Charles Miller and Dino Dai Zovi have declared they have found a way to hack into secondlife users accounts. LL have stated however that the risks are minimal as the vulnerability can easily be patched.
Miller and Zovi, both security consultants, have experience in hacking. Zovi is quoted as saying "It's not kindergarten work, but this is pretty easy to do"
Linden Labs informed residents of this vulnerability and there has been talk of recompense if your Linden Dollars are stolen this way.
"While we have no evidence that this vulnerability has been used to date within Second Life, we of course want to make sure our residents are aware of the facts, and give them guidance on how they can protect themselves," a statement said.
The hack works by exploiting the fact residents can embed pictures and video in their property, QuickTime directs the Second Life software to a Web site. By exploiting the flaw in QuickTime, the hackers can direct the Second Life software to a malicious Web site that then allows them to make an avatar hand over its Linden cash and possibly virtual property. The range of the hack is about 100 virtual feet with the victim having no idea what is happening until its too late.
What should we do as residents? The 'play streaming video when available' is easily turned off through the preferences panel and until such time as we are assured this hole has been plugged I would recommend this, if you do want to watch a movie within SL then turn it on manually thereby greatly reducing your risk.