Virtual Worlds - Real Exploits presented at ShmooCon 2008

by Charlie Miller (Independent Security Evaluators), Dino Dai Zovi (Trail of bits),

Tags: Security Wireless

Summary : Virtual worlds serve as a new way to deliver exploits to the masses. Besides traditional attacks, they also allow attackers to control the "avatars" of players, including being able to steal the player's virtual money and possessions. When there is a link between the virtual money and real money, this can be an easy way for an attacker to profit. This talk will address these issues and illustrate the technical details of a Second Life exploit.
Bio - Charlie Miller
Charlie Miller is Principal Analyst at Independent Security Evaluators. Previously, he spent five years at the National Security Agency. He is probably best known as the first to publicly create a remote exploit against the iPhone. He has a Ph.D. from the University of Notre Dame and has spoken at the Workshop on the Economics of Information Security, Black Hat, DEFCON, and ToorCon.
Bio - Dino Dai Zovi
Dino Dai Zovi is an information security professional, author, and independent researcher. His previous projects have included co-authoring the book "The Art of Software Security Testing", creating the Vitriol hardware virtualized rootkit for MacOS X on Intel processors, and the KARMA framework for wireless client-side penetration testing. He is perhaps best known in the security and mac communities for winning the Pwn-to-Own contest at CanSecWest 2007.