Your2ndPlace

While my laptop was crashing this evening, I got advised of a change in the Terms of Service of Second Life that was really a trojan horse for the Second Life Viewer Susceptible to Quicktime Security Flaw.

Cool. Quicktime. Flaw. But what does the flaw actually do? Simple. Your virtual pocket can be picked. If you're planning to watch streaming pr0n in Second Life next to those anonymous folks you trust to be the same gender as their avatar, maybe you shouldn't have that money in your account.

Reasonably, the Linden Lab word is: Don't use your video around people you don't trust. This is the virtual equivalent of telling you to make sure that condoms are involved - so do that. How does a Quicktime bug allow the transfer of Linden dollars? The short answer is that the Quicktime video sends your Second Life client to a website (where the video is hosted) that can allow someone to take over your avatar. Virtual body snatching. Woohoo. The voodoo you do.

You can read more about the technical side here.

Tateru has a nice write up on how to deal with the issue here.

Of course, this could open up all sorts of interesting issues like wire fraud, which can't happen because the Linden dollar is just fictional currency (wink wink nudge nudge) and who is liable. Might be an easy way to get a new Mac.

Seriously, though - I don't think anyone has actually been hit by this yet. It was caught early, apparently. Don't get too worked up about it. Just mind your video manners.

Be careful out there. I don't want to have to write about you.

Technorati Tags: Linden Lab Metaverse Op/Ed Second Life Client SecondLife Technical Apple Quicktime exploit vulnerability security