iTWire - QuickTime RTSP flaw enables Second Life muggings

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

QuickTime RTSP flaw enables Second Life muggings

QuickTime RTSP flaw enables Second Life muggings

E-mail

by Stephen Withers
Monday, 03 December 2007
A pair of security researchers has demonstrated a way of exploiting the QuickTime RTSP vulnerability to steal currency from Second Life avatars. Featured Whitepaper 5 Best Practices for Smartphone Support The exploit is associated with an object that's left for other inhabitants to stumble upon. Any avatar moving onto the same piece of land as the object triggers the playback of a malicious QuickTime file that takes advantage of the vulnerability. "Once the malicious file has been viewed by the victim, the attacker has complete control over the victim's computer - and Second Life avatar," say researchers Charlie Miller and Dino Dai Zovi. The demo exploit makes the affected avatar send 12 Linden Dollars and shout "I got hacked." The attacker can then convert the Linden Dollars into real-world currency. Until Apple releases a fix, Linden Lab recommends its users disable the streaming video playback option in the Second Life viewer "except when you are attending a known and trusted venue." The company could have disabled this feature globally, but chose not to as many users enjoy "in-world content and experiences which rely on streaming video". "We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker," said Linden officials. Perhaps the existence of an exploit involving a big-name online environment and the risk of real-life monetary losses will spur Apple into releasing an updated version of QuickTime more expeditiously than would otherwise have been the case. Tags See All Tags Apple Malware Security Software Stephen Withers Video Web Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking