Say It Ain’t So, D3adly — Avatars United Takes A Hit, Yet Again

by Defne Demar on 23/05/10 at 8:25 pm

You don’t hear much of d3adlyc0d3c lately, except on the comment sections of various blogs. You definitely don’t see him in Second Life. Did the deadly disease get the best of him and take his hacking career down? Not really, says D3adly. But he seems to have gotten “less” deadly, that’s for sure.

Explaining that he misses Second Life sometimes, he openly admits that whenever he starts back up again he “really always end[s] up clashing with the wrong people and then going on some sort of stupid griefer rampage.” That doesn’t mean he stopped messing around in the digital playgrounds of the Interwebs. Apparently, Avatars United, with its questionable infrastructure, became one such playground for D3adly.

Avatars United has seen plenty of feedback from d3adlyc0d3c
Avatars United has seen plenty of feedback from d3adlyc0d3c

Back in February, Alphaville Herald had reported on the security holes of this newfangled social networking site for avatars. Some residents even questioned the necessity of such a social networking site, suggesting that since Second Life itself is defined (by the Lindens) to be a community site, this sloppy attempt at improving the experience (not to mention attempt at a likely competition with Facebook) via an insecure and immature AU site is a questionable move at best. Problems? Set aside the fact that we are officially social-networked out (yet another site to log onto!), the anonymity of the site lends itself to impersonation and deception. For instance, there appears to be more Linden employees on the site than in real life. Not your problem? Surely you have heard about the security holes.

After having read our coverage on AU, D3adly, curious to discover some of these vulnerabilities, opened an account and started testing the site to figure out the extent to which the site was insecure. His results are mind-blowing. He confirmed what some of us had suspected for awhile now: the site was seriously insecure.

Having figured out how that the AU system generated security tokens for its users and what these tokens meant, D3adly was able to “forge” requests being sent to the server to generate these tokens and, in doing so, accessed other people’s accounts and applications. While acknowledging that his motivations were merely based on curiosity and a genuine desire to help the Lindens in finding bugs, he says that anyone with questionable intentions could have used the compromised site for malicious purposes.

In addition to injecting HTML IMG tags into a number of AU profiles using the aforementioned bug and forcing a group of users (such as Soft Linden) to send him friend requests, he was able to spoof messages that appeared to come from anyone he wanted, including from FBjork, the AU developer and the founder of Enemy Unknown, and inject messages into other people’s message threads and read private messages between users. I must say, glancing at the samples of private communication between users did not surprise me one bit. But receiving them from someone who made his career out of griefing and crashing sims left me a bit uneasy.

For those who are wondering what D3adly will do with this, rest assured: his malicious days are long gone. He can barely remember his days in the PN or even in Dissention, a three-week griefing group where he and several other folks crashed sims and hacked their way into the Linden network in Facebook to gather information about the LL employees from their profiles for nothing more than maybe sending them flowers — OK, maybe there was a little more intention involved. Instead, he reported several dozen security issues to Soft Linden with the understanding that they will be fixed soon – but not before teasing Plastic Duck.

Responding to an argument that the two had in Facebook, D3adly hacked into Plastic’s profile (who allegedly hates Chans) and modified his AU profile to an image of the Anonymous, and made him shout in his status, “I think I liked the Chans now.” We feel for Plastic. But our concerns are somewhat different. Will the security holes be fixed sooner rather than later? Remains to be seen. As Plastic Duck once said in an interview: “I’ve noticed with Linden Lab telling them to fix something isn’t enough. You need to exploit it to hell and cause half of the SL population to freak out before anything is done.” True, but other relevant questions are: Do we need yet another social networking site? Will AU make the experience of SL better? My guess is, no & not likely. All avatars are already on Facebook anyway.

58 Responses to “Say It Ain’t So, D3adly — Avatars United Takes A Hit, Yet Again”

  1. darkfoxx

    May 26th, 2010

    Im not even trolling anymore, thats the beauty of it. I dont need to troll, LL took care of that.

  2. Kiddoh

    May 26th, 2010

    Oh my, in this topic and every topic; a furry tries too hard to be a cool dude. But yeesh, generally people become furries because their lives are so mundane that they need something to make themselves feel special, I can only imagine what kind of life Darky leads if he feels the need to find joy from things that never happened and/or don’t exist.

    @Darkfoxx: You should really learn to differentiate rage and baaaww from laughter. I think the only person you’ve actually made rage was Judge Joker who isn’t related to WU in any way. Do you live in a clothes dryer and does your dad happen to beat you with said dryer?

  3. James Larken Smith

    May 27th, 2010

    Hackers should end up in the legal system. I don’t care if they use the excuse “I’m trying to find bugs”. Flat out crooks….

  4. MOAR

    May 27th, 2010

    >Hackers should end up in the security system.


  5. darkfoxx

    May 27th, 2010

    Oh, so intlibbers article “the linden lab mafia” on this blog and the 2000 posts thread on the SLU dont exist, and the many many comments of wufags here and Ielsewhere are all just in my head Kiddo?


    also funny that i need to differentiate beteen laughter and baww, while intblub suggested i was the one bawwwing XD

    I dont know how your brain works, but its amusing enough.

    And a little fyi, im not trying to be the cool kid, that implies that i would care about peoples opinions about me. But … i dont. Suprise suprise XD

    And a big rofl at your assumptions about furries here. Really shows what you know… or youre just trolling, i dunno but dont care either.

    Anyway, carry on, gives me something entertaining to read at work :)

  6. James Larken Smith

    May 27th, 2010

    Hackers should end up in my ass. I don’t care if they use the excuse “I’m trying to find gold”. Flat out bugs….

  7. Alyx Stoklitsky

    May 27th, 2010

    >Hackers should end up in the legal system. I don’t care if they use the excuse “I’m trying to find bugs”.

    You have downs.

    Sorry :(

  8. archie

    May 31st, 2010


    ’nuff said

Leave a Reply