Presentation Title: Hacking ‘Second Life’
Beyond being an online game SecondLife is a growing marketplace for big companies where lot of money is made. And living and acting in a virtual world gives the people the opportunity to do things they would never do in real life. Therefore, it is not surprising that SecondLife has increasingly attracted real world hackers.
The talk will cover the basic architecture of SecondLife and point out the possible attack vectors against SecondLife itself, but will also demonstrate hacks from the inside of SecondLife against real-life systems in the internet. So watch out what virtualization can do for the “Bad Guys”.
Michael Thumann is Chief Security Officer and head of the ERNW “Research” and “Pen-Test” teams. He has published security advisories regarding topics like ‘Cracking IKE Prshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas?a Cisco Password Cracker’, ‘ikeprobe - IKE PSK Vulnerability Scanner’ or ‘dnsdigger - a DNS information gathering tool’) and his experience with the community.
Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at German universities.
In addition to his daily pentesting tasks he is a regular conference-speaker and has also contributed exploit code to the Metasploit Framework. In 2007 Michael published the first Proof of Concept tool to access Cisco NAC protected networks. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level.
Past Conferences as speaker:
Blackhat 2007 Amsterdam
Blackhat 2007 Las Vegas
HITB 2007 Kuala Lumpur
Daycon 2007 Dayton (Ohio)
SecTor 2007 Toronto
Please have a look at our web site for list of papers and publications (www.ernw.de)