http://www.gnucitizen.org/blog/ie-pwns-secondlife E (Internet Explorer) pwns SecondLife. Before going into details why and how it happens, I would like to bring your attention on SecondLife for a moment. For those of you who don't follow cutting edge technologies, SecondLife is a massive virtual world located on a couple of hundred workstations on-line. The cool thing about SecondLife is that you can do all kinds of things like expressing your artistic side, communicating and of course making business. There are a lot of money into SecondLife. Not that long time ago, there was this girl who made $1000000 (a million) out of the on-line world. This means that today crooks are after your virtual persona rather then your physical self. Therefore, security in virtual worlds is almost as important as security in the physical world. Now let's get back to the real issue. Attackers can steal the victim's login credentials, therefore hijacking their virtual persona, by simply tricking them into visiting a malicious Web page. It is automatic and the user doesn't have to do anything (no user interaction is required). I would rate this issue as Medium risk although if the victim have a lot of Linden dollars ($L) then the situation becomes quite critical. At the time of writing 1$ can be exchanged for 268.15$L. So, let's stop thinking only one dimension for a moment. Compromising the integrity of the browser or the operating system is cool but is it really worthed? Attackers are after your money not your pictures or school essays. Think about this for a second. cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org
