Everett Linden posted on the official Second Life blog: Safeguarding Your Account…or You’ve Been Phished. Yes, strong passwords are important. Caps, numbers - not your birth date! - and some other stuff. And yes, phishing is bad. But by now I assume everybody that’s able to link their payment info to their account is smart enough to not give out their password information to third parties (websites) or click in-email links.

But what scares me, is their association with these two ‘errors’ and phishing/weak passwords. Although having a weak password, falling for a fishing attempt or having a keylogger - not the one you use to spy on your spouse - on your computer can have the following consequences, it does not necessarily mean you f*cked up. Those two same things could also been cause by a breach in security on the ‘Linden side of things’.

• If you can’t access your account
• If you suddenly notice a reduced available balance on the payment source you have on file.

Remember PingPing Zhaoying? (You should, and btw. his account is still not reactivated.) Remember PingPing getting an e-mail from Linden Labs telling him that his Second Life password was changed? Remember that the old password is not needed to change your password? Remember the ’sudden reduced available balance on the payment source he had on file’ he suffered from? Remember the only thing that Zee Linden stated was: ‘We have security issues‘?! Remember LL - opposed to what they state in this blogpost - not being very helpful to him where it comes to support tickets and telephone calls? Remember LL - in stead of helping him - just blocking his account?

Combining the timing of this rather useless blogpost and the ‘We have security issues’ IM, I can only conclude that LL really had or still has security issues and is with this blogpost is trying to let the Second Life users believe they are automatically the ones to blame when their accounts get compromised. Yet I know for sure about one account hi-jack where it’s not the Second Life resident that was to blame for lack of security.

Dalien said: ‘So they would be much better in telling it upfront. But as usual they are afraid it will scare off an average Joe the consumer.’

Vint says: ‘And it might scare off Joe, but it will help with keeping the residents that actually put payment info on file.‘

Paranoid? Me? Maybe. But I’ll feel a lot safer when a Linden shouts out on the official blog ‘We have no security issues and I’m not crossing my fingers whilst typing this!’. Or when a Linden lowers himself to answering JIRA issues and posts ‘addressed’, ‘was never a problem, because…’ or ‘very busy fixing this’ on either ‘The new “Forgot Your Password?” wizard threathens all‘ or ‘Password Change with question ‘home location’ is unsecure‘.

I can only agree with this comment on the blogpost by TigroSpottyStripes Katso: ‘Btw LL, if there is anything we resis should know to take any measures to assure our interests (like safety, money and well being related stuff) regardless of the hit on your public image or the panic generated, I think it would be wiser to let us know now instead of being blamed later on when the s**t hits the fan….plz?‘

Tags: linden lab, pingping zhaoying, second life, security

• Checking up on password security: an operation which I am not permitted to perform
• How (in)secure is your Second Life password?
• PingPing, murdered for a crime he did not commit (and resurrected again?)