QuickTime hack allows Second Life currency theft

Security researchers Dino Dai Zovi and Charlie Miller have found a way to exploit an unpatched QuickTime vulnerability to steal Linden Dollars from users in the Second Life virtual world.

Dai Zovi (the hacker behind the CanSecWest MacBook Pro hijack) and Miller (creator of the first iPhone code execution exploit) cooked up the QuickTime/Second Life attack during an investigation of the security of online games.

It works against QuickTime 7.3 (the latest) and Second Life 1.18.4(3)."All the victim has to do is have video enabled and enter a piece of land owned by the attacker," Miller said, noting that any Second Life player wandering near the attacker will have their pockets picked and then yell "I got hacked!"

View: Full Article @ ZDNet Zero Day

Report a problem with article
Previous Story

MPAA's University wiretapping product taken down

Next Story

Office 2007 Service Pack 1 Release to Web Tuesday 11th Dec

5 Comments - Add comment