Technology news and Jobs 
Information Technology News QuickTime RTSP flaw enables Second Life muggings
Information Technology News QuickTime RTSP flaw enables Second Life muggings | QuickTime RTSP flaw enables Second Life muggings |
|
| by Stephen Withers | |
| Monday, 03 December 2007 | |
      
The exploit is associated with an object that's left for other inhabitants to stumble upon. Any avatar moving onto the same piece of land as the object triggers the playback of a malicious QuickTime file that takes advantage of the vulnerability. "Once the malicious file has been viewed by the victim, the attacker has complete control over the victim's computer - and Second Life avatar," say researchers Charlie Miller and Dino Dai Zovi. The demo exploit makes the affected avatar send 12 Linden Dollars and shout "I got hacked." The attacker can then convert the Linden Dollars into real-world currency. Until Apple releases a fix, Linden Lab recommends its users disable the streaming video playback option in the Second Life viewer "except when you are attending a known and trusted venue." The company could have disabled this feature globally, but chose not to as many users enjoy "in-world content and experiences which rely on streaming video". "We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker," said Linden officials. Perhaps the existence of an exploit involving a big-name online environment and the risk of real-life monetary losses will spur Apple into releasing an updated version of QuickTime more expeditiously than would otherwise have been the case. |
Tags
| < Next story in category | Previous story in the category > |
|---|
