Dean Takahashi of the San Jose Mercury News revealed that people can take advantage of a known QuickTime problem and become virtual pickpockets in Linden Lab's Second Life. Steve over at PlayNoEvil points out that "anything can that actually affect the integrity of the game or business application should be completely independent of these services to ensure that a breach in 'the other guy's stuff' doesn't affect the security of your business - especially casual applications and services that do not see themselves as having security functionality." Linden Lab confirmed the vulnerability, but the researchers who exploited the flaw were quick to note the issue can be resolved with a simple patch.
The hackers say the scene shows they can take complete control of any player's avatar and make that avatar surrender any money and other property in its account. That's a serious security breach because many of the 10.5 million registered members of Second Life are trying to make a living in the virtual world by selling goods and services.