However the llGetOwner and llGetCreator are also powerfull security measures which should be included as well. When hackers get insight in your scripts (by accident, or by permission bugs from our dear friends at LL) they could look at your hash function, and talk on your channels anyway. Then it’s very nice that your scripts can still detect the false messages, and ignore them as well as inform you, so you can ban and report the abusers.

Also a small addition to your idea would be to slighty let the channel transition overlap. So for 1 minute or so your scripts will listen on both the old AND the new channel. This will allow more ‘relaxed’ checking of the time, and also could prevent loss of messages due to server lag.

The security needs to be in place for financial transactions only. A better way to make your general system (combat, weaponuse, etc) more secure is to change comm channels every day.

Have a one-way hash function to select the comm channel based on the date, have all the gear use that same function, and sniffing the thousands of channels becomes nearly pointless since the channel will change shortly. By adding the hour SLT to the mix, everyone can change channels simultaneously every hour instead of every day, meaning even a lucky detection of the channel has less than an hour to exploit it.

LindenLab just informed me (ofcourse AFTER I mailed them again asking for an update) that “the outcome of the investigation as it was determined to fall under the category of abuse”.

Nothing yet said about the actions that were taken. I am very curious if LL attempted to follow the ‘money-trace’.
It shouldn’t be very hard for them to do. Either the accounts still hold the L$ (in that case I assume it will be returned to my account), or he (or she? naaaa…) gave it to another Avatar. But in the end the money is either still in SL, or it has been sold.
If it was sold, the USD could still be in the ‘hackers’ account (again then I assume I will get it back), or it was deposited to a paypal or check.

In last 2 cases there is little change I’ll see the money again. The chance of getting this guy prosecuted might be small too, but it would be good message to other ‘hackers’ if LindenLab would send there investigation-results to the authoroties of the ‘hackers’ country and/or his ISP, and announce it publicly. Hopefully that will at least give this thief some sleepness nights.

I also hope to hear soon what they did to prevent this guy from coming into secondlife again (and thus DarkLife) because he seemed determined to mess up as much as possible. He (or a friend), using the SL name ‘Takit Leavit’ even payed a DarkLife player to tell our moderators that he was a regular trustworthy DarkLife Player and messed up some darklife-accounts when he came in.

As for security, Yo Brewster is absolutly right, if I would use some sort of security on every piece of communication, the game would not run fast enough. Right now the current version is already too slow sometimes (our new release will be much better on that part) but really, as a game developer you don’t have the luxury of using theoretically good security schemes. If the game becomes too slow to be played then you might as well not build it at all.

In our new release I will use owner and creator checks as much as possible (in the hope that won’t slow it down too much) and I will also build more security checks that hopefully will detect hackers BEFORE they can do any harm. Also we will not use scripts anymore that give out money (that was already in the design, not a result of theft).

Also we already have a pretty good(but still too small) team of moderators who have provem themselved on the latest attack.
They will soon get instructions and tools to search for and ban griefers who try to abuse, cheat or hack on our SIM.
I am confident that, when we open up the game again, we are prepared for future attacks (unless LL does something awefully stupid like introducing another permission-bug).

If Chirp isn’t directly responsible, it is likely he, as Enron Dagger, shared this information with others.