Technology news and Jobs arrow Information Technology News arrow QuickTime RTSP flaw enables Second Life muggings
QuickTime RTSP flaw enables Second Life muggings E-mail
by Stephen Withers   
Monday, 03 December 2007
A pair of security researchers has demonstrated a way of exploiting the QuickTime RTSP vulnerability to steal currency from Second Life avatars.
Register now to win a Canon EOS 500D Cannon EOS 500D Digiral SLR

The exploit is associated with an object that's left for other inhabitants to stumble upon. Any avatar moving onto the same piece of land as the object triggers the playback of a malicious QuickTime file that takes advantage of the vulnerability.

"Once the malicious file has been viewed by the victim, the attacker has complete control over the victim's computer - and Second Life avatar," say researchers Charlie Miller and Dino Dai Zovi.

The demo exploit makes the affected avatar send 12 Linden Dollars and shout "I got hacked." The attacker can then convert the Linden Dollars into real-world currency.

Until Apple releases a fix, Linden Lab recommends its users disable the streaming video playback option in the Second Life viewer "except when you are attending a known and trusted venue."

The company could have disabled this feature globally, but chose not to as many users enjoy "in-world content and experiences which rely on streaming video".

"We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker," said Linden officials.

Perhaps the existence of an exploit involving a big-name online environment and the risk of real-life monetary losses will spur Apple into releasing an updated version of QuickTime more expeditiously than would otherwise have been the case.

Please enable JavaScript in your browser to post your comment!

Tags See All Tags Add New Tag...

Please Enter New Tags Separated By Comma's
  Or Close

Apple  Malware  Security  Software  Stephen Withers  Video  Web 
Powered By Joomla Tags

 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
665,005
Subscribers 14,517
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter