Turns out, there’s a flaw in the virtual world Second Life that allows hackers to strip your character of all of its money.
It can happen when your avatar decides to show off a video using Apple’s Quick Time software (the video used by default in Second Life). If a hacker avatar is within a hundred virtual feet, he can hijack the Second Life software as it connects to Apple’s QuickTime. He can then redirect it to a malicious site that then take over your avatar, and strip you of everything (he can take your Linden dollars, and then exchange into into real dollars). Two researchers Dino Dai Zovi and Charles Miller (pictured here) discovered the flaw. Dean Takahashi of the Mercury News has the story.
There’s not much that Second Life can do about this, unfortunately, except for track URLs and eject the hacker. Meantime, you’ve lost your money, and you have to get reimbursed from Second Life (which has pledged to do so). Apple says it is working to fix the flaw in QuickTime.
SecondLife continues to show that its really just an exact duplicate of real life. You can get mugged here in real life, and you can get mugged over there too. Just as police scramble to keep in real life, Second Life, security researchers and others are scrambling to keep up with virtual hackers.