Apple QuickTime Flaw in Second Life enables Hackers to steal Linden Dollars
If you thought that robbing others, mugging them and other such brutal acts were restricted only to the real world then think again. As if we don’t have enough worries in the real world, now we have to worry about such things taking place in virtual worlds too! Apparently, security researchers have found a flaw in the Second Life virtual world which allows them to rob a user’s character of all of its in-world money.
The San Jose Mercury News has reported that two experienced hackers, Charles Miller and Dino Dai Zovi, have found a vulnerability in the way Second Life protects a user’s money inside the virtual world from being stolen.
This issue has great significance because that currency, which is known as Linden dollars, can be converted into real world dollars. However, the risks for the San Francisco-based Linden Labs are limited because the researchers say that the flaw can be quickly patched.
“Once the malicious file has been viewed by the victim, the attacker has complete control over the victim’s computer- and Second Life avatar,” said the researchers.
The QuickTime demo exploit makes the affected avatar send 12 Linden Dollars and shout “I got hacked”. The attacker is then able to convert the Linden Dollars into real-world currency.
Linden Labs has advised its users to disable the streaming video playback option in the Second Life viewer, except when moving around in a trusted venue. This rule should be followed by Second Life users until Apple releases a fix.
“We are able to track attacks , and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker,” said Linden officials.
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
