Secondlife: A+ for proactive security

Secondlife: A+ for proactive security

Summary: Backgound: Secondlife is a way cool immersive virtual world with millions of subscribers created by Linden Lab. It is a bit beyond the flat 2-D worlds of Myspace and Facebook.

SHARE:

Backgound: Secondlife is a way cool immersive virtual world with millions of subscribers created by Linden Lab. It is a bit beyond the flat 2-D worlds of Myspace and Facebook. It allows users to interact with 3-D avatars. You can purchase property, build on it and offer up videos.

The folks at Secondlife have posted a warning to their blog that there is a bug in the way Quicktime runs streaming video within the Secondlife "viewer" (client software). The bug could crash the viewer. What I find interesting is that Secondlife can monitor all of the content on their "grid" or virtual world and alert their users if an exploit has been developed. For now they suggest not running Quicktime accept when visiting known areas within Secondlife. Kudos to Linden Lab for pro-actively alerting users to this threat.

Even though I predict that there will be many attempts to exploit social networking sites in 2008 I believe the sites have a different opportunity than traditional software companies. Because they control the real-time use of their software they can update it and protect it in real time. An interesting difference is that their responsibility for disclosure is not the same. Say a site like Digg is compromised by a security researcher that notifies them that, for instance, he can escalate his position by earning as much karma as he wants. Karma is good at these sites. A high Karma poster can get links to the front page of Digg immediately, which can mean over 100,000 hits for the lucky site. Digg can thank the researcher, fix the bug and move on. I believe they would not be obligated to report the bug unless it had been actively exploited.

While software as a service (SaaS) sites will be rife with bugs and social networking sites are happy hunting grounds for info thieves there is hope that these sites will be faster to respond and repair when attacks develop. Secondlife's response to this Quicktime bug is a great example of security responsiveness.

Topics: Security, Browser, CXO, Collaboration, Hardware, Mobility, Software, IT Employment, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Don't Rely on Spell Checkers

    [i]For now they suggest not running Quicktime [u]accept[/u] when visiting known
    areas within Secondlife.[/i]

    Perhaps you need to use a grammar check as well, or better yet, proofread what you
    write before you post it.
    StarrGazr
  • You beat me to it.

    :)
    angrykeyboarder