Linden Lab Special Interactive Gift for 14th Birthday

To celebrate, Linden Lab has put together a special (and somewhat mysterious) gift set.

We’re not entirely sure what a Sananok is, but the Moles assure us they are friendly creatures that tend to keep to themselves and need a good home. Each Sananok avatar comes with a mysterious egg, which is  in fact so mysterious, not even the Moles know what it will hatch into.

Sananok Avatar


A wearable avatar that includes a shape and an alpha layer.

Mysterious Egg  (Rezzable or wearable)


Things you can do with the egg:

  • Rez it out your parcel, make it feel at home.
  • Add it to your avatar to carry it around with you (perhaps for a night on the town?).
  • Have a tea party with it, it’s all good.

Keep an eye on your Egg as it will, from time to time, tell you things (like when it’s getting ready to hatch!).

Stop by the SL14B Birthday Regions and grab this gift from any of the gift kiosks available!

(Alert) Latest Ransomware

We post these tech articles to inform Second Life users of the way accounts get hacked and how to avoid major problem’s in the future from attacks within the viewer (which is not as secure as we think) So please read on and secure your computer don’t let this happen to you!

Ransomware seems to be the darling of bad guys these days. It’s a very direct, powerful technique for extorting hundreds of dollars from a single victim very quickly, or millions of dollars when there are thousands of victims. Let’s take a look at the latest ransomware campaigns and how you can protect yourself from them… Recent account hacks in second life have not only locked people out of their accounts but have wiped out all L$ as well as attached ransomware to computer.

Ransomware: Detection and Protection
For anyone unfamiliar with it, ransomware is a type of malware that denies a victim access to his or her computer by locking its screen and/or encrypting the files on the hard drive. When a victim tries to access the computer, all they get is an ominous screen like the one below, that says “Oops, your files have been encrypted!”

The essence of the deal is, “Pay $X within Y days or you’ll never see your data again.” It’s extortion, pure and simple. But ransomware is getting much more sophisticated these days. The screenshot below comes from the Wannacry ransomware, which infected hundreds of thousand of computers in a single weekend in May.

The map shown here was generated by IBM, and shows the worldwide distribution of Wannacry ransomware infections. Apparently, you’re safe if you live in Papua New Guinea, Greenland, Niger or Chad. The rest of the world, not so much.

Payment in Bitcoin, the digital crypto-currency, is required. Most victims don’t know much about Bitcoin, so Wannacry and other recent ransomware provide surprisingly good “customer support” to guide victims through the process of creating a Bitcoin account, funding it with real money, and sending money to the extortionist.

One characteristic of Bitcoin is transparency; anyone who knows how can view all Bitcoin transactions since Bitcoin was created. Experts who have examined Bitcoin payments to the creators of Wannacry estimate that this global act of terrorism has so far generated only about $92,000 for its perpetrators. That’s a small return on the infection of an estimated 200,000 computers in 150 countries.

It turns out that Wannacry has a “kill switch” embedded in it that can halt the spread of Wannacry in its track. Within Wannacry’s code is a routine that constantly checks a gibberish domain name to see if it has been registered. As long as the domain remained unregistered, Wannacry would continue infecting any computer it could reach. But when a 22-year-old British security analyst who goes by the handle “MalwareTech” registered that domain, Wannacry stopped trying to spread itself. Amazingly, it cost only $10.69 (the domain registration fee) to halt this worldwide scourge.

That still left hundreds of thousand of computers infected by Wannacry. It’s a mystery how most of them, apparently, have either eradicated the infection somehow or are managing to get by without their data and computers. The UK’s National Health Service is still dealing with the fallout of widespread Wannacry infections on its network, delaying elective surgeries and slowing the nation’s entire health care system to a crawl.
Other Ransomware Attack Vectors
If you have been infected by ransomware, don’t run off and buy a bucket of bitcoins. First check in with the No More Ransomware Project, which offers free decryption tools for a range of ransomware attacks.

Another new form of ransomware has been dubbed “doxware.” You are unlikely to encounter it because it’s a technique that requires a lot of legwork from the perpetrators. First, they identify high-value targets, computer networks that house highly sensitive, confidential data. Then they infiltrate those networks with ransomware that not only encrypts all files, but also sends to the perpetrators select files that contain words like “confidential,” “top secret,” and so on. Then the victim is told that these files will be posted on a public Web site and all of his contacts will receive the URL that links to that site, unless he pays up by a specified date.

The best defense you can mount against ransomware, or any kind of malware infection, is to keep your operating system up to date with patches for all known vulnerabilities. If you allow Windows Update to run automatically, you should have received the patch to protect against the latest threats.

Microsoft even released a Wannacry patch for Windows XP and Windows 2003, obsolete operating systems that officially no longer receive security updates. Many computers in China, Russia, and even the USA are still running XP, despite its ever-growing vulnerability to hackers and malware. See Microsoft’s Customer Guidance for WannaCrypt attacks to read the company’s response to WannaCry, and links to those patches.

Trust No One

Other good advice here includes “Trust no one. Literally.” Do not click on any link or file attachment – even if it seems to have been sent by your bank, your brother the IT administrator, or your Mom – until you know what you are clicking on. If a message seems out of the ordinary, call your contact and ask if he or she sent it. No account is safe from hacking or impersonation (“spoofing”).

For further protection, enable the ‘Show file extensions’ option in the Windows settings on your computer. To do so, type “folder options” in the Start menu’s search box and click on “Folder Options” in the search results. In the dialogue window that opens, select the “View” tab. Uncheck the box next to “Hide extensions for known file types”. Click “OK” to save this change and close the dialogue window.

The purpose of showing common file extensions is to help you spot executable files (programs) that are disguised as non-executables. With “hide extensions” enabled, a file named WatchMe.avi looks like a video file. But with all extensions revealed, it may be WatchMe.avi.EXE and that is a big red flag. If you see multiple file extensions, delete the file without opening it.

A good anti-malware suite is also essential, and it must be kept updated too. I use the combination of Avast anti virus and Malwarebytes Antimalware (MBAM) to provide double coverage.

And of course, be ever-vigilant about opening email attachments. When in doubt, contact the sender to ensure that they actually sent it, and that it’s safe to open.

Have a Great Week

Deuce Marjeta

Second Life hits its 14th Anniversary this Summer!

Second Life hits its 14th Anniversary this summer. That’s definitely worthy of a celebration, and you do not have to wait until the actual Anniversary, June 23rd! to start enjoying the fun.

The Shopping Event takes place in a large indoor mall atmosphere, with a plethora of 60 of Second Life’s Hottest Designers.  There is something for everyone for sure.

The three regions: Golden, Gilded and Halcyon can be found at the link below – each vendor is to provide a FREE gift and some major discounts on their top-selling items!

Go, check it out now! Sales ends on June 26th!

Linden Lab has few things in the works for later this month as well – so stay tuned!

List of Participating Merchants

.{PSYCHO:Byts}. / .TeaBunny. / [ west end ] / [Tia] / {CA} CALIGULA™ / *KC|Couture* / % anxiety / • Zuri Jewelry • / ^.^Ayashi^.^ / || Fashiowl Poses || / ~Tableau Vivant~ / 1313 Mockingbird Lane / 220ML / addams / Alice Project / alme. by ChloeElectra / Aphorism / Bella Moda / BigBully / Blueberry / BOYS TO THE BONE / by Crash / Cae / Candle and Cauldron / Canimal / Catwa / Chez Moi / ChiMia / CONSTRUCT / Deadwool / Deccan Arida / eve / eXxEsS Hair / FUSSY x FOXCITY / G&D The Italian Style / Gos / Heartsdale Jewellery / Hello Dave / Hucci / Ison / jacinda jaxxon / Lapointe and Bastchild / Lemon Chilliz / Lure / Lybra™ / Mina / Murray / Patron / RealEvil Industries / Rebel Hope / Refuge / Silvan Moon Designs / STRAY DOG / Sweet Tea Couture / Thalia Heckroth / The Cube Republic / Titans / titzuki/FAKEICON / WILD Makeup Studio / zed designz /

Linden Lab Reintroduces Community Gateway Program

Today Linden Lab announced they are bringing back the Community Gateway Program.
Previously, the Community Gateway program helped bring new users to Second Life, by enabling Second Life communities to attract, register, an on-board new Residents. The program was shelved in 2010 as resources were re-prioritized, and now we’re excited to reintroduce the Community Gateway program along with some improvements that will make it even more valuable to Second Life.  We recognize the benefit of having Resident supported tutorial areas and have been working with several communities while fine tuning the new program over the last year.

This program allows Second Life Communities to:

  • Create a new user experience and attract Residents to your specific community

  • Assist those new Residents in beginning their journey into Second Life

  • Lend a guiding hand in the creation of their new avatar personas

  • Assist with increasing new user retention.

This powerful new tool will allow you to register new users right from your own community website and add them automatically to your group, thus helping your community to grow!

All details about this program (including how to apply) may be found here.


London City Community Gateway

Firestorm Gateway May 2017.png

Firestorm Community Gateway

Home & Garden Expo for Relay for Life!

The Event of Events for Builders, and Home Decor Enthusiasts of SL is here! The Home & Garden Expo has nine full regions for you to explore loaded with home and garden items under the theme “Passport to Hope” Most importantly and as you may know, the Home & Garden Expo raises money for Relay For Life of Second Life.   Relay For Life is the American Cancer Society’s signature fundraising event, and RFL of SL is one of its virtual counterparts. You can help make a difference with every purchase and tip, however small it may seem – every donation or purchase helps this wonderful cause that affects so many lives day to day! So don’t miss this chance to shop and do good, stop by before June 4th cause that is the very last day!

Home and Garden Expo, photographed by Wildstar Beaumont

Home and Garden Expo, photographed by Wildstar Beaumont

Expo exhibitors are required to have two 100% donation items at the Expo. These items must be new and exclusive to the Expo for the duration of the event.

100% of registration fees, sponsorship fees and donation items are paid to Relay For Life of Second Life. 50% of the proceeds from the gachas will be paid to RFL and 100% of the 10L hunt items.

Also – Builder’s Brewery will be hosting building classes on texture alignment, prim building, and various other courses that can be found here.

Every day at 4pm, there is a special lantern release ceremony from the top of the theatre on Hope 5.

This ceremony goes back to 2012, when Alchemy Immortalis created the Blue Willow lanterns especially for the Home and Garden Expo. It became the custom to release them each day at 4pm, and people would gather to watch and reflect as the lanterns rose slowly into the air.

Sometimes people speak, but often the event takes place in comparative silence – a break from the busyness (and the business) of the Expo – a time to reflect, remember and mourn.

Complete Shopping Guide!

Teleport to Hope 1

Teleport to Hope 2

Teleport to Hope 3

Teleport to Hope 4

Teleport to Hope 5

Teleport to Hope 6

Teleport to Hope 7

Teleport to Hope 8

Teleport to Hope 9


[ALERT] Rogue Certificates

Security experts advise us not to enter passwords, credit card details, or other sensitive information on any website that does not provide an encrypted connection, and to use a bookmark to access sites that deal with banking or other private matters. But there’s a new threat being used by clever hackers to thwart both of those measures. Read on for details…

Do You Have a Rogue Certificate?
Remember hacks in secondlife are on the rise sadly Linden Labs does not have trusted certificates but they are protected and trusted.

It’s easy to tell if your connection to a site is encrypted. At the left end of the URL address bar, you will see a padlock icon and the “https” protocol label; it literally means “HTTP Secure.”

A secure connection SHOULD tell you two things. First, no one can eavesdrop on the data that flows back and forth between your browser and the site, because all traffic is encrypted. Second, the https protocol authenticates the identity of the server to which you are connected; you can rest assured that you really are connected to your bank’s site and not a scammers imitation of it.

Authentication makes use of digital certificates. A certificate is an encrypted file containing information such as the certificate holder’s name, the name of the trusted authority that issued the certificate, the unique public encryption key that the certificate holder uses, and other info. Copies of certificates are kept in a trusted “certificate store.”

Rogue Certificates

The first time you connect to a site using https, the certificate the site sends you is compared to the copy in the store; if they match, the site is authenticated. Then a copy of the certificate is stored on your computer, so future visits to that site don’t have to check with the certificate authority. Instead, your browser checks the site’s certificate against the copy in your local certificate store.

Unfortunately, clever hackers have figured out ways to plant “rogue certificates” in victims’ local certificate stores, replacing your bank’s trusted certificate with one that belongs to a rogue website. Now you’ll see the reassuring padlock and “https” even though you are not connected to the site you think you are. Also, the rogue site can now read everything you send it, including your login credentials.
Try This Signature Checking Tool

A Microsoft tool called sigcheck can detect suspicious certificates in your local certificate store. You can read about all of sigcheck’s features and how they work, or download the zip file containing sigcheck.

Extract sigcheck.exe or sigcheck64.exe from the zip file, depending on whether you have a 32-bit or 64-bit Windows PC. (To find out which you have, click Start -> Control Panel -> System. The System panel will tell you whether you have 32-bit or 64-bit Windows. If it doesn’t say either, you have a 32-bit system.)
To use sigcheck, click the Start button, type “cmd” in the search box, and hit Enter to open a command-line window.
Navigate to the folder that contains the extracted sigcheck executable file
Type “sigcheck -tv” or “sigcheck64 -tv” and press Enter

This command checks your local certificate store for certificates that were not generated by a certificate authority that is known by Microsoft. There are many certificate authorities; each has its own “root” certificate, and Microsoft keeps a database of them. If one of your local certificates appears to be valid but wasn’t created by one of the known certificate authorities, it may (or may not) be a rogue certificate.

Ideally, you should see “No Certificates Found.” If sigcheck does list some suspicious certificates, you will need to do some detective work to see which are legit and which should be deleted.

On my test machine, sigcheck flagged two certificates from Avast, my anti-malware program. Like many security suites, Avast offers a “Web shield” feature that monitors incoming browser traffic for signs of malware payloads of JavaScript attacks, and blocks them before they can do damage. To monitor an encrypted connection, Avast Web Shield has to create a certificate that allows it to read traffic. Avast needed to create a second certificate to provide real-time protection for my email, which is sent and received via encrypted connection. So these Avast certificates can remain on my machine.

Next, there’s a certificate for “Machine\TrustedPeople:Administrator.” That would be me, or anyone with administrator privileges. So this certificate can remain, too.

Certificates for “Harmony(Test)” and “HarmonyNew(TEST)” took a bit of googling. They seem to have been created during old Java installations, and serve no purpose now. Let’s delete them.
How to Delete Rogue or Unnecessary Certificates

First, I recommend that you run a full malware scan on your system before deleting any certificates, to eradicate the malware that created the certificate(s). Otherwise, the malware may simply re-create the rogue certificates.

To delete certificates, you’ll need another command-line utility called MMC.exe (Microsoft Management Console). It is built into Windows, so all you need to do is open a command-line window and enter MMC to start it. (If prompted, click YES to continue.)

Select “File” and then “Add/Remove Snap-In”
Select the snap-in “Certificates” in the left column on the next screen, then click the “Add” button to move “Certificates” to the right column.
Select “Computer account” on the next screen, then click Next
Click Finish on the final screen without changing anything.
Click “OK” on the Add/Remove Plug-ins screen

Now you see a folder tree on the left. The middle window shows the selected folder’s contents, if any. Drill down the folder tree to find the certificate(s) you wish to delete. Right-click on a certificate in the middle windows and select “Delete” to delete it.

I know this sounds a bit geeky, but if you follow the steps carefully, it’s not so hard, and will give you extra peace of mind.
Have a Great week!