Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crime Wave Thwarted in Second Life

Posted by Zonk on from the watch-what-you-walk-near dept.

Ponca City, We Love You writes "The Mercury News reports that a vulnerability in the way Second Life protects a user's money has been identified. Risks for users are reportedly limited because the researchers say the flaw can be quickly patched. The flaw exploits a known problem with Apple's QuickTime - when a virtual character passes by an infected object planted by hackers, the Second Life software activates QuickTime so it can play the video or picture. Hackers can direct the Second Life software to a malicious Web site that then allows them to 'take over the user's avatar and force it to hand over its Linden cash. Second Life is recommending that users disable streaming video playback in the Second Life viewer except when you are attending a known and trusted venue.' The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

7 of 183 comments (clear)

  1. an alternate, and more entertaining solution by User+956 · · Score: 5, Funny

    Risks for users are reportedly limited because the researchers say the flaw can be quickly patched.

    Yes, well, the other solution to this flaw is to simply spend all your money on entrance to the tentacle hentai simulator.

    --
    The theory of relativity doesn't work right in Arkansas.
  2. Not-so-virtual by Calydor · · Score: 5, Insightful

    The hack raises tough questions for operators of virtual worlds. Should they be as secure as banks and guarantee the safety of money and property that characters in the world possess?"

    Considering that you buy Lindens with real currency, then yes. Yes, they should be just as secure, since it's real money you're dealing with.

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:Not-so-virtual by SJ2000 · · Score: 5, Informative

      Yes, you can using Linden Labs own exchange to turn US$ to L$ vice versa. Look on their website

  3. Old recommendation, Quicktime prob killed soon by AySz88 · · Score: 5, Informative
    If you take a look at the Second Life blog, you'll see that the referenced recommendation was from a couple of days ago (November 30). A paragraph in the blog seems to say that if LL starts noticing exploits, they'll kill all QuickTime on the grid and maybe roll back exploit-induced transactions - expect this to happen soon.

    We do have the ability to turn off all videos on the grid, but have instead chosen to respect the existing in-world content and experiences which rely on streaming video, as we know that many of you enjoy these. We do recommend that you employ caution when using QuickTime in Second Life, only enabling it in environments that you trust, and are familiar with.

    We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker. This will include account termination and legal action if appropriate, as well as the appropriate assistance for affected Residents.
  4. SL's economy is a giant sinkhole anyway by Carbon016 · · Score: 5, Insightful

    As someone who has been quite directly involved in Second Life (or at least griefing it), I know SL pretty thoroughly, and I especially know there are two attractions to Second Life: sex and money. They're readily interchangeable, and they're the only reasons anyone uses it, despite claims to the contrary by media-whorish Linden Labs. You're either renting land, throwing cash into a bizarro stock market, or going to a furry cybersex sim. News about security problems is common because there's so much money going through the system and a lot of people looking to exploit it, as well as a wealth of disorganized, terrible code.

    A bank called "Ginko" that recently went insolvent sent shockwaves through the economy lately. Yes - there are Second Life banks, (multiple) Second Life stock exchanges, and all sorts of economic institutions: however, the operators of these venues often don't know the difference between an interest rate and their shoe so most people that end up dumping their funds into them lose all their money. Some people have thousands if not tens of thousands of dollars tied up in the game. As the Linden (the currency of Second Life) is not based on anything, Linden Labs simply dumps currency into the market whenever they feel like it. So economic problems are pretty common. Guaranteeing anything is a difficult proposition for the companies running the games: most have simply said "the *unit of currency here* is not money, nothing is guaranteed" to avoid lawsuits when someone messes up and loses a grand because a sim went down. So it's a dangerous game and the only real winners in "investing" in Second Life are LL.

  5. Re:short answer - No by SJ2000 · · Score: 5, Insightful

    "Real worlds and virtual worlds don't mix" Alert the eCommerce sites, eBay better shutdown now.
    Can't have the virtual world mixing with reality can we?

  6. Re:short answer - No by iminplaya · · Score: 5, Insightful

    What kind of real items are you buying in Second Life? Furniture for your house? Food for your stomach? Yeah. That virtual steak sure was tasty. Clothes for the kids? He's not barefoot. He's got his shoes right there on his USB stick. Can't you see them? The frostbitten toes are just his imagination. IT"S A GAME! If somebody cheats, kick them off, undo, and move on. Jeeze, do you call the cops if someone doesn't pay the rent when he lands on your "Park Place"? Oh, I can see the Nigerian scam now. There's 3000 dollars in un-collected "GO" money. If you send me just $49 and your credit card number and bank account number, I'll send it right to you in six to eight weeks. Will my get out of jail cards work when the cops mash my door down and bust me with my bag of weed? You are crazy.

    --
    What?