This was already blogged about at Second Life Insider and Your2ndPlace, but is important enough even for a "me too" post: There is an exploit reported by GNUCitizen that describes - in detail - how a properly formatted web page can be used to trick Internet Explorer into sending your Second Life login credentials to a third part website for capture and analysis.
At first glance it appears that this has to do with Second Life client’s autologin command line option and its integration with the system (which allows SLUrls to be useful, for instance), and takes advantage of the fact that many people will allow the Second Life client to remember their password, which is then used in the autologin process.
I’ve always thought that was a bad idea, and here’s a pretty concrete demonstration of why….
Popularity: 18% [?]
1 Response to “Internet Explorer exploit can be used to hack Second Life accounts”