[sldev] Latest SL / Quicktime issue in the news...

[Hamncheese]

Just curious here because I'm a security newbie :): How'd you get from "may 
allow an attacker to crash or exploit the Second Life viewer" (from the 
blog) to "allowing lindens to be transferred without prior permission"? Am I 
missing some non public knowledge? Also have you seen this?: 
http://www.symantec.com/enterprise/security_response/weblog/2007/12/exploit_for_apple_quicktime_vu.html

Symantec obviously thinks its Apple's problem as well.


----- Original Message ----- 
From: "Mitch McKenzie" <mitch at mckenzie.ws>
To: <sldev at lists.secondlife.com>
Sent: Monday, December 03, 2007 9:35 AM
Subject: [sldev] Latest SL / Quicktime issue in the news...


>
>
> Perhaps someone on this list would take a stab at explaining how this
> issue is an Apple issue and not a Second Life issue? Why would we expect
> Apple to understand the cash transfer system of SL in order to defeat
> this bug? As I understand it, this is an RTSP issue. Yet, before anyone
> can access my Linden account, they have to go through the LL servers do
> they not? So claiming this is solely a client side issue seems really
> odd to me as also the claim that "we are waiting on Apple to fix it", is
> really a goofy idea as well. As near as I can tell, the hacker is really
> just sending malicious code instead of an actual stream, this coode is
> somehow accessing the client and allowing lindens to be transferred
> without prior permission. What am I missing here?
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html