Hacking Second Life

Here's a video with Michael Thumann, the CSO of ERNW GmbH (a German based security company) discussing various vulnerabilities of Second Life - enlistening stuff. It's in English.

http://www.net-security.org/article.php?id=1125

OMG Nikto for SL .. SLikto , a web vulnerability scanner,
Also possibilities of SQL injection & Cross site scripting.
Fairly easy to steal someones money..... (Identity Theft.)
Attacks on websites using SL Client...

The bit that made me chuckle though is the bit saying its almost impossible to cheat in SL ..(haha LL Priorities.)
Depending what side of the line you live on that Vid, is either frightening or will make you smile...Either way its an eye opener ...

Thanks for the post MarkByron

It seems that guy focused on sending spam and attacking web servers instead of the Second Life protocol. Saying it's nearly impossible to "cheat" makes it sound like the protocol isn't full of holes. o.o In reality, if you play with the protocol, you'll find something interesting at every corner.

A couple of things that were discovered and fixed only this past month:

* You could grant run time permissions to a script without it asking, overwriting the previous permissions mask (meaning you could disable vendors or camping chairs, or take control of someone's car or flight attachment)
* Simulators randomly sent private information to clients instead of to other simulators, such as script bytecode and session ID's that you could use to take control of accounts

Those are the *fixed* things o.o

Indeed, security specialists should be interested in taking a harder look at Second Life