December 5th, 2007 
admin All I have to say is that I’m not surprised. Online hackers utilize slight of hand. They are modern day technical magicians. At least in my book. They bend programmatic code to change the rules. Of course, I like the ones that do it for the common good, and push innovation. It’s been like a week since an Extremely critical QuickTime exploit surfaced. The exploit, entitled “7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit,” allows hackers to do some pretty malicious stuff. Now, reports are coming out that some hackers have found a way to utilize this flaw to pickpocket in Second Life.
The details seem sketchy, but the San Jose Mercury News says this:
“Charles Miller and Dino Dai Zovi, two experienced hackers, say they have found a vulnerability in the way Second Life protects a user’s money inside the virtual world from being stolen. Their discovery has significance because the currency used in Second Life, dubbed Linden dollars, can be converted into real-world dollars. But the risks for Linden Lab, the San Francisco operator of Second Life, are limited because the researchers say the flaw can be quickly patched.“
Second Life has posted about the Second Life Viewer Exploit on its blog. Good to see transparency there! In any case, it seems that a hacker can post a video in Second Life that will pickpocket folks’ money within 100 virtual feet. Doh! The issue is not with Second Life, but rather with the Apple QuickTime vulnerability. Second Life relies heavily on QuickTime for video rendering within the viewer. Their recommendation is that you disable the QuickTime viewer except in venues you can trust. The real issue here is that Second Life’s Linden dollars can be converted to real money. Pretty crazy stuff!
Posted in 
