Hackers Learn to Steal Money in Second Life

    The blog of Dean Takahashi (Dean Takahashi) San Jose Mercury News there was information that it was discovered the possibility of stealing gamers internal currency Second Life. Moreover, this currency (Linden dollars) is not so virtual as the game itself - game money can be exchanged for real US dollars.

    Takahashi says two hackers, Charles Miller and Dino Dai Zovi, showed an exploit that cleans up Second Life’s pockets.

    And now the most interesting part: the exploit does not exploit the gap in Second Life itself, but in Apple’s QuickTime, which is used to play video in the game. Here is what Takahashi writes on his blog:
    The exploit works because Second Life allows users to add images or videos for avatars or their property. When someone walks near an object, the Second Life client launches QuickTime to play the video or display pictures. In doing so, QuickTime directs the Second Life client software to the website. Using the QuickTime vulnerability, hackers can direct the Second Life client to their malicious site in order to get the player’s avatar.

    As a result, the hacker will be able to steal all the avatar's savings.
    Since the exploit exploits the QuickTime vulnerability, it will work until Apple fixes its bug. Right now, the only thing Linden Lab , the creator and owner of Second Life, offers is not to hold big savings.

    via CNET

    Also popular now: