Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully seizing his virtual land.

-snip-

Linden Lab filed two motions to dismiss the suit, arguing that Bragg came into possession of his land wrongfully, but the Pennsylvania judge denied those motions.

-snip-

A few things about this are super interesting..

• Linden Labs (creators of Second Life) literally sells online assets for real world money..
• Martin Bragg (from accounts read) found that by simply adjusting his HTTP GET parameters was able to bid on not yet opened auctions.(1)
• Bragg apparently invested thousands planning to buy low and sell high

We have just started to consider the attack possibilities and where this is going but again, i suspect fun times are ahead (2)..

/mh

(1) A public facing web-app that deals with real money, that is vulnerable to an 80’s style parameter passing attack? tsk.. tsk.. (someone needs to have their web-apps audited!)

(2) i have not yet checked out Hoglund’s new book [Exploiting Online Games: Cheating Massively distributed Systems] but suspect ill take a look soon..