Home My Account Loans Bids Currency ATMs Support About Affiliates FAQ

Nov 19th 2007, 23:17 system announcement
by Lindsay Druart

Update on Bank

We have found out how the issue happened and this was clear negligence on the host of the banks server. The security package that was supposed to be on the box was not installed and a brut force attack cracked the database within a few hours. As a result, fraudulent transactions to create a balance were made in the database and then withdrawals attempted. The BetaTester avatar tried to withdraw via the ATM and hit the withdrawal limit. After that failed and the account disabled, the system was bypassed to withdraw automatically without going through the ATM transactions.

As a result of the security holes found and exploited, the security package has been installed on the server by Future Hosting and details the following:

* SIM - (System Integrity Monitor) - 24x7 Internal Monitoring of services
* SPRI - (System Priority) - Sets priority to current processes being run on your server, decreasing load 10-25%.
* PRM - (Process Resource Monitor) - Monitors all resources used by all processes and if a process is being flooded or causing high load on the server, it is killed.
* BFD - (Brute Force Detection) - Detects brute force connections and automatically enters the offending IPs into the firewall to be blocked.
* CHKRootKIt – Simple script that detects software used by hackers. It scans once a day and emails the client if any suspicious scripts are found.
* Firewall Installation - APF (Advanced Policy Firewall) iptables based firewall and anti-dos rulesets.

We are combing the ATM script and rethinking it to be as simplistic as possible and less traceable. Database passwords have changed to safeguard information. We are also installing a system that will rotate holdings and create several fail safes of detection that will prevent avatar depletion if triggered.

I was unable to complete the CD conversion as I fell asleep on my keyboard so interest may payout tonight and probably will because I will not finish. I started with the conversion and deleted some CDs from the web portal by mistake when I deleted the account type but the information is located in the database so I am correcting that as we speak.

I will be working over the next few hours to correct that issue at least and will update the market as things happen. Thank you all for your support.

Home My Account   Atm Locations    Customer Support  About LnL  FAQ 
© 2007. L&L Bank and Trust. All Rights Reserved. Second Life is a registered trademark of Linden Lab, Inc. No
infringement was intended. L&L Bank and Trust is in no way associated with Linden Lab, Inc. We are merely a virtual
company that exists within the community created and owned by Linden Lab, Inc.
Software by Tango 11 Communications