How to hack Second Life through QuickTime
Security specialist Charlie Miller (Charlie Miller) told how he managed to hack the Second Life game in 2007 and create a virtual object that robs passers-by. This object could be placed anywhere - in a forest, in a bar, in the middle of a busy street, or hung in the air.
The vulnerability is related to the fact that Second Life uses QuickTime Player to display multimedia. There are known holes for him, and somestill not closed. One of these holes was used by Charlie Miller, who made a small pink cube with animation on all sides. If the avatar looks at the cube (the photo shows how one of the victims does this), then it will be automatically hacked. You can steal a person’s virtual property and even get access to an account in a real bank, which is tied to a Second Life account.
Charlie Miller wrote this hack back in 2007. He says that this is the most interesting exploit he has created in his life: after all, people really could contact him, look at him, and even touch him.
The video shows how a malicious object causes a passing citizen to pay 12 linden dollars and scream the words “I've been hacked”.
PS I wonder if there are similar "exploits" in our offline world that, when you look at them, automatically increase the pressure or level of hormones in the blood? Scientists say such exploits exist . What can you do, nature is also imperfect and leaves some open vulnerabilities.
PPS After publishing this story yesterday at Slashdot, Apple closed the mentioned vulnerability in QuickTime.
The vulnerability is related to the fact that Second Life uses QuickTime Player to display multimedia. There are known holes for him, and somestill not closed. One of these holes was used by Charlie Miller, who made a small pink cube with animation on all sides. If the avatar looks at the cube (the photo shows how one of the victims does this), then it will be automatically hacked. You can steal a person’s virtual property and even get access to an account in a real bank, which is tied to a Second Life account.
Charlie Miller wrote this hack back in 2007. He says that this is the most interesting exploit he has created in his life: after all, people really could contact him, look at him, and even touch him.
The video shows how a malicious object causes a passing citizen to pay 12 linden dollars and scream the words “I've been hacked”.
PS I wonder if there are similar "exploits" in our offline world that, when you look at them, automatically increase the pressure or level of hormones in the blood? Scientists say such exploits exist . What can you do, nature is also imperfect and leaves some open vulnerabilities.
PPS After publishing this story yesterday at Slashdot, Apple closed the mentioned vulnerability in QuickTime.