June 9, 2007 -
Last year, GamePolitics reported on the case of an attorney who exploited a URL quirk to grab several plots of virtual land for cheap in the popular MMO Second Life.Because the lots were not yet officially up for auction, SL publisher Linden Labs suspended Marc Bragg's account for violating the game's terms of service (ToS).
As lawyers are wont to do, Bragg filed suit in a Pennsylvania court, claiming he was the rightful owner of the virtual real estate and that the game's flawed auction system didn't negate the sale legally. Bragg also laid claim to his virtual cash in Lindens, worth about $3,200 USD. Linden Labs officially supports a Linden-to-dollar exchange, and promotes the idea that players own their virtual property.
According to Ars Technica, Linden Labs has filed two motions to dismiss Bragg's suit, arguing that the attorney acquired the land through "wrongful" means. The judge tossed both motions.
Linden Labs followed up with two additional claims. The first questions the court's jurisdiction, while the second seeks forced arbitration of the case. Second Life's ToS, which Bragg admits he agreed to, states that any disputes must be resolved in California, where Linden Labs is headquartered. But the Pennsylvania judge ruled that since Linden Labs does business across state borders, the dispute can be heard outside California.
CM: No word on when the case will be heard in federal court. Some industry watches don't believe it will make it as far as examining whether "virtual" property is the equivalent of "real" property, but will focus mainly on whether Linden Labs had the right to deny Bragg access to his account after his violation of their ToS.
- Reporting from Canada, GP Correspondent Colin "Jabrwock" McInnes
Comments
Sad. :( I doubt they'd have the same complaints over a film or book.
The excuse 'but their security was so bad it isn't _really_ hacking! I just wanted to profit from their poor design' has _never_ held up very well in court.
In short, I'm hoping Linden Labs nails Bragg to the wall......
The issue is that he was making a significant profit off the exploit he found, and he is a lawyer, and is exploiting the court system to try to say 'because money was involved, I should be allowed to break the rules', specifically by saying 'the rules are unfair and unenforceable because real money is involved'
Calvinball
I think its stipulated at the time there was no such rule in the ToS thus what he did was legit however he broke what is known as the sprite of the Tos,I could be wrong I usauly am.
Last i looked, besides SL being an MMO and it having a ToS policy that you must agree to, it ALSO is a game you have no control over.
They can take your account if they want. They can do whatever they want. Sure, it may not be a good idea for them to do it, but they can if they wish. Its the same with WoW. It really isnt your account. Blizzard can take it back at anytime.
What a let down. :)
Nightwng2000
NW2K Software
well because real money is tied into it you can take them to court and have it look at.
This might be the "evils" of the next generation or something who knows.
IT's probably one of those things that sounds crazy now.....but down the road this might be a common thing.
Besides....having your money in the bank....it's not psyhically there. When you pick up a pay check...you get a peice of paper with a money sum on it.....it's not REAL money...yet it too can be transfered into money from eletrionic things.
So it's somewhat the same consept and idea....it's a "state of mind" that your money is there.
The following changes will likely come out of this. He gets his money back. EULAs for online games will include refunds for terminations pro-rated. Arbitration clauses will be held unenforceable since it's onesided (they don't have to initiate arbitration to break the contract with you after all).
Linden did this to themselves. The more you point to a ToS that states that they can do whatever they want to you with no recourse the strong his case becomes. Such contracts are illegal and unenforceable. Contracts of adhesion that lopsided offend the sensibility of the courts.
Did you even read it fully? The guy got the land illegaly in the first place via a glitch. And no contract is unenforcable.
Ah that does put it in a different light. If you're right and it's the spirit of the agreement that they're going after him for I can see the need for at least arbitration perhaps a trial of some kind is called for. Although since he obtained the land "illegally" it should be treated as stolen property in the trial.
On the other hand couldn't Lindon Labs just make it next to impossible to access his "property" by changing the surrounding geography in Second Life? I might be off in left field here since I've never played.
That would hard to do, considering the main transportation in Second Life is human flight.
Anti-aircraft guns maybe?
Though more seriously, doesn't the game already support zones of denial so property can be kept invite only? They could just doughnut the guy's land.
Players like to exploit the their cyber-laws more openly than real laws. So no matter what Linden Labs tries to do there will be a group of people ready to exploit it for whatever reason they see fit. But I love it. Even though I don't really enjoy the game myself I like reading articles about such events. I find the virtual vandalism stories to be funny in most cases. Without that I don't think I'd ever really talk about Second Life, until people claim its innovative(I point out Cybertown) and when silly things such as this happen.
That was him all right.
If Linden Labs and this guy agreed to a price, which they did, and Linden Labs took the money from him, which they did, then how did he do it illegally? He didn't hack the servers, he didn't make them sell him the land. He found a hidden, but still public webpage and filled out a form.
ToSs and EULAs don't make companies bulletproof. For a contract to be a contract it must be reached by mutual consent. A take it or leave it stance, especially after they have your money, doesn't work. Also, you can't contract certain rights away from yourself. For example you can't contract yourself to a wage below minimum wage. The more lopsided the contract the less likely the contract will be held to be valid.
Since the sections requiring arbitration and venue have already been struck down by the court, this idea that a ToS or EULA is carved in stone and handed down from on high is demonstratively false.
@AWOL
Hacking? He changed a few, perhaps one, digit in the URL. That is not hacking. They were making the page public since it was reachable on their servers by typing in a web address. He did as much hacking as anyone who types in gamepolitics.com. Which is to say none.
If the land wasn't for sale then why did they take his money? Even more to the point, if the land wasn't for sale, why didn't they return the money they took for the land? It was for sale. They took the money and he took the land. If you take money from someone and give them the stuff they bought you have sold it to them even if you didn't mean it. No backsies and all that without, you know, returning his money.
No money was exchanged, at all, and the land was still being developed and was not yet up for sale. He didn't give them money for the land, and they recivied no money for said land.
From SL ToS
3.3 Linden Lab retains ownership of the account and related data, regardless of intellectual property rights you may have in content you create or otherwise own.
2.6 Linden Lab may suspend or terminate your account at any time, without refund or obligation to you.
2.7 Accounts affiliated with delinquent accounts are subject to remedial actions related to the delinquent account.
http://en.wikipedia.org/wiki/Unenforceable
http://en.wikipedia.org/wiki/Exploit_%28online_gaming%29
The terms of service listed above apply to this issue i think. No matter what the exploit is Linden deemed it one and under 2.6 they have every right to suspend his account (even though the ToS states they don't need a reson). unenforceable contract is still a vaild contract but one the court will not enforce. I hope Linden Deletes his account.....or better yet donate all the money he mad of the exploit to charity.
Also not sure if anyone has seen but he is asking for help with legal costs.
http://www.chescolawyers.com/
Think what you want but while it might of been a "public page" and unsecure it is indeed hacking. He took a look at the URL and saw they used the GET method for this stuff and started playing with the arguments. Thats hacking in the truest form playing with stuff and seeing what happens. It just so happens that it did something that Linden Labs didn't want. I will give you that Linden Labs made it easy to do but its still hacking. And if I do understand and remember the story correctly he paid no money for the land but he got to own it anyways and then was selling it for in game money. This in game money is what he is suing for not the money he "paid" Linden Labs for the land.
Might have been a "public page?" Sorry, but it was a public page because it was accessable by the public. He hacked that site just as I hacked gamepolitics.com when I typed it in. If GP had a non-linked paged called love letters where he published and stored they would be public because the public had access to them. There is no hacking here.
You don't remember correctly. And this will cover kurisu7885 comments as well.
http://lawy-ers.com/robreno_order.pdf
Page 6. And I quote from the findings of the court "The dispute ultimately at issue in this case arose on April 30, 2006, when Bragg acquired a parcel of virtual land named “Taessot” for $300."
Is he suing for more than he paid? Of course. Find me one lawsuit where this doesn't happen. He bought the land from Linden. It was a sale and now they are keeping the money and the land because they don't like the way they did the sale with him. That is the part that bothers me the most. That they took his money for the sale, said the sale violated the ToS and took away both the item he bought and the money he paid. If you are going to cancel the sale you have to return the money.
@Lothar
The problem with 2.6 is that court already has issue with such a one sided agreement. Go to the link above, the actual court document for this very case, and read page 33 and 34. The court used that very section to show that it is unconscionable. They have, in effect, already rendered that part unenforceable by allowing this to go forward. As to 3.3, the court found both that and the public statements by Linden Labs to be at odds on page 3-5. They were in essence advertising one thing and then offering another. I'm not sure why 2.7 is even envoked here.
Wikipedia has it wrong. If the court won't enforce it the contract isn't valid.
http://www.entrepreneur.com/management/legalissues/legalissuescolumnistj...
"Saying a contract is valid means it's legally binding and enforceable." If the courts won't enforce the contract, won't balance the scale as it were, then the contract is invalid. A valid contract that the courts won't enforce doesn't exist by definition.
http://legalnotes.wordpress.com/2007/03/02/unenforceable-contracts/
http://homepage.gallaudet.edu/Marshall.Wick/BUS447/unenforceable.html
http://en.wikipedia.org/wiki/Contracts
http://www.asu.edu/counsel/brief/contractbasics.html
Link above also lists legal presidents
Also from Merriam Webster for exploit
1 : to make productive use of : utilize
from earlier post "Hacking? He changed a few, perhaps one, digit in the URL. "
2 : to make use of meanly or unfairly for one's own advantage
buying the proptery from an otherwise hidden page is (since he used his knowledge unfairly to his advantage) is an exploit and hacking.
If LL calls any competent witnesses this will come out.
Also when you typed in gamepolitics.com you didn't change your request from the server after receiving your page and URL. He exploited the system LL uses to his own advantage. That is hacking.
From askoxford.com
Hack
3 use a computer to gain unauthorized access to data. 4 (hack it) informal manage
LL had not publicly listed the land for sale. They had not linked to the store to buy the land. If you did a search for the land it wouldn't turn up. It was online in the only respect that if you modified the URL to get directly to it you could. That is just like if I setup a web page and it asks for a password and if you enter it correctly it takes you to a private page. But if that password page is nothing but a java script redirect and you typed the direct IP that is still gaining access to a private page. You didn't break any passwords you didn't use a key logger you modified my url to get to something you weren't supposed to.
And even in the PDF you linked the court referenced wiki for a definition
And just because they allowed a hearing to proceed doesn't mean they aren't going to rule in favor of LL because of the agreement to the ToS
also in the article you linked it says Any lawyer will tell you that a lawsuit is a very inefficient and expensive way to resolve contract disputes, and it also means you lose control over the issue being disputed since a judge or jury will be making the decisions instead. Considering your source says ANY lawyer should know this maybe we should consider why he would want a trial and not mediation if he is supposed to know it isn't the most effective way to resolve the conflict? Possibly media attention I might guess.
If Linden Labs didn't want to make it public they shouldn't have made it public. It was publically available to anyone who typed in the right URL. The page existed and was created by Linden and was active because he was able to use that page to buy the land. LL may not have publically advertised the land for sale but they did list the land for sale and then sold it to him. The second part here is key. They took his money for the land.
Just because the court used the definition of Avatar from Wikipedia doesn't mean that everything in wikipedia is correct nor does it mean that everything defined in wikipedia is correct either.
Take note of the ASU link you provided. A valid contract has the elements listed in I. above and is legally enforceable. He goes on to qualify something as "generally" valid but without a mechanism to enforce breach it isn't a valid contract because it isn't legally enforceable. A contract that can't be enforced, that can't compell someone to act, isn't a valid contract because it lacks the enforcable part.
Take note of the Gallaudet link as well. "A contract for which there is no legal remedy." which means it is not a valid contract because it lacks the ability for the court to enforce it.
A void contract is still definitionally a contract but it's not a valid contract because to be valid the courts would have the duty to enforce it.
While you are correct that it doesn't mean that they will rule in favor of either party, what it does mean that pointing to the ToS as if were some holy writ isn't going to work as he has already dismissed that contention. They have to do something other than hold up the ToS as a valid contract because the judge has already said that it wasn't. The judge isn't going to even look at it anymore.
Just because they don't want you to see something doesn't mean that when they put it out into the public sphere any attempt to see it becomes hacking. All he did was type the correct URL into a browser. That's it.
As to why he picked a lawsuit over arbitration or mediation is fairly simple. He is a lawyer. The other reason is that he would have to go to SF for arbitration because he wouldn't have a court document to change the venue. He would have to play by their rules and those rules have already been ruled unconscionable. He had to sue them to get a fair hearing. Once you are in court you might as well go for it all.
Given that most claims in such games would be small change the correct venue would be a small claims court. Costs there are small. The costs of arbitration compared to litigation have arbitration overshadowing small claims courts by about a bunch. For the normal player such an arbitration agreement is the same as denying any review by any party.
While the article says that it doesn't mean what you want it to mean. He isn't saying go to arbitration or mediation as the same problems exist. You are turning your problems over to the ruling of a third party either way and the costs of arbitration aren't that much lower than litigation anymore. What he is saying is that you need to avoid lawsuits by writting better contracts. Too bad Linden Labs didn't think of that eariler.
Reuters and Intentia went round on this in 2002. Can't find the outcome anywhere, and it's a UK think so it's not even on point, but their defense is exactly the same. If the URL can be typed in and it takes you to that page the information is undoubtably public. Most of the legal and tech minds agreed from what I found.
1 : to make productive use of : utilize
argue with webster and lose he used his knowledge nowhere in the world is the sole definiton of hacking breaking security.
wiki
A hacker is a person who uses computers as objects of study rather than as instruments that facilitate work.
webster
to write computer programs for enjoyment b : to gain access to a computer illegally
ask oxford
3 use a computer to gain unauthorized access to data
now as to if he was authorized to view the contect LL says no....so that makes it unauthorized. now who knows how the setup their pages in the background before they go live. now not to long ago porno was shown on the disney channel....were those children authorized to see that content? was that contect authorized to be on that channel? well mistakes happen. one did and LL notfied him of this and took the property he aquired from the exploit....it was an exploit. exploits are bugs hacks and illegal. find an exploit to rip of a stores website and see how it fairs for you. even if it is something as simple as changing a server request. or just requesting info ( http://en.wikipedia.org/wiki/Denial-of-service_attack ) Oh and i never said he had to enter a password i was giving an example. Page=not live then it is private content. doesn't matter if you can get to it it isn't live.
I have reviewd over all the documentation so far and most interestingly found that in his offical Press Release he states that his account was cancled and not reason or refund was given when in fact the Offical minuts of the court state that LL emailed him stating that his account was suspended. Now primarily in MMO's if that happenes that mean they are reviewing your account and that nothing is set in stone yet. So that being said he seems to contradict him self alot.
also he did not send $300 per parcile of land it was 300 lindens which the exchange rate is 250 lindens - $1 USD (current). he paid 300 lindens per plot. spending around $1.20 USD.
All I would say that he is intitled to would be a refund on what he originally purchased the land for and not include the profit he made from them. Keeping in mind that normally land goes for around 1,000 lindens and not the 300 that he got it for.
Now from the way that it sounds the way that he did this was by exploiting ( see full definition http://en.wikipedia.org/wiki/Exploit_%28computer_security%29 ) which states that - an exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
It sounds like he used a mean called Code Injection ( http://en.wikipedia.org/wiki/Code_injection ) which the easiest way to explain would be you take a web address ( example - http://www.yourdomain.com/users.php?m=auth&redirect=L2FkbWluLnBocD9tPXVz... ). Now if I change anything past user.php? to achieve an effect, price, gain access to an otherwise non accessable part of that site that in turn is an Exploit and can be deemed illegal.
Furthur more he purchased the land with the intent to make a profit and only did so via the exploit. according to his website he is on the bar in california and another state and owns comerial realestates in california. the amount of money that he is asking for would be irrelevant if he is as connect and well off as his website makes him out to be. Plus he is also soliciting for financial relief for this case from anyone willing to donate. In my oppion it seems like he is wanting to get the publicity from this and make money while he does this.
So all I have to add is that even though I am not a fan of the SL game I will be interested in how this plays out after all anything can be achieved in the court system with the right lawyers. And a company that is worth million I would hope would have already had thier lawyers go over the ToS with a fine tooth comb. I believe that all he should get is his account placed back into the state it was prior to the purchase of the land and that is all.
#3 has the word "unauthorized" in it. Which means there are authorized and unauthorized users. The gatekeeper is security. If you are an unauthorized user then you have to bypass the security to get to the page. He did nothing to bypass that security. He used the credentials offered to him by LL and was given access to that information by LL. He didn't use unauthorized credentials, there was nothing mechanically wrong with the security as it worked as designed, nor did he do anything untoward to gain access to the page.
Once you publish the information to a live server the information is public. The page was live because they published it. They had hoped that people wouldn't find it, perhaps, but that isn't the same as unpublished or secured.
Exploits aren't bugs. Exploits are what happens to bugs and they aren't illegal. An analogy here would be finding a price the store place on an item well below market price unintentionally. You know what happens when they do that? The store loses if they take the money. Even if they don't lose they don't get to sell the item, reclaim the item and not refund the money spent.
If he changed the price, it was an auction but play along here, then it would be a hack. He placed a bid and they accepted it which actually is a contract. If anyone is exploiting something it's LL when they kept his money and tried to use the ToS to protect them when they violated his contract of sale.
http://www.theinquirer.net/default.aspx?article=2511
Best Buy advertised a 400 dollar video card for 130 bucks. People ordered them and before the order was filled, Best Buy cancelled them. Nobody was out any money. The difference here is that LL took his money and completed the sale.
LL could have refunded the money.
LL could have cancelled the auction before closing it.
LL could have avoiding publishing information they didn't want public.
LL could have written it off as a lesson learned.
All of these would have made the problem go away. They used the worse judgement I've seen not involving Eve Online.
http://thelastboss.com/post.phtml?pk=2284
http://en.wikipedia.org/wiki/Exploit_%28computer_security%29
If the Legal system finds wikipedia to be a valid source of information and they link to them then Wiki's defenition of Exploit in the sense of Computer Security should be sufficent. If in my previous post I refered to bugs or Hack it was in a general sense.
And just because you have something on a website does not mean that it is public. say for instance my wesite only lets certain people to do certain things and others not. If those that are not circumvent the security in place via an Exploit then that would be an Illegal transaction due to poor programing but still Illegal in any sense.
Also The auction ,if that is what it was purchased through i have not seen any documentation stating that it was in fact an auction and not just a purchase site, would have been automated and there would not have been a way to catch what was done after the fact. Like I said before I believe that all he should get is his account placed back into the state it was prior to the purchase of the land and that is all. And with the rising rate in lawsuits agaist Games and the Producing company and etc.. I commend them for not taking this lying down.
The fact that Bragg had to figure out a way to gain access to this information is very telling; Gaining access to unsecured information is the very heart of hacking, and that is exactly what was done in this case.
If I write up a long story, and put it on my website server, but don't provide any links to it, and don't tell anyone about it, that story is still not public. Its existence on my server alone does not make it public. If someone uses a technique to pull up a file list on my server, finds the story, and then does something with it, he is commiting a crime.
Now, there's no question that it was poor security for Linden Labs to have web scripts that could pull up information on any parcel of land in existence in the game, and even worse that there was a way to actually bid on this land. But that doesn't change the fact that it was unsecured data, not public data.
The difference between public and unsecured is easy to illustrate. If I put a sign on my porch that says, "Come in," and leave the door open, that's public. If I leave my door unlocked, that's unsecured. If you enter my house in the second case, you're still guilty of the crime of Breaking and Entering; if you take something from my house, it's still Burglary, even though the door was unlocked.
- - - - -
All that being said, Linden does need to revamp their procedures and protocols for dealing with cases like this. Because they allow and encourage real-money trade in Linden Bucks, they have to take a much higher road than, say, World of Warcraft. I think the fairest case in this situation would be for them to issue funds equal to the current value of Linden Dollars that remain in the account; the land that was obtained through hacking, and the Lindens spent to acquire them, should be forfeit. And, of course, he should be permanently banned from SL.
I completly agree...
I believe that LL sould file a counter suit agaisnt him
@Nekojin
The difference is minor, to say the least. Unsecured information left is a public venue, such as a second life server, is just as good as making it public. In any event, the use of that information is the fault of the person who makes what should have been secured information public. They made it public by action even if the intent wasn't there. That is the fault of LL and not of anyone who makes use of it.
The contention that nobody else knew about the parcel isn't exactly true as far as my undertanding goes. Each land block has a unique id number. He went to the landblock ingame, got the unique id number from the game which freely gives out the id number, and modified a url of a land auction to have the ID of the land he was interested in. This isn't exactly uber hacking skills. This isn't even average hacking skills. This isn't even hacking. It's typing in a URL. As far as trying to figure it out, again, not terribly complicated at all.
Is there a welcome sign on the front door of the SL server? I think we all agree that the answer to that is yes. So the house was, indeed, public. If you want to have places off limits to the public in a public establishment you have to lock a door. Closing it isn't enough because the front door doesn't have to be open for the place to be considered open. They then would be responsible to have more security which they didn't. It was open enough for business that they took his money. Sounds fairly open to me. Even if someone was in your place illegally, you don't have the right to mug them.
As far as a lawsuit for hacking, the law doesn't support it because they took his money. California laws require the taking of something, be it information, or damaging something to be considered hacking. He didn't damage anything and since he paid for the merchandise (not just left money but paid the price as you would in an auction) he didn't violate the law. Every element of the crime of hacking in California (section 502 of the penal code) requires it to be done without permission. Since they validated his credentials he had, and those credentials were valid and true, he didn't do so without their permission. If he had faked his credentials, bypassed security of some sort, or otherwise went around any level of security then he would have hacked the system. He put the ID of the item he wanted into the URL meant to contain items for sale. This is not hacking nor is it criminal.
Just because he didn't follow a link doesn't mean he hacked the Gibson.
Types of exploits
Exploits can be categorized by the type vulnerability they exploit or the method of exploitation. Some of the common types of exploits, or "attacks", are:
* Buffer overflow
* Heap overflow
* Integer overflow
* Return-to-libc attack
* Format string attack
* Race condition
* Code injection
* SQL injection
* Cross-site scripting
* Cross-site request forgery
There ya go please read documentation in full before attempting to respond to it. As you can plainly see Code Injection is listed in the Wiki. As you stated yourself in your previous post he had to find the lot ID even though it is shown in game he had to edit the web address to allow him to bring this up ergo Code Injection
http://en.wikipedia.org/wiki/Code_injection
I even went as far as posting an example see one of the above post for it.
Also you quote the California penal code section 502 stating that requires it to be done without permission. This is exactly what he did via code injection. Yes LL should have better security in place but on the same note say I go on line and purchase an item from, lets call the store Bob's electronics, and when I go there I "Type in" a modified web address (which is what he did) and I am now able to purchase an item that is not suppose to go public for a week and not only that I'm able to get it very cheap so I buy a bunch. Now normally the average person would think that if it its on there its legally for sale when they only have it up preparing it for its release and the only way to it is by bypassing the standard parameters and Code Injecting to it. This is pretty much what was done. Now the argument that they took his money is invalid due to the fact that these systems are automated. Did he try to contact LL, I does not seem that way. In fact it is only documented that LL contacted him and then later attempted to request arbitration and mediation but it would see that he would have no part in it.
Further more:
http://en.wikipedia.org/wiki/Code_injection
Uses of Code Injection
Intentional Use
Malevolent
Use of code injection is typically viewed as a malevolent action, and it often is. Code injection techniques are popular in system hacking or cracking to gain information, Privilege escalation or unauthorised access to a system.
Code injection can be used malevolently to:
* Arbitrarily modify values in a database through a type of code injection called SQL injection. The impact of this can range from defacement of a web site to serious compromisation of sensitive data.
* Install malware on a computer by exploiting code injection vulnerabilities in a web browser or its plugins when the user visits a malicious site.
* Install malware or execute malevolent code on a server, by PHP or ASP Injection.
* Privilege escalation to root permissions by exploiting Shell Injection vulnerabilities in a setuid root binary on UNIX.
* Privilege escalation to Local System permissions by exploiting Shell Injection vulnerabilities in a service on Windows.
* Stealing sessions/cookies from web browsers using HTML/Script Injection (Cross Site Scripting).
It states in the Wiki that Code Injection is considered Hacking/Cracking. And if your only experience is a fictional and completely inaccurate movie "Hackers" then please be more through with you research
* Heap overflow
* Integer overflow
* Return-to-libc attack
* Format string attack
* Race condition
* Code injection
* SQL injection
* Cross-site scripting
* Cross-site request forgery
Didn't do any of that. He entered a URL of the land he was interested by putting in the correct land ID in the URL.
For example, the address would be /auctons/propertyid He changed the ID from one he wasn't interested in into one that he was. None of those methods you listed come close to what he did. He entered a valid URL for a property that he was interested in. This hacking fantasy
Also you quote the California penal code section 502 stating that requires it to be done without permission.
You left of the word knowingly, you would have to prove that he knew that the webpages weren't meant to be accessed and did it anyways, and the actions that have to occur after knowingly accessing the pages in question. You also left out the portions that require some sort of taking, and since they agreed to a price there was no taking involved, or other acts of malice that didn't occur. Without any elements of the crime then it's safe to assume no crime happened.
Interesting point, you know what the Wikipedia doesn't consider to be a reliable source? Itself. Part of doing your research means doing research. Wikipedia is a starting point and not an ending point. Pointing to it as if it were the final word on the subject, especially when it doesn't say what you want it to say (ironic considering how easy it is to make it say that) doesn't make this fantasy of the lawyer being some uber hacker any closer to being the truth. He typed in a URL with the information that Second Life gave him. If they didn't want him to see it they shouldn't have made that information public. If the wikipedia is your only experience in this subject perhaps your advice to do more research was directed at the wrong party. That and if a cultural referance comment gets you that upset you might need to research some humor. I hear wikipedia has an excellent page on that.
now about discrediting Wiki reference
http://lawy-ers.com/robreno_order.pdf
which you previously referenced. In the Robreno Memorandum the court often reference Wikipedia.org for definitions so on that i'll again say that if it is good enough that the court system uses it then it can not be so easily discredited.
also see here for more examples
http://www.armorize.com/resources/vulnerability.php?rdChart=Chart1&Keywo...
and your example above just proves the fact that Code Injection in its simplest form is exactly as you have it "/auctions/propertyid" if you changed "propertyid" to something that is not publicly listed then that is Code Injection. Granted that LL should have had better security in place what he did is still considered wrong. And If you reread your post where you quote California Penal Code you also left out "Knowingly" hence why it was left out in my post since i was quoting your comments.
here are some other sources for you:
http://www.theserverpages.com/articles/webmasters/php/security/Code_Inje...
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci553536,00.html
http://www.wired.com/gaming/virtualworlds/news/2006/05/70909
states that "Bragg, however, says he has managed to find ways to withdraw some of the money in his online account."
that statement in itself implies that he is always looking for other/possible not legitimate way of acquiring things.
And as far as the comment on humor goes, I in no way make it apparent that I did not find you reference humorous in fact i chuckled at the fact that in your endeavor to make a point about a current even in real life that you reference a fictionally movie. Humor is judged in different ways by different people so please refrain from desperate assumptions and futile attempt poke holes in anyones legitimate comments. Besides In case you have failed to realize but you are the only one that feels this strongly about there being no fault on Braggs. I tend to lean toward the majority for the simple fact that all those people can not be wrong albeit some of those did not have the facts straight. Lastly this is all in fun anyway but I suggest we just let sleeping dogs lie for the sake of argument. If you feel the need to continue the debate please be my guest. Although I suggest we let the court system do its job see what they have in store for LL vs Braggs. After all your opinion is just that, an opinion, just as mine is the same. Lets allow the courts to decide the facts...
Worst still when that person took something from that store during his "night raid".
On the same logic that code injection is legal.
If someone look at his bank account number and figure out how the account number is generated and formatted. Then he made a withdrawal from the bank using an account number he figure out and made off with the money.
This person is still legal by all meant because he is only exploiting what knowledge he learn?
I think we have another JT#2 here.