Dino is the guy who added much shellcode coolness to MetaSploit, gave
the world Karma, released the first virtualization rootkit for Intel
(Vitriol), and gave much credibility to the Matasano crowd while he was
there..
Although he left the consultancy gig, he popped up briefly again during
the year to claim his macbook in the Cansec Hack the Mac challenge and
popped up again to break second-life..
http://www.securityevaluators.com/sl/
– -snip-
What the exploit does
Once the malicious file has been viewed by the victim, the attacker has
complete control over the victim’s computer – and Second Life avatar. At
this point the exploit could make the avatar do anything they like. This
particular exploit freezes the avatar and makes them send the attacker’s
avatar twelve Linden dollars and shout “I got hacked”.
– -snip-
Full points for style.. and full points for security geek coolness..
– -sigh- im such a fan-boy sometimes..
(you can watch a video of the attack here)
https://youtube.com/watch?v=RaCo4USXd5Y%26rel%3D1
/mh