Owning Virtual Worlds For Fun and Profit

Trailrunner7 writes "Threatpost has a guest column by security researcher Charlie Miller on the ways in which attackers can easily take advantage of vulnerabilities in virtual worlds and perhaps online games to get control of other players' characters and avatars and even cash out their real-world bank accounts. From the article: 'It turns out that Second Life uses QuickTime Player to process its multimedia. When I started looking into virtual world exploits, with the help of Dino Dai Zovi, there was a stack buffer overflow in QuickTime Player that had been discovered by Krystian Kloskowski but had not yet been patched. In Second Life it is possible to embed images and video onto objects. We embedded a vulnerable file onto a small pink cube and placed it onto a [tract] of land we owned. No matter where the cube was, if a victim walked onto the land and had multimedia enabled (recommended but not required), they would be exploited. The cube could be inside a building, hovering in the air, or even under the ground, and the result was the same.'"

Re:So...

[Securityemo]

Shhh! Don't tell anyone!

Once again Linux not vulnerable

[seeker_1us]

No quicktime for Linux :p

Re:Once again Linux not vulnerable

The safest airplane is the one that never leaves the ground.

small pink cubes are always problematic

[pedantic+bore]

I thought we already knew that.

Re:So...

[Sockatume]

I love technology. You made people's computers burst into noise thousands of miles away, and were repremanded by a sorceror. What a great time to be alive.