Keep on Balping Balp Skiver Om allt och alla…

Second Life and Qucktime security.

Thanks to Vint I have now read an uninformed rant over at the register. “Second Life from a security perspective is horribly broken," Greg Hogland sais to The register, and continues "When you look at Second Life, you know in your bones they simply did not think about security when they developed this application. It's broken from the inside." Yes in many ways he is correct, but the quicktime hole is not the a good example of this. A quicktime, or os problem is nothing Second life can protect it self from. The new fixes from Linden is quite useless if you like to hack a Second life users account using quick time. Make the attack vector a little different, but doesn't and cant protect the user. Sort of eliminating the end users computer is all transactions, which isn't practical. Linden labs can't do anything. With eliminating the computer a good second hard ware like a good online banking have. Where you enter what you like to have done and get a security token from that. Yes you need to enter least the value and to how to pay for the protection to be good, so for each linden or item you transfer you enter it's value/uuid/name into a box togeather with the name of the person to get is and get a security token so the transfer can proceed. All this have to happened on some other secured hardware than the computer. It's will make the system unusable, so you have to risk some lindens.

I personally think Linden have done more that needed to secure it's customers computers. Yes it's trivial to install a root kit on a machine that takes internet data and have a local exploit. The next problem can be in the operating system, in the gfx driver for once. Anything that during a second life sessions receives and processes data from the net is a potential problem for us users. Also many of us uses services as slx or onrez, this includes the normal web-browser, if you have offline IM's the email program is also a possible program. However to put the blame on linden labs for problems with these as quick time. Is putting the blame where it doesn't belong.

If someone can get your computer compromised anyway the current design, for any online game (and many internet shops, banks, etc) can't protect you. Make sure that all programs you use on your computer is updated, when a know hole is spotted (at least). This is much work and needs much attention especially in windows and mac os as none of these have a central code collections to install and update against.

Popularity: 3% [?]