Available at Abbotts Aerodrome, SL Exchange, Shop OnRez, and anywhere that Terra Aeronautics products are sold.
Hackers exploit flaw in Apple QuickTime to rob Second Life residents
If you logged into Second Life yesterday, you’ve seen the announcement from Linden Lab:
We were alerted a short time ago that a QuickTime exploit has been discovered which may allow an attacker to crash or exploit the Second Life viewer. The Second Life viewer uses Apple QuickTime to play videos and streaming media. This exploit affects QuickTime usage on every platform that uses it, and to date, Apple has not released a fix for the exploit.
While the Lindens are very clear that this is an exploit in QuickTime and not Second Life specifically, they were less than forthcoming about the exact details of the exploit. Mercury News fills in the details.
Charles Miller…and Dino Dai Zovi…, two experienced hackers, say they have found a vulnerability in the way Second Life protects a user’s money inside the virtual world from being stolen. It has significance because that currency, dubbed Linden dollars, can be converted into real world dollars.
According to Mercury News, QuickTime can be directed to a malicious website that “allows them to take over the Second Life avatar.”
Personally, I’m not clear about how this could work. Each land parcel in Second Life has an associated video stream, so the landowner would have to add the URL to their land — it’s not something a hacker can do without the landowner’s permission. I understand that malicious websites can exploit vulnerabilities in computers, but there’s a big gap between planting a virus and taking complete control of the Second Life client. Assuming that this malicious code is able to do that, one can’t use the Second Life client alone to plant viruses in-world, as Miller says. Many script-kiddies try that daily, and accomplish only annoyances — replicating cubes with offensive pictures, for example. Eventually, those cubes either meet behind-the-scenes defenses and get cleaned up with no harm done — they’re hardly viruses.
This isn’t the first attempt to steal Linden dollars. Previous attempts have been crude scripted objects in-world that depend on residents accidentally granting debit permissions.
To protect your Linden dollars from this hack, open Second Life and click Preferences in the login screen. From there, go to the Audio & Video tab and disable video streaming.
Next up: CTH-200, the ‘copter of a thousand faces
Technically, the new CTH-200 — the third in my new CTH line of helicopters — has aproximately 9600 possible combinations of paint colours, decals, and paint finish. Admittedly, only some of those combinations look good — a pink and orange helicopter with a jolly roger decal is probably not an attractive choice, for example. But the point is, the script lets you browse your options to find the look that’s good for you. The same helicopter can be: search-and-rescue, police, army, heli-tour and more.
It’s just about at the beta testing stage, so I expect it to be finished… sometime soon, depending on how the testing goes. Maybe the weekend? Stay tuned.
CTH-100 releases at noon Wednesday!
Be the first in your sim to own the first ever Terra Aeronautics helicopter: the CTH-100. Be at the Abbotts Aerodrome runway at noon Wednesday to get yours for L$1000.
- Paint script lets you pick two colours and a decal.
- Let anyone fly your helicopter. The lock script lets you choose who can fly: anyone, group members, or just you.
- Heads-up display (HUD) attachment puts the clickable instrument panel on your screen.
- Rotor damage detection means rotor strikes cause damage to your helicopter. (You can turn this off in the options menu.)
- Popup options menu.
- Smooth, easy flight model. If you can fly your avatar, you can fly this helicopter.
- Splash and sink if you hit the water… then click a single button to recover.
Hey look! My first helicopter!
Isn’t it weird that after over four years of making vehicles in Second Life, this is the first time I’ve built a helicopter? I suppose I might have avoided them in the past because a helicopter script — a really good helicopter script — is hard to make. It’s not enough to just hover and slide forward and back. When real helicopters fly, they pitch and bank in response to thrust vectors. That’s surprisingly difficult to reproduce in Second Life.
Another reason why I’ve avoided helicopters: SL is swamped with the things. If I make a helicopter, it has to fly better than anything out there. Many helicopters use “mouselook steering”, which means that you switch to the first person view and the helicopter points in whatever direction you point your mouse. While that’s nice for combat, it looks really odd — real helicopters can’t hover in one spot while tilting 45 degrees to look at the ground. The accuracy of mouselook control is nice, but it looks really dumb.
For mine, I opt to use keyboard controls — controls that are familiar to anyone in SL as normal avatar flight controls. Even novice pilots should be able to hop in and fly away.
I’m tentatively calling this basic model the Terra CTH-100, following the obscure model numbers preferred by real life helicopter makers. I’m happy so far with the natural feel to the flight model, and it will include all of the features that make my other aircraft popular: the ability to let any other avatar fly it, an owner/group lock, a paint menu, decal-changer, and two very comfortable seats.
Expect to see the CTH-100 in a week or so at Abbotts Aerodrome and all other Terra Aeronautics locations across SL.