VintFalken.com
« AJAX based SL client: AjaxLife
Abandoned Neko »

Checking up on password security: an operation which I am not permitted to perform

July 9, 2007 3:36 pm

Concerning the (in)security of our Second Life passwords, I said I’d be happy if the Lindens would say ‘No problems whatsoever’ or ‘All problems fixed’ on the two corresponding JIRA issue’s. Let’s see:

WEB-193:

The new “forgot your password wizard” threatens all.

Torley Linden: Closed as dupe of WEB-192.

Understandable. I marked them as dupiclates myself. *Full of anticipation goes to check on WEB-192.*

WEB-192:

Password Change with question ‘home location’ is unsecure.

When logged in to JIRA and trying to access this one, I get the following message:

ERROR

It seems that you have tried to perform an operation which you are not permitted to perform.

If you think this message is wrong, please consult your administrators about getting the necessary permissions.

WTF?!!#?$!#?!!!

a.) I’m doing something wrong.
b.) With updating it they have broken JIRA.
c.) They fixed this but don’t want to admit they had a problem.
d.) They do have security issues but prefer not to say so.
e.) Something else.

Which one is it, do you think?

Goddamned, Linden Gods, communicate! Second Life is supposed to be the future! We are not supposed to cut open a poor goat as to read from it’s intestines if our Second Life passwords are safe anymore. This is 2007, Gods can communite towards their residents using a blog, in-world notices, … . And if you’re insecure of how to bring this with not to much damage, hire some priests from the Temple of Communications.

Anyway, for me, I’m done with all this shit. I’ve had enough of it. No more! We don’t have to put up with this! It kills me saying this, but I’m not going to say my prayers to Torley-God tonight. No f*cking way! *scratches watermelon tat on right breast from the to-do list*

PS. Luckily JIRA did not loose any speed performance because of the update. It’s still as fast as a turtle lying on it’s back. ^^

PPS. JIRA says to contact one of the following administrators. Not a single word about how to contact them, though.

PPPS. PingPing Zhaoying was a victim of fraud because his password was for grasps 20 days ago. 11 days ago Lindens locked PingPing out off his account. 10 days ago they said they said they would solve things and return his account to him. Today, the 10th of June 2007, PingPing Zhaoying is still as non-present on the grid as voice is on the Linux Client.


Tags: , , , ,

6 Responses to “Checking up on password security: an operation which I am not permitted to perform”

RSS feed for the comments of this post
PingPing, murdered for a crime he did not commit (and resurrected again?) | VintFalken.com sent a pingback on July 9, 2007
MyAvatars 0.2

[…] Still no sign of PingPing Zhaoying on the grid. Of the two JIRA issues concerning the insecure passwords, one is closed because of being a duplicate, the other one disappears/is not accesible to normal resi…. […]

Laetizia Coronet wrote a comment on July 9, 2007
MyAvatars 0.2

And to top it all off, I come here to spam you with my fact finding mission: nothing appears blocked from Events and ‘loli’ is blocked from Classifieds. Maybe it would make a safe password?

What’s needed is a new password when the old one is lost, sent to the recipient’s email address. Unless you are using some asshat addy from Hotmail, that ought to be quite secure.

As for the JIRA - I tried that with the same result. I guess someone there was actually thinking and decided that public discussions of a security issue would not be a good idea.

Vint Falken wrote a comment on July 9, 2007
MyAvatars 0.2

Well, if they would have responded to PingPing’s emails, phone calls or IM’s, it would never gone public in the first place.

As for the events, this means you can keep your ‘discussion about Lolita, the book’ event? ;)

Torley wrote a comment on August 6, 2007
MyAvatars 0.2

Re: the JIRA administrative side, that’s part of my job function. I see what happened here, WEB-192 was moved to be a “SECURITY”-type issue which is only viewable to Lindens, possibly because of sensitive info within, but I can’t be sure until I check with Rob Linden.

I apologize there isn’t an easier way to see that past the cryptic error message, it wasn’t intentional that we didn’t communicate here. I surely would’ve.

And about individual account troubles, I’d recommend contacting http://secondlife.com/support and filing a formal support ticket. Maybe that’s already been done as part of earlier attempts at contact (but it doesn’t hurt to ask). Best of hope with it.

Pingping wrote a comment on September 6, 2007
MyAvatars 0.2

oh yeah filling out a ticket !!!
Please Linden give me back my account !!???

Linden finally reacts and they give me a phone number to call., which I dial without delay ……… tuuut tttuuuuttt tuuuuutttt
This number can not be reached from abroad, sorry you aliens ………

So I went to see Lindens in “second-life-world”.
They suggested I ‘d fill in a ticket ……

Vint Falken wrote a comment on September 6, 2007
MyAvatars 0.2

You still didn’t get your account back?! This is over two months now?!!!

Care to comment?

Use this URL to trackback from your own blog

  • Recent Comments:

    • Smiley Barry: Ooo, sounds awesome. :-) I wonder if Rezzable will EVER make something on our grid… :-( (Second...
    • Jordyn: /me dools.. face pressed up against the glass! can’t wait to see the gardens! JC
    • mewmew: I’ve been having this problem, quite literally for months and months now, and NO ONE, I mean no one has...
    • Bettina Tizzy: So Cheen didn’t get his bio in, in time, did he? Good for you for showing him that we take swift...
    • nimil: summer weather doesn’t affect me lol if nothing else the chance to hide in shade and airconditioning of...

    • Vint F. on Pownce:

    • No public Pownce messages.

    Categories

    Links