lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6905b1570709160352y3c7f893cq983c8e7078c4cbc7@mail.gmail.com>
Date: Sun, 16 Sep 2007 11:52:22 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: IE (Internet Explorer) pwns SecondLife

http://www.gnucitizen.org/blog/ie-pwns-secondlife

E (Internet Explorer) pwns SecondLife. Before going into details why
and how it happens, I would like to bring your attention on SecondLife
for a moment. For those of you who don't follow cutting edge
technologies, SecondLife is a massive virtual world located on a
couple of hundred workstations on-line. The cool thing about
SecondLife is that you can do all kinds of things like expressing your
artistic side, communicating and of course making business. There are
a lot of money into SecondLife. Not that long time ago, there was this
girl who made $1000000 (a million) out of the on-line world. This
means that today crooks are after your virtual persona rather then
your physical self. Therefore, security in virtual worlds is almost as
important as security in the physical world.

Now let's get back to the real issue. Attackers can steal the victim's
login credentials, therefore hijacking their virtual persona, by
simply tricking them into visiting a malicious Web page.

It is automatic and the user doesn't have to do anything (no user
interaction is required). I would rate this issue as Medium risk
although if the victim have a lot of Linden dollars ($L) then the
situation becomes quite critical. At the time of writing 1$ can be
exchanged for 268.15$L.

So, let's stop thinking only one dimension for a moment. Compromising
the integrity of the browser or the operating system is cool but is it
really worthed? Attackers are after your money not your pictures or
school essays. Think about this for a second.

cheers

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ