of hacking when you;re typing something like a question and the other person respionds before you having even hit the enter button, and if something they typed say a symbol like + in their text and it appears in your text a few lines later without you having added it? I mean it requires pressing shift and then + to have it appear right? thats quite a deliberate effort and not by chance.for it to show up in your text.

[Qie Niangao]

---

bebejee wrote:

So how does one refuse people sending you scripted things without causing them offense? and is it a sign of hacking when you;re typing something like a question and the other person respionds before you having even hit the enter button, and if something they typed say a symbol like + in their text and it appears in your text a few lines later without you having added it? I mean it requires pressing shift and then + to have it appear right? thats quite a deliberate effort and not by chance.for it to show up in your text.

---

You can accept anything, trash it immediately, and empty trash, and it will never matter -- indeed, you'll never know -- whether it's scripted or not. Of course, that doesn't help if the giver is watching to see if you add it to your avatar; in those cases, you'll just have to say "no" or risk originating the next griefing epidemic.

The other events you describe, assuming they're really not just coincidences, would indeed suggest a keylogger on your system, planted and monitored by whomever is responding prematurely.

Wait. You are using the standard Linden viewer, right? Or next best, one of the most popular TPVs, downloaded directly from their site?

[bebejee]

I'm using Firestorm the previous one. Ok and what does one do to block keylogger?

[Kelli May]

---

bebejee wrote:

I'm using Firestorm the previous one. Ok and what does one do to block keylogger?

---

Do a thorough scan with general anti-malware software such as Malwarebytes.

Look up specific anti-keylogger and anti-spyware tools. Check for reviews at established sites so you don't actually install malware that's masquerading as useful software. Spybot - Search & Destroy* is well-known but there are malicious clones of it. Bear in mind that any free-to-download software will potentially have adware and other annoyances built into the installer. These are usually not malicious but definitely stuff you want to avoid, such as toolbars.

While it's highly unlikely on a private computer, there are such things as hardware keyloggers. Unlikely because they would require physical access to the machine you are using. Any unknown USB devices plugged in where you can't normally see them? Anything unexpected between your keyboard and box? 

*eta: I now notice that Spybot - S&D has received some poor reviews recently. Maybe time I switched to something better. It's also not specific for keyloggers, but a more general anti-spyware tool.

[jeffrey11488313394]

hey once they land on a sim its easy to find people using the map or mini map and that how they can teleport to you. they can also cam you from one sim to the next and by clicking on the ground next to you they can teleport to you.

its how I was able to keep a eye on the grifer at help island.

the system can be used for good or bad, but most ARs about grifing by me were done bye people calling me and telling me they were being grifed and I just cam into the sim and reported it and told the grifer that he or she was reported.

this normally stop them grifeing the kid and they just started on me.

however lots were sorted by the ARs I send, so if he is following you, this can be harassment and is reportable.

so just AR him each time, and the ARs will add up and Lindens will act.

a key logger can only like a hacker get in to your computer by giving you a object in game or you clicking on a link to a unsafe web site, also friend ship offer are a way to get into you computer, lots of people do not take friends ship offer from new comer in game.

check out the avatar safety classes at  Help at Caledon

enjoy SL

byee

 

[Sassy Romano]

---

jeffrey1 wrote:

a key logger can only like a hacker get in to your computer by giving you a object in game

or you clicking on a link to a unsafe web site,

also friend ship offer are a way to get into you computer

, lots of people do not take friends ship offer from new comer in game.

 

---

Bull**bleep** highlighted in bold.

LSL that would be used in a scripted object inside SL has no hooks to call out to OS or BIOS or otherwise that would allow keyboard intercept.

Friendship offers...?  C'mon, this is how daft rumours start.  From a friendship offer you'll get what?  Anything that allowed an elevated privilege onto the hosts computer would require a specific vulnerability in the viewer.  I'm not saying such things aren't possible, they very much are but you're going to have to bring much more to the party than such speculation.  If you DO know of a specific vulnerability in the viewer that allows privilege escalation then you should immediately file a SEC JIRA.

http://wiki.secondlife.com/wiki/Security_issues

[Quinn Lysette]

what you have to worry about is getting raped in sl trust me it happends i seen it happen and also beware theres a thing goin around that turns you into a rabbit if that happens contact tech support asap

[Madelaine McMasters]

---

Quinn Lysette wrote:

what you have to worry about is getting raped in sl trust me it happends i seen it happen and also beware theres a thing goin around that turns you into a rabbit if that happens contact tech support asap

---

I have to wonder, Quinn. If one can be raped in SL, then wouldn't being turned into a rabbit make it impossible to contact tech support? LL doesn't speak Leporine.

If we're going to confuse "realities", shouldn't we be consistent about it?