Tuesday, September 18, 2007

Security issue - Don't let the SL client remind your password

I know this post is slightly off-topic, but given the induced risks, I want to share this infomration with you. The Second Life Insider reported a security issue with Second Life. If you let the client remind your password, to avoid having to type it each time you go in-world, there is a way for hackers using a malicious web-page and InternetExplorer to gain access to your SL account.

All the details (and the way to do it as well) are explained on http://www.gnucitizen.org/blog/ie-pwns-secondlife. I did not test it myself. Anyway, I never let any software remind passwords for me...

I won't turn this blog in a hacker / safety oriented way, nor as a hoax spreading tool, but this vulnerability seems serious enough to deserve being comunicated widely.

1 comment:

Judy Palen said...

I have been away from SL due to a computer failure, but looking at the reference shows that ONLY Internet Explorer is vulnerable - Firefox (et al) users are fine!

BTW good news about the failure, my NEW games machine is Athlon 64bit dual 6000+, 4Gb RAM, 1Tb SATA HDD! WOW what a screamer!