This comment in the accompanying Slashdot post explains that it's possible for a rogue user to exploit vulnerabilities in Second Life and introduce code that peforms a sort of denial of service attack on the game. The attack occurs when game participants decide to interact with the gold rings shown in the thumbnail from this site. It's similar to human penetration testers leaving USB tokens or CD-ROMs at a physical world place of business and waiting for unsuspecting employees to see what's on them.
This story illustrates two points. First, it demonstrates that client-side attacks remain a human problem and less of a technical problem. Second, I expect at some point these virtual worlds will need security consultants, just like the physical world. I wonder if someone could write a countermeasure at the individual player level for these sorts of attacks?
Update: Here's a YouTube video.
0 komentar:
Posting Komentar