Security experts have warned Second Life developers after finding a way to hack into the SL users’ accounts and take away all of their possessions. The trick lies in the players’ ability to embed QuickTime videos on their characters or their property. The flaw is found inside the Real Time Streaming Protocol (RTSP) on which QuickTime’s servers and clients are built.
When someone comes nearby and is within view of the object that features an embedded video, Second Life software activates QuickTime so it can play the video or picture. In doing so, QuickTime directs the software to a Web site. By exploiting the flaw in QuickTime, the hackers can direct that software to a malicious Web site that then allows them to take over the Second Life avatar. Which can result in the transferring of all the avatar’s property to the hacker.
Linden Software, who are the developers of the game, have been contacted and warned about this security flaw. They have ensured the users that this glitch will be fixed shortly. Meanwhile, if you are playing Second Life, we recommend that you constantly exchange your virtual money for real cash.
